From dd0c32dbc8a8dee8d869405e93a23627d7027aec Mon Sep 17 00:00:00 2001 From: colton-herrod-bayer <113554199+colton-herrod-bayer@users.noreply.github.com> Date: Thu, 9 May 2024 12:04:12 -0500 Subject: [PATCH] Initial migration work (#1) * definition update, redundant library removal, renaming setup.py, minor test tweaks from pytest recommendations * first draft of test workflow * bumping pyyaml * pinning python version * splitting test into its own step * Update .github/workflows/test.yml Co-authored-by: roshini-saravanakumar <114094961+roshini-saravanakumar@users.noreply.github.com> * url update * classifiers * addressing comments * more renaming * pipeline changes, resetting version * additional gitignore directories --------- Co-authored-by: roshini-saravanakumar <114094961+roshini-saravanakumar@users.noreply.github.com> --- .coveragerc | 4 +- .github/workflows/publish.yml | 40 +- .github/workflows/test.yml | 21 + .gitignore | 4 +- bin/parliament | 2 +- {parliament => parliamentarian}/__init__.py | 2 +- {parliament => parliamentarian}/cli.py | 4 +- .../community_auditors/__init__.py | 0 .../advanced_policy_elements.py | 2 +- .../community_auditors/config_override.yaml | 0 .../credentials_exposure.py | 0 .../permissions_management.py | 0 .../privilege_escalation.py | 0 .../community_auditors/sensitive_access.py | 2 +- .../single_value_condition_too_permissive.py | 4 +- .../tests/test_advanced_policy_elements.py | 2 +- .../tests/test_credentials_exposure.py | 2 +- .../tests/test_permissions_management.py | 2 +- .../tests/test_privilege_escalation.py | 2 +- .../tests/test_sensitive_access.py | 2 +- ...t_single_value_condition_too_permissive.py | 2 +- {parliament => parliamentarian}/config.yaml | 0 {parliament => parliamentarian}/finding.py | 0 .../iam_definition.json | 182358 +++++++++------ {parliament => parliamentarian}/misc.py | 0 {parliament => parliamentarian}/policy.py | 2 +- {parliament => parliamentarian}/statement.py | 0 requirements.txt | 9 +- setup.py | 23 +- tests/scripts/unit_tests.sh | 8 +- tests/unit/test_action_expansion.py | 6 +- tests/unit/test_authorization_file.py | 2 +- tests/unit/test_community_auditors.py | 2 +- tests/unit/test_formatting.py | 2 +- .../unit/test_get_resources_for_privilege.py | 38 +- tests/unit/test_patterns.py | 2 +- tests/unit/test_principals.py | 2 +- tests/unit/test_privilege_data.py | 6 +- tests/unit/test_resource_formatting.py | 4 +- tests/unit/test_resources.py | 2 +- utils/update_iam_data.py | 0 41 files changed, 106574 insertions(+), 75989 deletions(-) create mode 100644 .github/workflows/test.yml rename {parliament => parliamentarian}/__init__.py (99%) rename {parliament => parliamentarian}/cli.py (99%) rename {parliament => parliamentarian}/community_auditors/__init__.py (100%) rename {parliament => parliamentarian}/community_auditors/advanced_policy_elements.py (98%) rename {parliament => parliamentarian}/community_auditors/config_override.yaml (100%) rename {parliament => parliamentarian}/community_auditors/credentials_exposure.py (100%) rename {parliament => parliamentarian}/community_auditors/permissions_management.py (100%) rename {parliament => parliamentarian}/community_auditors/privilege_escalation.py (100%) rename {parliament => parliamentarian}/community_auditors/sensitive_access.py (96%) rename {parliament => parliamentarian}/community_auditors/single_value_condition_too_permissive.py (96%) rename {parliament => parliamentarian}/community_auditors/tests/test_advanced_policy_elements.py (98%) rename {parliament => parliamentarian}/community_auditors/tests/test_credentials_exposure.py (94%) rename {parliament => parliamentarian}/community_auditors/tests/test_permissions_management.py (94%) rename {parliament => parliamentarian}/community_auditors/tests/test_privilege_escalation.py (93%) rename {parliament => parliamentarian}/community_auditors/tests/test_sensitive_access.py (98%) rename {parliament => parliamentarian}/community_auditors/tests/test_single_value_condition_too_permissive.py (94%) rename {parliament => parliamentarian}/config.yaml (100%) rename {parliament => parliamentarian}/finding.py (100%) rename {parliament => parliamentarian}/iam_definition.json (88%) rename {parliament => parliamentarian}/misc.py (100%) rename {parliament => parliamentarian}/policy.py (99%) rename {parliament => parliamentarian}/statement.py (100%) mode change 100644 => 100755 utils/update_iam_data.py diff --git a/.coveragerc b/.coveragerc index 30589fc..2c6fe0b 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,6 +1,6 @@ [run] -source = parliament -omit = parliament/cli.py +source = parliamentarian +omit = parliamentarian/cli.py [report] fail_under = 75 \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3de2da3..5fe308a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -8,24 +8,26 @@ on: types: [created] jobs: - deploy: - + pypi-publish: + name: upload release to PyPI runs-on: ubuntu-latest - + environment: release + permissions: + # IMPORTANT: this permission is mandatory for trusted publishing + id-token: write steps: - - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v1 - with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install setuptools wheel twine - - name: Build and publish - env: - TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} - run: | - python setup.py sdist bdist_wheel - twine upload dist/* + - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v1 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install setuptools wheel twine + - name: Build + run: | + python setup.py sdist bdist_wheel + # retrieve your distributions here + - name: Publish package distribution to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..4ff241b --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,21 @@ +on: + pull_request: + branches: + - main + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v1 + with: + python-version: '3.11' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + make setup + - name: Run test + run: | + make test \ No newline at end of file diff --git a/.gitignore b/.gitignore index 349b137..4103920 100644 --- a/.gitignore +++ b/.gitignore @@ -8,8 +8,10 @@ venv/ .coverage htmlcov/ dist/ +build/ +docs/ .env/ -parliament/private_auditors +parliamentarian/private_auditors tmp/* .idea/* .vscode \ No newline at end of file diff --git a/bin/parliament b/bin/parliament index bf2c848..1cf18f2 100755 --- a/bin/parliament +++ b/bin/parliament @@ -6,5 +6,5 @@ from pathlib import Path path = Path(os.path.abspath(__file__)) sys.path.append(str(path.parent.parent)) -from parliament.cli import main +from parliamentarian.cli import main main() \ No newline at end of file diff --git a/parliament/__init__.py b/parliamentarian/__init__.py similarity index 99% rename from parliament/__init__.py rename to parliamentarian/__init__.py index 5366ef6..0126f4a 100644 --- a/parliament/__init__.py +++ b/parliamentarian/__init__.py @@ -1,7 +1,7 @@ """ This library is a linter for AWS IAM policies. """ -__version__ = "1.6.2" +__version__ = "1.0.0" import fnmatch import functools diff --git a/parliament/cli.py b/parliamentarian/cli.py similarity index 99% rename from parliament/cli.py rename to parliamentarian/cli.py index e5f6001..e1abcd5 100755 --- a/parliament/cli.py +++ b/parliamentarian/cli.py @@ -10,14 +10,14 @@ from os.path import join from pathlib import Path -from parliament import ( +from parliamentarian import ( analyze_policy_string, enhance_finding, override_config, config, __version__, ) -from parliament.misc import make_list +from parliamentarian.misc import make_list logger = logging.getLogger(__name__) diff --git a/parliament/community_auditors/__init__.py b/parliamentarian/community_auditors/__init__.py similarity index 100% rename from parliament/community_auditors/__init__.py rename to parliamentarian/community_auditors/__init__.py diff --git a/parliament/community_auditors/advanced_policy_elements.py b/parliamentarian/community_auditors/advanced_policy_elements.py similarity index 98% rename from parliament/community_auditors/advanced_policy_elements.py rename to parliamentarian/community_auditors/advanced_policy_elements.py index 0f661d2..09d863c 100644 --- a/parliament/community_auditors/advanced_policy_elements.py +++ b/parliamentarian/community_auditors/advanced_policy_elements.py @@ -12,7 +12,7 @@ import jsoncfg -from parliament import Policy +from parliamentarian import Policy def get_stmts(policy: Policy) -> Iterable: diff --git a/parliament/community_auditors/config_override.yaml b/parliamentarian/community_auditors/config_override.yaml similarity index 100% rename from parliament/community_auditors/config_override.yaml rename to parliamentarian/community_auditors/config_override.yaml diff --git a/parliament/community_auditors/credentials_exposure.py b/parliamentarian/community_auditors/credentials_exposure.py similarity index 100% rename from parliament/community_auditors/credentials_exposure.py rename to parliamentarian/community_auditors/credentials_exposure.py diff --git a/parliament/community_auditors/permissions_management.py b/parliamentarian/community_auditors/permissions_management.py similarity index 100% rename from parliament/community_auditors/permissions_management.py rename to parliamentarian/community_auditors/permissions_management.py diff --git a/parliament/community_auditors/privilege_escalation.py b/parliamentarian/community_auditors/privilege_escalation.py similarity index 100% rename from parliament/community_auditors/privilege_escalation.py rename to parliamentarian/community_auditors/privilege_escalation.py diff --git a/parliament/community_auditors/sensitive_access.py b/parliamentarian/community_auditors/sensitive_access.py similarity index 96% rename from parliament/community_auditors/sensitive_access.py rename to parliamentarian/community_auditors/sensitive_access.py index dc7bb23..fc974db 100644 --- a/parliament/community_auditors/sensitive_access.py +++ b/parliamentarian/community_auditors/sensitive_access.py @@ -1,6 +1,6 @@ from collections import defaultdict -from parliament import is_arn_match, expand_action +from parliamentarian import is_arn_match, expand_action def _expand_action(operation): diff --git a/parliament/community_auditors/single_value_condition_too_permissive.py b/parliamentarian/community_auditors/single_value_condition_too_permissive.py similarity index 96% rename from parliament/community_auditors/single_value_condition_too_permissive.py rename to parliamentarian/community_auditors/single_value_condition_too_permissive.py index 5288ae3..5489fa4 100644 --- a/parliament/community_auditors/single_value_condition_too_permissive.py +++ b/parliamentarian/community_auditors/single_value_condition_too_permissive.py @@ -4,8 +4,8 @@ https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_single-vs-multi-valued-condition-keys.html """ import re -from parliament import Policy -from parliament.misc import make_list +from parliamentarian import Policy +from parliamentarian.misc import make_list def audit(policy: Policy) -> None: diff --git a/parliament/community_auditors/tests/test_advanced_policy_elements.py b/parliamentarian/community_auditors/tests/test_advanced_policy_elements.py similarity index 98% rename from parliament/community_auditors/tests/test_advanced_policy_elements.py rename to parliamentarian/community_auditors/tests/test_advanced_policy_elements.py index 5072f18..57ec3c7 100644 --- a/parliament/community_auditors/tests/test_advanced_policy_elements.py +++ b/parliamentarian/community_auditors/tests/test_advanced_policy_elements.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string S3_STAR_FINDINGS = {"PERMISSIONS_MANAGEMENT_ACTIONS", "RESOURCE_MISMATCH"} diff --git a/parliament/community_auditors/tests/test_credentials_exposure.py b/parliamentarian/community_auditors/tests/test_credentials_exposure.py similarity index 94% rename from parliament/community_auditors/tests/test_credentials_exposure.py rename to parliamentarian/community_auditors/tests/test_credentials_exposure.py index 80a84e8..dec5b83 100644 --- a/parliament/community_auditors/tests/test_credentials_exposure.py +++ b/parliamentarian/community_auditors/tests/test_credentials_exposure.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestCredentialsManagement: diff --git a/parliament/community_auditors/tests/test_permissions_management.py b/parliamentarian/community_auditors/tests/test_permissions_management.py similarity index 94% rename from parliament/community_auditors/tests/test_permissions_management.py rename to parliamentarian/community_auditors/tests/test_permissions_management.py index 7d34132..d33d4fe 100644 --- a/parliament/community_auditors/tests/test_permissions_management.py +++ b/parliamentarian/community_auditors/tests/test_permissions_management.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestPermissionsManagement: diff --git a/parliament/community_auditors/tests/test_privilege_escalation.py b/parliamentarian/community_auditors/tests/test_privilege_escalation.py similarity index 93% rename from parliament/community_auditors/tests/test_privilege_escalation.py rename to parliamentarian/community_auditors/tests/test_privilege_escalation.py index cb57ac7..9dbb75a 100644 --- a/parliament/community_auditors/tests/test_privilege_escalation.py +++ b/parliamentarian/community_auditors/tests/test_privilege_escalation.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestPrivilegeEscalation: diff --git a/parliament/community_auditors/tests/test_sensitive_access.py b/parliamentarian/community_auditors/tests/test_sensitive_access.py similarity index 98% rename from parliament/community_auditors/tests/test_sensitive_access.py rename to parliamentarian/community_auditors/tests/test_sensitive_access.py index 163f53b..c2e2d3a 100644 --- a/parliament/community_auditors/tests/test_sensitive_access.py +++ b/parliamentarian/community_auditors/tests/test_sensitive_access.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestSensitiveAccess: diff --git a/parliament/community_auditors/tests/test_single_value_condition_too_permissive.py b/parliamentarian/community_auditors/tests/test_single_value_condition_too_permissive.py similarity index 94% rename from parliament/community_auditors/tests/test_single_value_condition_too_permissive.py rename to parliamentarian/community_auditors/tests/test_single_value_condition_too_permissive.py index c71d67a..08dc504 100644 --- a/parliament/community_auditors/tests/test_single_value_condition_too_permissive.py +++ b/parliamentarian/community_auditors/tests/test_single_value_condition_too_permissive.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestSensitiveAccess: diff --git a/parliament/config.yaml b/parliamentarian/config.yaml similarity index 100% rename from parliament/config.yaml rename to parliamentarian/config.yaml diff --git a/parliament/finding.py b/parliamentarian/finding.py similarity index 100% rename from parliament/finding.py rename to parliamentarian/finding.py diff --git a/parliament/iam_definition.json b/parliamentarian/iam_definition.json similarity index 88% rename from parliament/iam_definition.json rename to parliamentarian/iam_definition.json index 3144ba4..abbe5d7 100644 --- a/parliament/iam_definition.json +++ b/parliamentarian/iam_definition.json @@ -1463,6 +1463,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to check that specified access is not allowed by a policy", + "privilege": "CheckAccessNotGranted", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to check that no new access is allowed when compared to an existing policy", + "privilege": "CheckNoNewAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an access preview for the specified analyzer", @@ -1601,6 +1625,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve statistics for findings", + "privilege": "GetFindingsStatistics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Analyzer*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a policy that was generated using StartPolicyGeneration", @@ -1767,7 +1803,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -1838,7 +1873,7 @@ { "condition": "account:AccountResourceOrgTags/${TagKey}", "description": "Filters access by resource tags for an account in an organization", - "type": "ArrayOfString" + "type": "String" }, { "condition": "account:AlternateContactTypes", @@ -2113,14 +2148,39 @@ }, { "conditions": [ + { + "condition": "acm:CertificateAuthority", + "description": "Filters access by certificateAuthority in the request. Can be used to restrict which Certificate Authorites certificates can be issued from", + "type": "String" + }, + { + "condition": "acm:CertificateTransparencyLogging", + "description": "Filters access by certificateTransparencyLogging option in the request. Default 'ENABLED' if no key is present in the request", + "type": "String" + }, + { + "condition": "acm:DomainNames", + "description": "Filters access by domainNames in the request. This key can be used to restrict which domains can be in certificate requests", + "type": "ArrayOfString" + }, + { + "condition": "acm:KeyAlgorithm", + "description": "Filters access by keyAlgorithm in the request", + "type": "String" + }, + { + "condition": "acm:ValidationMethod", + "description": "Filters access by validationMethod in the request. Default 'EMAIL' if no key is present in the request", + "type": "String" + }, { "condition": "aws:RequestTag/${TagKey}", - "description": "Filter access by the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filter access by tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { @@ -2307,7 +2367,12 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "acm:DomainNames", + "acm:CertificateTransparencyLogging", + "acm:ValidationMethod", + "acm:KeyAlgorithm", + "acm:CertificateAuthority" ], "dependent_actions": [], "resource_type": "" @@ -2354,22 +2419,22 @@ "conditions": [ { "condition": "acm-pca:TemplateArn", - "description": "Filters issue certificate requests based on the presence of TemplateArn in the request", - "type": "String" + "description": "Filters access by the arn of the certificate template used in Issue Certificate request", + "type": "ARN" }, { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters create requests based on the allowed set of values for each of the tags", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], @@ -3387,7 +3452,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobs" + "resource_type": "domains" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhooks" } ] }, @@ -3457,7 +3527,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobs" + "resource_type": "domains" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhooks" }, { "condition_keys": [ @@ -3487,7 +3562,12 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobs" + "resource_type": "domains" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhooks" }, { "condition_keys": [ @@ -3608,7 +3688,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backend*" + "resource_type": "created-backend*" } ] }, @@ -3682,6 +3762,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "environment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storage*" } ] }, @@ -3694,6 +3779,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "backend*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token*" } ] }, @@ -3789,6 +3879,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "backend*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token*" } ] }, @@ -3940,6 +4035,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "backend*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "token*" } ] }, @@ -4143,42 +4243,47 @@ ], "resources": [ { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/*", + "condition_keys": [], + "resource": "created-backend" + }, + { + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/*", "condition_keys": [], "resource": "backend" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/environments", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/environments/*", "condition_keys": [], "resource": "environment" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/api", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/api/*", "condition_keys": [], "resource": "api" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/auth", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/auth/*", "condition_keys": [], "resource": "auth" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/job", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/job/*", "condition_keys": [], "resource": "job" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/config/*", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/config/*", "condition_keys": [], "resource": "config" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/token", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/challenge/*", "condition_keys": [], "resource": "token" }, { - "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:backend/${AppId}/storage", + "arn": "arn:${Partition}:amplifybackend:${Region}:${Account}:/backend/${AppId}/storage/*", "condition_keys": [], "resource": "storage" } @@ -4187,6 +4292,21 @@ }, { "conditions": [ + { + "condition": "amplifyuibuilder:CodegenJobResourceAppId", + "description": "Filters access by the app ID", + "type": "String" + }, + { + "condition": "amplifyuibuilder:CodegenJobResourceEnvironmentName", + "description": "Filters access by the backend environment name", + "type": "String" + }, + { + "condition": "amplifyuibuilder:CodegenJobResourceId", + "description": "Filters access by the codegen job ID", + "type": "String" + }, { "condition": "amplifyuibuilder:ComponentResourceAppId", "description": "Filters access by the app ID", @@ -4261,7 +4381,9 @@ "aws:TagKeys" ], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:GetComponent", + "amplifyuibuilder:TagResource" ], "resource_type": "" } @@ -4278,7 +4400,10 @@ "aws:TagKeys" ], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:GetForm", + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" ], "resource_type": "" } @@ -4295,7 +4420,9 @@ "aws:TagKeys" ], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:GetTheme", + "amplifyuibuilder:TagResource" ], "resource_type": "" } @@ -4309,7 +4436,8 @@ { "condition_keys": [], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:UntagResource" ], "resource_type": "ComponentResource*" } @@ -4323,7 +4451,9 @@ { "condition_keys": [], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" ], "resource_type": "FormResource*" } @@ -4337,12 +4467,25 @@ { "condition_keys": [], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:UntagResource" ], "resource_type": "ThemeResource*" } ] }, + { + "access_level": "Write", + "description": "Grants permission to exchange a code for a token", + "privilege": "ExchangeCodeForToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to export components", @@ -4379,6 +4522,20 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an existing codegen job", + "privilege": "GetCodegenJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "amplify:GetApp" + ], + "resource_type": "CodegenJobResource*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get an existing component", @@ -4433,6 +4590,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list codegen jobs", + "privilege": "ListCodegenJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "amplify:GetApp" + ], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list components", @@ -4461,6 +4632,33 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list tags for a specified Amazon Resource Name (ARN)", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CodegenJobResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FormResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource" + } + ] + }, { "access_level": "List", "description": "Grants permission to list themes", @@ -4487,6 +4685,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to refresh an access token", + "privilege": "RefreshToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to reset an existing metadata", @@ -4499,6 +4709,92 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a codegen job", + "privilege": "StartCodegenJob", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "amplify:GetApp" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag the resource with a tag key and value", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CodegenJobResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FormResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource with a specified Amazon Resource Name (ARN)", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CodegenJobResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ComponentResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FormResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ThemeResource" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a component", @@ -4507,7 +4803,9 @@ { "condition_keys": [], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" ], "resource_type": "ComponentResource*" } @@ -4521,7 +4819,10 @@ { "condition_keys": [], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:GetForm", + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" ], "resource_type": "FormResource*" } @@ -4535,7 +4836,10 @@ { "condition_keys": [], "dependent_actions": [ - "amplify:GetApp" + "amplify:GetApp", + "amplifyuibuilder:GetTheme", + "amplifyuibuilder:TagResource", + "amplifyuibuilder:UntagResource" ], "resource_type": "ThemeResource*" } @@ -4543,6 +4847,16 @@ } ], "resources": [ + { + "arn": "arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/codegen-jobs/${Id}", + "condition_keys": [ + "amplifyuibuilder:CodegenJobResourceAppId", + "amplifyuibuilder:CodegenJobResourceEnvironmentName", + "amplifyuibuilder:CodegenJobResourceId", + "aws:ResourceTag/${TagKey}" + ], + "resource": "CodegenJobResource" + }, { "arn": "arn:${Partition}:amplifyuibuilder:${Region}:${Account}:app/${AppId}/environment/${EnvironmentName}/components/${Id}", "condition_keys": [ @@ -4635,6 +4949,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the information about a lifecycle policy applied to one or more AOSS resources", + "privilege": "BatchGetEffectiveLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about one or more lifecycle policies", + "privilege": "BatchGetLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get attributes for one or more VPC endpoints", @@ -4653,7 +4991,10 @@ "privilege": "CreateAccessPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], "dependent_actions": [], "resource_type": "" } @@ -4674,6 +5015,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a lifecycle policy", + "privilege": "CreateLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a serverless security configuration", @@ -4692,7 +5048,9 @@ "privilege": "CreateSecurityPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection" + ], "dependent_actions": [], "resource_type": "" } @@ -4728,7 +5086,10 @@ "privilege": "DeleteAccessPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], "dependent_actions": [], "resource_type": "" } @@ -4746,6 +5107,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a lifecycle policy", + "privilege": "DeleteLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a security configuration", @@ -4764,7 +5140,9 @@ "privilege": "DeleteSecurityPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection" + ], "dependent_actions": [], "resource_type": "" } @@ -4788,7 +5166,10 @@ "privilege": "GetAccessPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], "dependent_actions": [], "resource_type": "" } @@ -4836,7 +5217,9 @@ "privilege": "GetSecurityPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection" + ], "dependent_actions": [], "resource_type": "" } @@ -4866,6 +5249,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list lifecycle policies", + "privilege": "ListLifecyclePolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list security configurations", @@ -4949,7 +5344,10 @@ "privilege": "UpdateAccessPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], "dependent_actions": [], "resource_type": "" } @@ -4979,6 +5377,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a lifecycle policy", + "privilege": "UpdateLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [ + "aoss:collection", + "aoss:index" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a security configuration", @@ -4997,7 +5410,9 @@ "privilege": "UpdateSecurityPolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aoss:collection" + ], "dependent_actions": [], "resource_type": "" } @@ -5257,6 +5672,11 @@ "dependent_actions": [], "resource_type": "Stage" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLink" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -5406,6 +5826,16 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "Stages" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLink" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLinks" } ] }, @@ -5469,6 +5899,11 @@ "dependent_actions": [], "resource_type": "Stage" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLink" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -5534,6 +5969,11 @@ "dependent_actions": [], "resource_type": "Stages" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VpcLinks" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -5573,7 +6013,9 @@ "resources": [ { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/accesslogsettings", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "AccessLogSettings" }, { @@ -5647,12 +6089,16 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/cache/authorizers", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "AuthorizersCache" }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/cors", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Cors" }, { @@ -5672,7 +6118,9 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/exports/${Specification}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "ExportedAPI" }, { @@ -5691,12 +6139,16 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "IntegrationResponse" }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "IntegrationResponses" }, { @@ -5715,7 +6167,9 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/template", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "ModelTemplate" }, { @@ -5740,22 +6194,30 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "RouteResponse" }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "RouteResponses" }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "RouteRequestParameter" }, { "arn": "arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/routesettings/${RouteKey}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "RouteSettings" }, { @@ -5777,6 +6239,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "Stages" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/vpclinks/${VpcLinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VpcLink" + }, + { + "arn": "arn:${Partition}:apigateway:${Region}::/vpclinks", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VpcLinks" } ], "service_name": "Amazon API Gateway Management V2" @@ -6700,7 +7176,8 @@ { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/deployments", "condition_keys": [ - "apigateway:Request/StageName" + "apigateway:Request/StageName", + "aws:ResourceTag/${TagKey}" ], "resource": "Deployments" }, @@ -6720,12 +7197,16 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions/${DocumentationVersionId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "DocumentationVersion" }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/documentation/versions", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "DocumentationVersions" }, { @@ -6777,7 +7258,9 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/integration/responses/${StatusCode}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "IntegrationResponse" }, { @@ -6793,7 +7276,9 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/resources/${ResourceId}/methods/${HttpMethodType}/responses/${StatusCode}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "MethodResponse" }, { @@ -6812,12 +7297,16 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators/${RequestValidatorId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "RequestValidator" }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/requestvalidators", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "RequestValidators" }, { @@ -6871,7 +7360,9 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}/sdks/${SdkType}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Sdk" }, { @@ -6896,7 +7387,9 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/restapis/models/${ModelName}/template", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Template" }, { @@ -6915,12 +7408,16 @@ }, { "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys/${Id}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "UsagePlanKey" }, { "arn": "arn:${Partition}:apigateway:${Region}::/usageplans/${UsagePlanId}/keys", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "UsagePlanKeys" }, { @@ -6965,6 +7462,50 @@ ], "prefix": "app-integrations", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new Application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an ApplicationAssociation", + "privilege": "CreateApplicationAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new DataIntegration", @@ -6978,7 +7519,10 @@ "iam:AttachRolePolicy", "iam:CreateServiceLinkedRole", "iam:PutRolePolicy", - "kms:CreateGrant" + "kms:CreateGrant", + "s3:GetBucketNotification", + "s3:GetEncryptionConfiguration", + "s3:PutBucketNotification" ], "resource_type": "data-integration*" }, @@ -7008,6 +7552,14 @@ "appflow:UseConnectorProfile" ], "resource_type": "data-integration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -7047,6 +7599,45 @@ "events:PutTargets" ], "resource_type": "event-integration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Application", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an ApplicationAssociation", + "privilege": "DeleteApplicationAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application-association*" } ] }, @@ -7124,6 +7715,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view details about Application", + "privilege": "GetApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view details about DataIntegrations", @@ -7162,6 +7772,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list ApplicationAssociations", + "privilege": "ListApplicationAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Applications", + "privilege": "ListApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list DataIntegrationAssociations", @@ -7215,6 +7849,11 @@ "description": "Grants permission to lists tag for an Amazon AppIntegration resource", "privilege": "ListTagsForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, { "condition_keys": [], "dependent_actions": [], @@ -7249,6 +7888,16 @@ "description": "Grants permission to tag an Amazon AppIntegration resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -7285,6 +7934,16 @@ "description": "Grants permission to untag an Amazon AppIntegration resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application-association" + }, { "condition_keys": [], "dependent_actions": [], @@ -7315,6 +7974,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify an Application", + "privilege": "UpdateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify a DataIntegration", @@ -7382,6 +8060,20 @@ "aws:ResourceTag/${TagKey}" ], "resource": "data-integration-association" + }, + { + "arn": "arn:${Partition}:app-integrations:${Region}:${Account}:application/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + }, + { + "arn": "arn:${Partition}:app-integrations:${Region}:${Account}:application-association/${ApplicationId}/${ApplicationAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application-association" } ], "service_name": "Amazon AppIntegrations" @@ -8402,17 +9094,17 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], @@ -8432,7 +9124,7 @@ }, { "access_level": "Write", - "description": "Grants permission to connect application authorizations", + "description": "Grants permission to connect app authorizations", "privilege": "ConnectAppAuthorization", "resource_types": [ { @@ -8444,7 +9136,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create application authorizations for application bundles", + "description": "Grants permission to create app authorizations for app bundles", "privilege": "CreateAppAuthorization", "resource_types": [ { @@ -8464,7 +9156,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create application bundles in your account", + "description": "Grants permission to create app bundles in your account", "privilege": "CreateAppBundle", "resource_types": [ { @@ -8484,7 +9176,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create ingestions for application bundles", + "description": "Grants permission to create ingestions for app bundles", "privilege": "CreateIngestion", "resource_types": [ { @@ -8504,7 +9196,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create ingestion destinations for application bundles", + "description": "Grants permission to create ingestion destinations for app bundles", "privilege": "CreateIngestionDestination", "resource_types": [ { @@ -8529,7 +9221,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete application authorizations within an application bundle", + "description": "Grants permission to delete app authorizations within an app bundle", "privilege": "DeleteAppAuthorization", "resource_types": [ { @@ -8541,7 +9233,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete application bundles in your account", + "description": "Grants permission to delete app bundles in your account", "privilege": "DeleteAppBundle", "resource_types": [ { @@ -8553,7 +9245,7 @@ }, { "access_level": "Write", - "description": "Grants permission to delete ingestions within an application bundle", + "description": "Grants permission to delete ingestions within an app bundle", "privilege": "DeleteIngestion", "resource_types": [ { @@ -8577,7 +9269,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about application authorizations", + "description": "Grants permission to view details about app authorizations", "privilege": "GetAppAuthorization", "resource_types": [ { @@ -8601,7 +9293,7 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about application bundles", + "description": "Grants permission to view details about app bundles", "privilege": "GetAppBundle", "resource_types": [ { @@ -8673,7 +9365,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of application authorizations within an application bundle", + "description": "Grants permission to retrieve a list of app authorizations within an app bundle", "privilege": "ListAppAuthorizations", "resource_types": [ { @@ -8685,7 +9377,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of application bundles in your account", + "description": "Grants permission to retrieve a list of app bundles in your account", "privilege": "ListAppBundles", "resource_types": [ { @@ -8714,7 +9406,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of ingestions within an application bundle", + "description": "Grants permission to retrieve a list of ingestions within an app bundle", "privilege": "ListIngestions", "resource_types": [ { @@ -8726,7 +9418,7 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for AppFabric resouces", + "description": "Grants permission to list tags for AppFabric resources", "privilege": "ListTagsForResource", "resource_types": [ { @@ -8859,7 +9551,7 @@ }, { "access_level": "Write", - "description": "Grants permission to update application authorizations within application bundles", + "description": "Grants permission to update app authorizations within app bundles", "privilege": "UpdateAppAuthorization", "resource_types": [ { @@ -8927,14 +9619,14 @@ "resource": "appauthorization" }, { - "arn": "arn:${Partition}:appfabric:${Region}:${Account}:appbundle/${AppbundleId}/ingestion/${AppAuthorizationIdentifier}", + "arn": "arn:${Partition}:appfabric:${Region}:${Account}:appbundle/${AppbundleId}/ingestion/${IngestionIdentifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "ingestion" }, { - "arn": "arn:${Partition}:appfabric:${Region}:${Account}:appbundle/${AppbundleId}/ingestion/${AppAuthorizationIdentifier}/ingestiondestination/${IngestionDestinationIdentifier}", + "arn": "arn:${Partition}:appfabric:${Region}:${Account}:appbundle/${AppbundleId}/ingestion/${IngestionIdentifier}/ingestiondestination/${IngestionDestinationIdentifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -9545,7 +10237,7 @@ ] }, { - "access_level": "Tagging", + "access_level": "Read", "description": "Grants permission to list tags for a scalable target", "privilege": "ListTagsForResource", "resource_types": [ @@ -9751,6 +10443,182 @@ "resources": [], "service_name": "AWS Application Cost Profiler Service" }, + { + "conditions": [], + "prefix": "application-transformation", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get the details of all Containerization jobs", + "privilege": "GetContainerization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the details of all Deployment jobs", + "privilege": "GetDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Get the details of a Grouping Assessment Operation", + "privilege": "GetGroupingAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Get Porting Compatibility Operation", + "privilege": "GetPortingCompatibilityAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Get the details of a Porting Recommendation Assessment Operation", + "privilege": "GetPortingRecommendationAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Get the details of a Runtime Assessment Operation", + "privilege": "GetRuntimeAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Push Logs (Intended for Clients Only)", + "privilege": "PutLogData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Push Metrics Data (Intended for Clients Only)", + "privilege": "PutMetricData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a Containerization job", + "privilege": "StartContainerization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a Deployment job", + "privilege": "StartDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Start a Grouping Assessment Operation", + "privilege": "StartGroupingAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Start Porting Compatibility Operation", + "privilege": "StartPortingCompatibilityAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Start the Porting Recommendation Assessment Operation", + "privilege": "StartPortingRecommendationAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Start a Runtime Assessment Operation", + "privilege": "StartRuntimeAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Application Transformation Service" + }, { "conditions": [ { @@ -9771,6 +10639,18 @@ ], "prefix": "applicationinsights", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add a workload", + "privilege": "AddWorkload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an application from a resource group", @@ -9939,6 +10819,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a workload", + "privilege": "DescribeWorkload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to share Application Insights resources with a monitoring account", @@ -10035,6 +10927,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list workloads", + "privilege": "ListWorkloads", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a workload", + "privilege": "RemoveWorkload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a resource", @@ -10111,6 +11027,30 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a problem", + "privilege": "UpdateProblem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a workload", + "privilege": "UpdateWorkload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [], @@ -10142,7 +11082,10 @@ "privilege": "CreateGatewayRoute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "gatewayRoute*" }, @@ -10150,14 +11093,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "virtualService" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -10187,7 +11122,10 @@ "privilege": "CreateRoute", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "route*" }, @@ -10195,14 +11133,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "virtualNode" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -10232,7 +11162,10 @@ "privilege": "CreateVirtualNode", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "virtualNode*" }, @@ -10240,14 +11173,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "virtualService" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -10277,7 +11202,10 @@ "privilege": "CreateVirtualService", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "virtualService*" }, @@ -10290,14 +11218,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "virtualRouter" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -10325,6 +11245,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the RAM access control policy for a mesh", + "privilege": "DeleteMeshPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mesh*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing route", @@ -10469,6 +11401,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read the RAM access control policy for a mesh", + "privilege": "GetMeshPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mesh*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list existing gateway routes in a service mesh", @@ -10595,6 +11539,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to define the RAM access control policy for a mesh", + "privilege": "PutMeshPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mesh*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to receive streamed resources for an App Mesh endpoint (VirtualNode/VirtualGateway)", @@ -11006,6 +11962,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete the RAM access control policy for a mesh", + "privilege": "DeleteMeshPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mesh*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing route", @@ -11150,6 +12118,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read the RAM access control policy for a mesh", + "privilege": "GetMeshPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mesh*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list existing gateway routes in a service mesh", @@ -11234,6 +12214,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to define the RAM access control policy for a mesh", + "privilege": "PutMeshPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mesh*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to receive streamed resources for an App Mesh endpoint (VirtualNode/VirtualGateway)", @@ -11890,6 +12882,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of associated AppRunner services of an AWS App Runner automatic scaling configuration in your AWS account", + "privilege": "ListServicesForAutoScalingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "autoscalingconfiguration*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags associated with an AWS App Runner resource", @@ -12071,6 +13075,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an AWS App Runner automatic scaling configuration to be the default in your AWS account", + "privilege": "UpdateDefaultAutoScalingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "autoscalingconfiguration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an AWS App Runner service resource", @@ -13986,6 +15002,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a data source introspection", + "privilege": "GetDataSourceIntrospection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to read information about a custom domain name in AppSync", @@ -14029,6 +15057,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the environment variables for a GraphQL API", + "privilege": "GetGraphqlApiEnvironmentVariables", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the introspection schema for a GraphQL API", @@ -14257,6 +15297,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the environment variables for a GraphQL API", + "privilege": "PutGraphqlApiEnvironmentVariables", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set a resource policy", @@ -14298,6 +15350,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to introspect a data source", + "privilege": "StartDataSourceIntrospection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add a new schema to your GraphQL API. This operation is asynchronous - GetSchemaCreationStatus can show when it has completed", @@ -14633,6 +15697,38 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a scraper", + "privilege": "CreateScraper", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "aps:TagResource", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "eks:DescribeCluster", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a workspace", @@ -14724,6 +15820,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a scraper", + "privilege": "DeleteScraper", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a workspace", @@ -14800,6 +15915,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a scraper", + "privilege": "DescribeScraper", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a workspace", @@ -14857,6 +15991,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get default scraper configuration", + "privilege": "GetDefaultScraperConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve AMP workspace labels", @@ -15047,6 +16193,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list scrapers", + "privilege": "ListScrapers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags on an AMP resource", @@ -15057,6 +16215,11 @@ "dependent_actions": [], "resource_type": "rulegroupsnamespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper" + }, { "condition_keys": [], "dependent_actions": [], @@ -15189,6 +16352,11 @@ "dependent_actions": [], "resource_type": "rulegroupsnamespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper" + }, { "condition_keys": [], "dependent_actions": [], @@ -15214,6 +16382,11 @@ "dependent_actions": [], "resource_type": "rulegroupsnamespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scraper" + }, { "condition_keys": [], "dependent_actions": [], @@ -15221,8 +16394,7 @@ }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -15286,6 +16458,22 @@ "aws:TagKeys" ], "resource": "rulegroupsnamespace" + }, + { + "arn": "arn:${Partition}:aps:${Region}:${Account}:scraper/${ScraperId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "scraper" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" } ], "service_name": "Amazon Managed Service for Prometheus" @@ -15330,6 +16518,59 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a practice run configuration", + "privilege": "CreatePracticeRunConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudwatch:DescribeAlarms", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "ALB*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NLB*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a practice run configuration", + "privilege": "DeletePracticeRunConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ALB*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NLB*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a managed resource", @@ -15355,6 +16596,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list active and completed autoshifts", + "privilege": "ListAutoshifts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list managed resources", @@ -15404,6 +16657,59 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a practice run configuration", + "privilege": "UpdatePracticeRunConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudwatch:DescribeAlarms", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "ALB*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NLB*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a zonal autoshift status", + "privilege": "UpdateZonalAutoshiftConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ALB*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "NLB*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing zonal shift", @@ -15471,7 +16777,18 @@ "service_name": "Application Discovery Arsenal" }, { - "conditions": [], + "conditions": [ + { + "condition": "artifact:ReportCategory", + "description": "Filters access by which category reports are associated with", + "type": "String" + }, + { + "condition": "artifact:ReportSeries", + "description": "Filters access by which series reports are associated with", + "type": "String" + } + ], "prefix": "artifact", "privileges": [ { @@ -15515,6 +16832,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the account settings for Artifact", + "privilege": "GetAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to download a report", @@ -15563,6 +16892,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put account settings for Artifact", + "privilege": "PutAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to terminate a customer agreement that was previously accepted by the customer account", @@ -15593,7 +16934,7 @@ "resource": "agreement" }, { - "arn": "arn:${Partition}:artifact:${Region}::report/*", + "arn": "arn:${Partition}:artifact:${Region}::report/${ReportId}:${Version}", "condition_keys": [], "resource": "report" } @@ -15668,6 +17009,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel query execution. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StopQueryExecution otherwise", + "privilege": "CancelQueryExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workgroup*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a capacity reservation", @@ -15920,6 +17273,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetCatalogs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a datacatalog", @@ -15944,6 +17309,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to enable access to the specified database and table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetExecutionEngine", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetExecutionEngines", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about the specified named query", @@ -15956,6 +17345,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to enable access to the specified database and table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to enable access to databases and tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetNamespaces", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get notebook metadata", @@ -15992,6 +17405,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get query executions. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use ListQueryExecutions otherwise", + "privilege": "GetQueryExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the query results", @@ -16052,6 +17477,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to enable access to the specified table. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetTable", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a metadata about a table for a given datacatalog", @@ -16064,6 +17501,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to enable access to tables. Applies only to AWS services managed policy and principals that use an Athena JDBC driver version 1.1.0", + "privilege": "GetTables", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a workgroup", @@ -16307,6 +17756,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to run a query. Deprecated. Applies only to AWS services and principals that use Athena JDBC driver earlier than 1.1.0. Use StartQueryExecution otherwise", + "privilege": "RunQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start a calculation execution", @@ -18951,6 +20412,139 @@ }, { "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "aws-marketplace", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to list tags for a deployment parameter resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DeploymentParameter" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update a deployment parameter resource", + "privilege": "PutDeploymentParameter", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "aws-marketplace:TagResource" + ], + "resource_type": "DeploymentParameter*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a deployment parameter resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "DeploymentParameter*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a deployment parameter resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "DeploymentParameter*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:aws-marketplace:${Region}:${Account}:DeploymentParameter:catalogs/${CatalogName}/products/${ProductId}/${ResourceId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "DeploymentParameter" + } + ], + "service_name": "AWS Marketplace Deployment Service" + }, + { + "conditions": [ + { + "condition": "aws-marketplace:Intent", + "description": "Filters access by the Intent parameter in the StartChangeSet request", + "type": "String" + }, { "condition": "aws:RequestTag/${TagKey}", "description": "Filters access by the tags that are passed in the request", @@ -19010,6 +20604,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return the details of an existing assessment", + "privilege": "DescribeAssessment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return the details of an existing change set", @@ -19058,6 +20664,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list existing assessments", + "privilege": "ListAssessments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list existing change sets", @@ -19136,6 +20754,7 @@ { "condition_keys": [ "catalog:ChangeType", + "aws-marketplace:Intent", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -19384,7 +21003,7 @@ "privileges": [ { "access_level": "Read", - "description": "Retrieves entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", + "description": "Grants permission to retrieve entitlement values for a given product. The results can be filtered based on customer identifier or product dimensions", "privilege": "GetEntitlements", "resource_types": [ { @@ -19676,7 +21295,7 @@ } ], "resources": [], - "service_name": "AWS Billing and Cost Management Console" + "service_name": "AWS Billing Console" }, { "conditions": [], @@ -19722,6 +21341,480 @@ "resources": [], "service_name": "AWS Connector Service" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "b2bi", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a capability", + "privilege": "CreateCapability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a partnership", + "privilege": "CreatePartnership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a profile", + "privilege": "CreateProfile", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a transformer", + "privilege": "CreateTransformer", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a capability", + "privilege": "DeleteCapability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an partnership", + "privilege": "DeletePartnership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "partnership*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a profile", + "privilege": "DeleteProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transformer", + "privilege": "DeleteTransformer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a capability", + "privilege": "GetCapability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a partnership", + "privilege": "GetPartnership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "partnership*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a profile", + "privilege": "GetProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a transformer", + "privilege": "GetTransformer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a transformer job", + "privilege": "GetTransformerJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all capabilities", + "privilege": "ListCapabilities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all partnerships", + "privilege": "ListPartnerships", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all profiles", + "privilege": "ListProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a B2Bi resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "partnership" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all transformers", + "privilege": "ListTransformers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to transformer a document", + "privilege": "StartTransformerJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a B2Bi resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "partnership" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to map a sample file", + "privilege": "TestMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to parse an edi document", + "privilege": "TestParsing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a B2Bi resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "partnership" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a capability", + "privilege": "UpdateCapability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a partnership", + "privilege": "UpdatePartnership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "partnership*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capability" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a profile", + "privilege": "UpdateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a transformer", + "privilege": "UpdateTransformer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "transformer*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:b2bi:${Region}:${Account}:profile/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "profile" + }, + { + "arn": "arn:${Partition}:b2bi:${Region}:${Account}:capability/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "capability" + }, + { + "arn": "arn:${Partition}:b2bi:${Region}:${Account}:partnership/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "partnership" + }, + { + "arn": "arn:${Partition}:b2bi:${Region}:${Account}:transformer/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "transformer" + } + ], + "service_name": "AWS B2B Data Interchange" + }, { "conditions": [ { @@ -19758,6 +21851,16 @@ "condition": "backup:FrameworkArns", "description": "Filters access by the Framework ARNs", "type": "ArrayOfARN" + }, + { + "condition": "backup:MaxRetentionDays", + "description": "Filters access by the value of the MaxRetentionDays parameter", + "type": "Numeric" + }, + { + "condition": "backup:MinRetentionDays", + "description": "Filters access by the value of the MinRetentionDays parameter", + "type": "Numeric" } ], "prefix": "backup", @@ -19779,6 +21882,11 @@ "description": "Grants permission to copy from a backup vault", "privilege": "CopyFromBackupVault", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recoveryPoint*" + }, { "condition_keys": [ "backup:CopyTargets", @@ -19794,6 +21902,11 @@ "description": "Grants permission to copy into a backup vault", "privilege": "CopyIntoBackupVault", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}" @@ -19897,6 +22010,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new logically air-gapped backup vault, a logical container where backups are stored", + "privilege": "CreateLogicallyAirGappedBackupVault", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "backup:MinRetentionDays", + "backup:MaxRetentionDays" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new report plan", @@ -19918,6 +22053,40 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new restore testing plan", + "privilege": "CreateRestoreTestingPlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new resource assignment in a restore testing plan", + "privilege": "CreateRestoreTestingSelection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "restoreTestingPlan*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a backup plan", @@ -19990,6 +22159,18 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete backup vault sharing policy", + "privilege": "DeleteBackupVaultSharingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a framework", @@ -20026,6 +22207,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a restore testing plan", + "privilege": "DeleteRestoreTestingPlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource assignment from a restore testing plan", + "privilege": "DeleteRestoreTestingSelection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a backup job", @@ -20266,6 +22471,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get backup vault sharing policy", + "privilege": "GetBackupVaultSharingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a legal hold", @@ -20290,6 +22507,54 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the restore metadata associated with a restore job", + "privilege": "GetRestoreJobMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get inferred metadata generated by restore testing", + "privilege": "GetRestoreTestingInferredMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a restore testing plan", + "privilege": "GetRestoreTestingPlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a restore testing plan resource assignment", + "privilege": "GetRestoreTestingSelection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get supported resource types", @@ -20302,6 +22567,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list backup job summaries", + "privilege": "ListBackupJobSummaries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list backup jobs", @@ -20374,6 +22651,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list copy job summaries", + "privilege": "ListCopyJobSummaries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list copy jobs", @@ -20422,6 +22711,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list protected resources inside a backup vault", + "privilege": "ListProtectedResourcesByBackupVault", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list recovery points inside a backup vault", @@ -20484,7 +22785,19 @@ }, { "access_level": "List", - "description": "Grants permission to lists restore jobs", + "description": "Grants permission to list restore job summaries", + "privilege": "ListRestoreJobSummaries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list restore jobs", "privilege": "ListRestoreJobs", "resource_types": [ { @@ -20494,6 +22807,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list restore jobs for a protected resource", + "privilege": "ListRestoreJobsByProtectedResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list restore testing plans", + "privilege": "ListRestoreTestingPlans", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list resource assignments for a specific restore testing plan", + "privilege": "ListRestoreTestingSelections", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags for a resource", @@ -20528,6 +22877,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "reportPlan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan" } ] }, @@ -20555,7 +22909,9 @@ }, { "condition_keys": [ - "backup:ChangeableForDays" + "backup:ChangeableForDays", + "backup:MinRetentionDays", + "backup:MaxRetentionDays" ], "dependent_actions": [], "resource_type": "" @@ -20574,6 +22930,30 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to add a sharing policy to the backup vault", + "privilege": "PutBackupVaultSharingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backupVault*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put a restore validation result", + "privilege": "PutRestoreValidationResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start a new backup job", @@ -20675,6 +23055,11 @@ "dependent_actions": [], "resource_type": "reportPlan" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -20720,6 +23105,11 @@ "dependent_actions": [], "resource_type": "reportPlan" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan" + }, { "condition_keys": [ "aws:TagKeys" @@ -20807,6 +23197,32 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a restore testing plan", + "privilege": "UpdateRestoreTestingPlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "restoreTestingPlan*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a resource assignment in a restore testing plan", + "privilege": "UpdateRestoreTestingSelection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "restoreTestingPlan*" + } + ] } ], "resources": [ @@ -20851,6 +23267,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "legalHold" + }, + { + "arn": "arn:${Partition}:backup:${Region}:${Account}:restore-testing-plan:${RestoreTestingPlanName}-${RestoreTestingPlanId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "restoreTestingPlan" } ], "service_name": "AWS Backup" @@ -20901,14 +23324,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "virtualmachine*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -21081,14 +23496,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "virtualmachine" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -21151,14 +23558,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "hypervisor*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -21240,7 +23639,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -21714,7 +24112,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job-definition*" + "resource_type": "job-definition-revision*" } ] }, @@ -21820,7 +24218,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job-definition" + "resource_type": "job-definition-revision" }, { "condition_keys": [], @@ -21912,7 +24310,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job-definition" + "resource_type": "job-definition-revision" }, { "condition_keys": [], @@ -21964,7 +24362,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job-definition" + "resource_type": "job-definition-revision" }, { "condition_keys": [], @@ -22047,12 +24445,17 @@ ], "resource": "job-queue" }, + { + "arn": "arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}", + "condition_keys": [], + "resource": "job-definition" + }, { "arn": "arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "job-definition" + "resource": "job-definition-revision" }, { "arn": "arn:${Partition}:batch:${Region}:${Account}:job/${JobId}", @@ -22072,85 +24475,137 @@ "service_name": "AWS Batch" }, { - "conditions": [], - "prefix": "billing", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "bcm-data-exports", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to perform queries on billing information", - "privilege": "GetBillingData", + "access_level": "Write", + "description": "Grants permission to create an export", + "privilege": "CreateExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view detailed line item billing information", - "privilege": "GetBillingDetails", + "access_level": "Write", + "description": "Grants permission to delete an export", + "privilege": "DeleteExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view notifications sent by AWS related to your accounts billing information", - "privilege": "GetBillingNotifications", + "description": "Grants permission to get the execution of an export", + "privilege": "GetExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view billing preferences such as reserved instance, savings plans and credits sharing", - "privilege": "GetBillingPreferences", + "description": "Grants permission to get an export", + "privilege": "GetExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the account's contract information including the contract number, end-user organization names, PO numbers and if the account is used to service public-sector customers", - "privilege": "GetContractInformation", + "description": "Grants permission to get the details of a table", + "privilege": "GetTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view credits that have been redeemed", - "privilege": "GetCredits", + "access_level": "List", + "description": "Grants permission to list all executions of an export", + "privilege": "ListExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the state of the Allow IAM Access billing preference", - "privilege": "GetIAMAccessPreference", + "access_level": "List", + "description": "Grants permission to list all exports", + "privilege": "ListExports", "resource_types": [ { "condition_keys": [], @@ -22160,9 +24615,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the account's default Seller of Record", - "privilege": "GetSellerOfRecord", + "access_level": "List", + "description": "Grants permission to list all available tables", + "privilege": "ListTables", "resource_types": [ { "condition_keys": [], @@ -22173,155 +24628,202 @@ }, { "access_level": "Read", - "description": "Grants permission to get billing information for your proforma billing groups", - "privilege": "ListBillingViews", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the account's contract information end-user organization names and if the account is used to service public-sector customers", - "privilege": "PutContractInformation", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to redeem an AWS credit", - "privilege": "RedeemCredits", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "export*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update billing preferences such as reserved instance, savings plans and credits sharing", - "privilege": "UpdateBillingPreferences", + "description": "Grants permission to update an export", + "privilege": "UpdateExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the Allow IAM Access billing preference", - "privilege": "UpdateIAMAccessPreference", - "resource_types": [ + "resource_type": "export*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] } ], - "resources": [], - "service_name": "AWS Billing and Cost Management" + "resources": [ + { + "arn": "arn:${Partition}:bcm-data-exports:${Region}:${Account}:export/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "export" + }, + { + "arn": "arn:${Partition}:bcm-data-exports:${Region}:${Account}:table/${Identifier}", + "condition_keys": [], + "resource": "table" + } + ], + "service_name": "AWS Billing And Cost Management Data Exports" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by creating requests based on the allowed set of values for each of the mandatory tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by having actions based on the tag value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by creating requests based on the presence of mandatory tags in the request", "type": "ArrayOfString" + }, + { + "condition": "bedrock:ThirdPartyKnowledgeBaseCredentialsSecretArn", + "description": "Filters access by the secretArn containing the credentials of the third party platform", + "type": "ARN" } ], - "prefix": "billingconductor", + "prefix": "bedrock", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to associate between one and 30 accounts to a billing group", - "privilege": "AssociateAccounts", + "access_level": "Read", + "description": "Grants permission to apply a guardrail", + "privilege": "ApplyGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "guardrail*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate pricing rules", - "privilege": "AssociatePricingRules", + "description": "Grants permission to associate a knowledge base with an agent", + "privilege": "AssociateAgentKnowledgeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "agent*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "knowledge-base*" } ] }, { "access_level": "Write", - "description": "Grants permission to batch associate resources to a percentage custom line item", - "privilege": "BatchAssociateResourcesToCustomLineItem", + "description": "Grants permission to use 3rd party platform to store knowledge data", + "privilege": "AssociateThirdPartyKnowledgeBase", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "bedrock:ThirdPartyKnowledgeBaseCredentialsSecretArn" + ], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to batch disassociate resources from a percentage custom line item", - "privilege": "BatchDisassociateResourcesFromCustomLineItem", + "description": "Grants permission to create a new agent and a test agent alias pointing to the DRAFT agent version", + "privilege": "CreateAgent", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a billing group", - "privilege": "CreateBillingGroup", + "description": "Grants permission to create a new action group in an existing agent", + "privilege": "CreateAgentActionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "agent*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -22330,13 +24832,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a custom line item", - "privilege": "CreateCustomLineItem", + "description": "Grants permission to create a new alias for an agent", + "privilege": "CreateAgentAlias", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -22345,28 +24852,35 @@ }, { "access_level": "Write", - "description": "Grants permission to create a pricing plan", - "privilege": "CreatePricingPlan", + "description": "Grants permission to create a data source", + "privilege": "CreateDataSource", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a pricing rule", - "privilege": "CreatePricingRule", + "description": "Grants permission to create a job for evaluation foundation models or custom models", + "privilege": "CreateEvaluationJob", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "foundation-model*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -22375,174 +24889,234 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a billing group", - "privilege": "DeleteBillingGroup", + "description": "Grants permission to create a new foundation model agreement", + "privilege": "CreateFoundationModelAgreement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a custom line item", - "privilege": "DeleteCustomLineItem", + "description": "Grants permission to create a new guardrail", + "privilege": "CreateGuardrail", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pricing plan", - "privilege": "DeletePricingPlan", + "description": "Grants permission to create a new guardrail version", + "privilege": "CreateGuardrailVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "guardrail*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pricing rule", - "privilege": "DeletePricingRule", + "description": "Grants permission to create a knowledge base", + "privilege": "CreateKnowledgeBase", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to detach between one and 30 accounts from a billing group", - "privilege": "DisassociateAccounts", + "description": "Grants permission to create a job for customizing the model with your custom training data", + "privilege": "CreateModelCustomizationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "custom-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "foundation-model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate pricing rules", - "privilege": "DisassociatePricingRules", + "description": "Grants permission to create a job for evaluation foundation models or custom models", + "privilege": "CreateModelEvaluationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "custom-model*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "foundation-model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the linked accounts of the payer account for the given billing period while also providing the billing group the linked accounts belong to", - "privilege": "ListAccountAssociations", + "access_level": "Write", + "description": "Grants permission to create a new model invocation job", + "privilege": "CreateModelInvocationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "custom-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "foundation-model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the billing group cost report", - "privilege": "ListBillingGroupCostReports", + "access_level": "Write", + "description": "Grants permission to create a new provisioned model throughput", + "privilege": "CreateProvisionedModelThroughput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "custom-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "foundation-model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of billing groups", - "privilege": "ListBillingGroups", + "access_level": "Write", + "description": "Grants permission to delete an Agent that you created earlier", + "privilege": "DeleteAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view custom line item versions", - "privilege": "ListCustomLineItemVersions", + "access_level": "Write", + "description": "Grants permission to delete an actionGroup that you created earlier", + "privilege": "DeleteAgentActionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view custom line item details", - "privilege": "ListCustomLineItems", + "access_level": "Write", + "description": "Grants permission to delete an AgentAlias that you created earlier", + "privilege": "DeleteAgentAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent-alias*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the pricing plans details", - "privilege": "ListPricingPlans", + "access_level": "Write", + "description": "Grants permission to delete an Agent Version that you created earlier", + "privilege": "DeleteAgentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { - "access_level": "List", - "description": "Grants permission to list pricing plans associated with a pricing rule", - "privilege": "ListPricingPlansAssociatedWithPricingRule", + "access_level": "Write", + "description": "Grants permission to delete a custom model that you created earlier", + "privilege": "DeleteCustomModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" - }, + "resource_type": "custom-model*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a data source", + "privilege": "DeleteDataSource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view pricing rules details", - "privilege": "ListPricingRules", + "access_level": "Write", + "description": "Grants permission to delete a foundation model agreement that you created earlier", + "privilege": "DeleteFoundationModelAgreement", "resource_types": [ { "condition_keys": [], @@ -22552,363 +25126,307 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list pricing rules associated to a pricing plan", - "privilege": "ListPricingRulesAssociatedToPricingPlan", + "access_level": "Write", + "description": "Grants permission to delete a guardrail or its version", + "privilege": "DeleteGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "guardrail*" } ] }, { - "access_level": "List", - "description": "Grants permission to list resources associated to a percentage custom line item", - "privilege": "ListResourcesAssociatedToCustomLineItem", + "access_level": "Write", + "description": "Grants permission to delete a knowledge base", + "privilege": "DeleteKnowledgeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags of a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete an existing Invocation logging configuration", + "privilege": "DeleteModelInvocationLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customlineitem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pricingplan" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pricingrule" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a provisioned model throughput that you created earlier", + "privilege": "DeleteProvisionedModelThroughput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" - }, + "resource_type": "provisioned-model*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect if the provided content is generated using Amazon Bedrock", + "privilege": "DetectGeneratedContent", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem" - }, + "resource_type": "foundation-model*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a knowledge base from the agent", + "privilege": "DisassociateAgentKnowledgeBase", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan" + "resource_type": "agent*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to retrieve an existing agent", + "privilege": "GetAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" - }, + "resource_type": "agent*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing action group", + "privilege": "GetAgentActionGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem" - }, + "resource_type": "agent*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing alias", + "privilege": "GetAgentAlias", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan" - }, + "resource_type": "agent-alias*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a knowledge base associated with an agent", + "privilege": "GetAgentKnowledgeBase", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule" + "resource_type": "agent*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a billing group", - "privilege": "UpdateBillingGroup", + "access_level": "Read", + "description": "Grants permission to retrieve an existing version of an agent", + "privilege": "GetAgentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "agent*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a custom line item", - "privilege": "UpdateCustomLineItem", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a Bedrock custom model that you have created", + "privilege": "GetCustomModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customlineitem*" + "resource_type": "custom-model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a pricing plan", - "privilege": "UpdatePricingPlan", + "access_level": "Read", + "description": "Grants permission to retrieve an existing data source", + "privilege": "GetDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingplan*" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a pricing rule", - "privilege": "UpdatePricingRule", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a evaluation job. Use this operation to get the status of a evaluation job", + "privilege": "GetEvaluationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pricingrule*" + "resource_type": "evaluation-job*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:billingconductor::${Account}:billinggroup/${BillingGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "billinggroup" - }, - { - "arn": "arn:${Partition}:billingconductor::${Account}:pricingplan/${PricingPlanId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pricingplan" - }, - { - "arn": "arn:${Partition}:billingconductor::${Account}:pricingrule/${PricingRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pricingrule" - }, - { - "arn": "arn:${Partition}:billingconductor::${Account}:customlineitem/${CustomLineItemId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "customlineitem" - } - ], - "service_name": "AWS Billing Conductor" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "braket", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to cancel a job", - "privilege": "CancelJob", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a Bedrock foundation model", + "privilege": "GetFoundationModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "foundation-model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a quantum task", - "privilege": "CancelQuantumTask", + "access_level": "Read", + "description": "Grants permission to get the availability of a foundation model", + "privilege": "GetFoundationModelAvailability", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a job", - "privilege": "CreateJob", + "access_level": "Read", + "description": "Grants permission to retrieve a guardrail or its version", + "privilege": "GetGuardrail", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "guardrail*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a quantum task", - "privilege": "CreateQuantumTask", + "access_level": "Read", + "description": "Grants permission to retrieve an existing ingestion job", + "privilege": "GetIngestionJob", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the devices available in Amazon Braket", - "privilege": "GetDevice", + "description": "Grants permission to retrieve an existing knowledge base", + "privilege": "GetKnowledgeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve jobs", - "privilege": "GetJob", + "description": "Grants permission to get the properties associated with a model-customization job. Use this operation to get the status of a model-customization job", + "privilege": "GetModelCustomizationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "model-customization-job*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve quantum tasks", - "privilege": "GetQuantumTask", + "description": "Grants permission to get the properties associated with a model-evaluation job. Use this operation to get the status of a model-evaluation job", + "privilege": "GetModelEvaluationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task*" + "resource_type": "model-evaluation-job*" } ] }, { "access_level": "Read", - "description": "Grants permission to listing the tags that have been applied to the quantum task resource or the job", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve a model invocation job", + "privilege": "GetModelInvocationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" - }, + "resource_type": "model-invocation-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an existing Invocation logging configuration", + "privilege": "GetModelInvocationLoggingConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to search for devices available in Amazon Braket", - "privilege": "SearchDevices", + "description": "Grants permission to retrieve a provisioned model throughput", + "privilege": "GetProvisionedModelThroughput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "provisioned-model*" } ] }, { "access_level": "Read", - "description": "Grants permission to search for jobs", - "privilege": "SearchJobs", + "description": "Grants permission to retrieve a use case for model access", + "privilege": "GetUseCaseForModelAccess", "resource_types": [ { "condition_keys": [], @@ -22919,137 +25437,102 @@ }, { "access_level": "Read", - "description": "Grants permission to search for quantum tasks", - "privilege": "SearchQuantumTasks", + "description": "Grants permission to send user input (text-only) to the alias of an agent for Bedrock", + "privilege": "InvokeAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent-alias*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a quantum task", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body", + "privilege": "InvokeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task" + "resource_type": "foundation-model*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "provisioned-model*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from a quantum task resource or a job. A tag consists of a key-value pair", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to invoke the specified Bedrock model to run inference using the input provided in the request body with streaming response", + "privilege": "InvokeModelWithResponseStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "foundation-model*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quantum-task" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "provisioned-model*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:braket:${Region}:${Account}:quantum-task/${RandomId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "quantum-task" }, { - "arn": "arn:${Partition}:braket:${Region}:${Account}:job/${JobName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "job" - } - ], - "service_name": "Amazon Braket" - }, - { - "conditions": [], - "prefix": "budgets", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create and define a response that you can configure to execute once your budget has exceeded a specific budget threshold", - "privilege": "CreateBudgetAction", + "access_level": "List", + "description": "Grants permission to list action groups in an agent", + "privilege": "ListAgentActionGroups", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "budgetAction*" + "dependent_actions": [], + "resource_type": "agent*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an action that is associated with a specific budget", - "privilege": "DeleteBudgetAction", + "access_level": "List", + "description": "Grants permission to list aliases for an agent", + "privilege": "ListAgentAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of a specific budget action associated with a budget", - "privilege": "DescribeBudgetAction", + "access_level": "List", + "description": "Grants permission to list knowledge bases associated with an agent", + "privilege": "ListAgentKnowledgeBases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a historical view of the budget actions statuses associated with a particular budget action. These status include statues such as 'Standby', 'Pending' and 'Executed'", - "privilege": "DescribeBudgetActionHistories", + "access_level": "List", + "description": "Grants permission to list existing versions of an agent", + "privilege": "ListAgentVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of all of the budget actions associated with your account", - "privilege": "DescribeBudgetActionsForAccount", + "access_level": "List", + "description": "Grants permission to list existing agents", + "privilege": "ListAgents", "resource_types": [ { "condition_keys": [], @@ -23059,212 +25542,144 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of all of the budget actions associated with a budget", - "privilege": "DescribeBudgetActionsForBudget", + "access_level": "List", + "description": "Grants permission to get a list of Bedrock custom models that you have created", + "privilege": "ListCustomModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a pending budget action as well as reverse a previously executed budget action", - "privilege": "ExecuteBudgetAction", + "access_level": "List", + "description": "Grants permission to list existing data sources in an knowledge base", + "privilege": "ListDataSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budgetAction*" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify budgets and budget details", - "privilege": "ModifyBudget", + "access_level": "List", + "description": "Grants permission to get the list of evaluation jobs that you have submitted", + "privilege": "ListEvaluationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the details of a specific budget action associated with a budget", - "privilege": "UpdateBudgetAction", + "access_level": "List", + "description": "Grants permission to get a list of foundation model agreement offers", + "privilege": "ListFoundationModelAgreementOffers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "budgetAction*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view budgets and budget details", - "privilege": "ViewBudget", + "access_level": "List", + "description": "Grants permission to list Bedrock foundation models that you can use", + "privilege": "ListFoundationModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "budget*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}", - "condition_keys": [], - "resource": "budget" - }, - { - "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}/action/${ActionId}", - "condition_keys": [], - "resource": "budgetAction" - } - ], - "service_name": "AWS Budget Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "bugbust", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a BugBust event", - "privilege": "CreateEvent", + "access_level": "List", + "description": "Grants permission to list guardrails or its versions", + "privilege": "ListGuardrails", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "guardrail" } ] }, { - "access_level": "Write", - "description": "Grants permission to evaluate checked-in profiling groups", - "privilege": "EvaluateProfilingGroups", + "access_level": "List", + "description": "Grants permission to list ingestion jobs in a data source", + "privilege": "ListIngestionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, + "resource_type": "knowledge-base*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing knowledge bases", + "privilege": "ListKnowledgeBases", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view customer details about an event", - "privilege": "GetEvent", + "access_level": "List", + "description": "Grants permission to get the list of model customization jobs that you have submitted", + "privilege": "ListModelCustomizationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the status of a BugBust player's attempt to join a BugBust event", - "privilege": "GetJoinEventStatus", + "access_level": "List", + "description": "Grants permission to get the list of model evaluation jobs that you have submitted", + "privilege": "ListModelEvaluationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to join an event", - "privilege": "JoinEvent", + "access_level": "List", + "description": "Grants permission to list model invocation jobs that you created earlier", + "privilege": "ListModelInvocationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the bugs that were imported into an event for players to work on", - "privilege": "ListBugs", + "access_level": "List", + "description": "Grants permission to list provisioned model throughputs that you created earlier", + "privilege": "ListProvisionedModelThroughputs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListRecommendations" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -23272,566 +25687,533 @@ }, { "access_level": "Read", - "description": "Grants permission to view the participants of an event", - "privilege": "ListEventParticipants", + "description": "Grants permission to list tags for a Bedrock resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" + "resource_type": "agent*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent-alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custom-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "guardrail*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "knowledge-base*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-customization-job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-evaluation-job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-invocation-job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioned-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the scores of an event's players", - "privilege": "ListEventScores", + "access_level": "Write", + "description": "Grants permission to prepare an existing agent to receive runtime requests", + "privilege": "PrepareAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { - "access_level": "List", - "description": "Grants permission to List BugBust events", - "privilege": "ListEvents", + "access_level": "Write", + "description": "Grants permission to put entitlement to access a foundation model", + "privilege": "PutFoundationModelEntitlement", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the profiling groups that were imported into an event for players to work on", - "privilege": "ListProfilingGroups", + "access_level": "Write", + "description": "Grants permission to create an existing Invocation logging configuration", + "privilege": "PutModelInvocationLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the pull requests used by players to submit fixes to their claimed bugs in an event", - "privilege": "ListPullRequests", + "access_level": "Write", + "description": "Grants permission to put a use case for model access", + "privilege": "PutUseCaseForModelAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to lists tag for a Bugbust resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve ingested data from a knowledge base", + "privilege": "Retrieve", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a Bugbust resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to send user input to perform retrieval and generation", + "privilege": "RetrieveAndGenerate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a Bugbust resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to start an ingestion job", + "privilege": "StartIngestionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a BugBust event", - "privilege": "UpdateEvent", + "description": "Grants permission to stop a evaluation job while in progress", + "privilege": "StopEvaluationJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-profiler:DescribeProfilingGroup", - "codeguru-profiler:ListProfilingGroups", - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListCodeReviews", - "codeguru-reviewer:ListRecommendations", - "codeguru-reviewer:TagResource", - "codeguru-reviewer:UnTagResource" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "evaluation-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a work item as claimed or unclaimed (bug or profiling group)", - "privilege": "UpdateWorkItem", + "description": "Grants permission to stop a Bedrock model customization job while in progress", + "privilege": "StopModelCustomizationJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-reviewer:ListRecommendations" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-customization-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an event's work item (bug or profiling group)", - "privilege": "UpdateWorkItemAdmin", + "description": "Grants permission to stop a model invocation job that you started earlier", + "privilege": "StopModelInvocationJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codeguru-reviewer:ListRecommendations" - ], - "resource_type": "Event*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-invocation-job*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:bugbust:${Region}:${Account}:events/${EventId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Event" - } - ], - "service_name": "AWS BugBust" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cases", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the fields in the case domain", - "privilege": "BatchGetField", + "access_level": "Tagging", + "description": "Grants permission to Tag a Bedrock resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "agent" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Field*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the field options in the case domain", - "privilege": "BatchPutFieldOptions", - "resource_types": [ + "resource_type": "agent-alias" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "custom-model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Field*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a case in the case domain", - "privilege": "CreateCase", - "resource_types": [ + "resource_type": "evaluation-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" + "resource_type": "guardrail" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "knowledge-base" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "model-customization-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new case domain", - "privilege": "CreateDomain", - "resource_types": [ + "resource_type": "model-evaluation-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a field in the case domain", - "privilege": "CreateField", - "resource_types": [ + "resource_type": "model-invocation-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "provisioned-model" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a layout in the case domain", - "privilege": "CreateLayout", + "access_level": "Tagging", + "description": "Grants permission to Untag a Bedrock resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "agent" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Layout*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a related item associated to a case in the case domain", - "privilege": "CreateRelatedItem", - "resource_types": [ + "resource_type": "agent-alias" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" + "resource_type": "custom-model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "evaluation-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelatedItem*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a template in the case domain", - "privilege": "CreateTemplate", - "resource_types": [ + "resource_type": "guardrail" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "knowledge-base" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "model-customization-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Template*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the domain", - "privilege": "DeleteDomain", - "resource_types": [ + "resource_type": "model-evaluation-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a case in the case domain", - "privilege": "GetCase", - "resource_types": [ + "resource_type": "model-invocation-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" + "resource_type": "provisioned-model" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Domain*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing agent", + "privilege": "UpdateAgent", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the case event configuraton in the case domain", - "privilege": "GetCaseEventConfiguration", + "access_level": "Write", + "description": "Grants permission to update an existing action group", + "privilege": "UpdateAgentActionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the case domain", - "privilege": "GetDomain", + "access_level": "Write", + "description": "Grants permission to update an existing alias", + "privilege": "UpdateAgentAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "agent-alias*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the layout in the case domain", - "privilege": "GetLayout", + "access_level": "Write", + "description": "Grants permission to update a knowledge base associated with an agent", + "privilege": "UpdateAgentKnowledgeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "agent*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the template in the case domain", - "privilege": "GetTemplate", + "access_level": "Write", + "description": "Grants permission to update a data source", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "List", - "description": "Grants permission to list cases for a specific contact in the case domain", - "privilege": "ListCasesForContact", + "access_level": "Write", + "description": "Grants permission to update a guardrail", + "privilege": "UpdateGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "guardrail*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all domains in the aws account", - "privilege": "ListDomains", + "access_level": "Write", + "description": "Grants permission to update a knowledge base", + "privilege": "UpdateKnowledgeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "knowledge-base*" } ] }, { - "access_level": "List", - "description": "Grants permission to list field options for a single select field in the case domain", - "privilege": "ListFieldOptions", + "access_level": "Write", + "description": "Grants permission to update a provisioned model throughput that you created earlier", + "privilege": "UpdateProvisionedModelThroughput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "custom-model*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "foundation-model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioned-model*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:bedrock:${Region}::foundation-model/${ResourceId}", + "condition_keys": [], + "resource": "foundation-model" }, { - "access_level": "List", - "description": "Grants permission to list fields in the case domain", - "privilege": "ListFields", + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:custom-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "custom-model" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:provisioned-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "provisioned-model" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:model-customization-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model-customization-job" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:agent/${AgentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "agent" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:agent-alias/${AgentId}/${AgentAliasId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "agent-alias" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:knowledge-base/${KnowledgeBaseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "knowledge-base" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:model-evaluation-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model-evaluation-job" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:evaluation-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "evaluation-job" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:model-invocation-job/${JobIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model-invocation-job" + }, + { + "arn": "arn:${Partition}:bedrock:${Region}:${Account}:guardrail/${GuardrailId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "guardrail" + } + ], + "service_name": "Amazon Bedrock" + }, + { + "conditions": [], + "prefix": "billing", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to perform queries on billing information", + "privilege": "GetBillingData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list layouts in the case domain", - "privilege": "ListLayouts", + "access_level": "Read", + "description": "Grants permission to view detailed line item billing information", + "privilege": "GetBillingDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for the specified resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to view notifications sent by AWS related to your accounts billing information", + "privilege": "GetBillingNotifications", "resource_types": [ { "condition_keys": [], @@ -23841,331 +26223,216 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list templates in the case domain", - "privilege": "ListTemplates", + "access_level": "Read", + "description": "Grants permission to view billing preferences such as reserved instance, savings plans and credits sharing", + "privilege": "GetBillingPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to insert or update the case event configuration in the case domain", - "privilege": "PutCaseEventConfiguration", + "access_level": "Read", + "description": "Grants permission to view the account's contract information including the contract number, end-user organization names, PO numbers and if the account is used to service public-sector customers", + "privilege": "GetContractInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to search for cases in the case domain", - "privilege": "SearchCases", + "description": "Grants permission to view credits that have been redeemed", + "privilege": "GetCredits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to search for related items associated to the case in the case domain", - "privilege": "SearchRelatedItems", + "description": "Grants permission to retrieve the state of the Allow IAM Access billing preference", + "privilege": "GetIAMAccessPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve the account's default Seller of Record", + "privilege": "GetSellerOfRecord", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelatedItem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the specified resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get billing information for your proforma billing groups", + "privilege": "ListBillingViews", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelatedItem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the field values on the case in the case domain", - "privilege": "UpdateCase", + "description": "Grants permission to set the account's contract information end-user organization names and if the account is used to service public-sector customers", + "privilege": "PutContractInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Case*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the field in the case domain", - "privilege": "UpdateField", + "description": "Grants permission to redeem an AWS credit", + "privilege": "RedeemCredits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Field*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the layout in the case domain", - "privilege": "UpdateLayout", + "description": "Grants permission to update billing preferences such as reserved instance, savings plans and credits sharing", + "privilege": "UpdateBillingPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Layout*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the template in the case domain", - "privilege": "UpdateTemplate", + "description": "Grants permission to update the Allow IAM Access billing preference", + "privilege": "UpdateIAMAccessPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Template*" + "resource_type": "" } ] } ], - "resources": [ - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Case" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Domain" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/field/${FieldId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Field" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/layout/${LayoutId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Layout" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}/related-item/${RelatedItemId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "RelatedItem" - }, - { - "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/template/${TemplateId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Template" - } - ], - "service_name": "Amazon Connect Cases" + "resources": [], + "service_name": "AWS Billing" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "cassandra", + "prefix": "billingconductor", "privileges": [ { "access_level": "Write", - "description": "Grants permission to alter a keyspace or table", - "privilege": "Alter", + "description": "Grants permission to associate between one and 30 accounts to a billing group", + "privilege": "AssociateAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, + "resource_type": "billinggroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate pricing rules", + "privilege": "AssociatePricingRules", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "pricingplan*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pricingrule*" } ] }, { "access_level": "Write", - "description": "Grants permission to alter a multiregion keyspace or table", - "privilege": "AlterMultiRegionResource", + "description": "Grants permission to batch associate resources to a percentage custom line item", + "privilege": "BatchAssociateResourcesToCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, + "resource_type": "customlineitem*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to batch disassociate resources from a percentage custom line item", + "privilege": "BatchDisassociateResourcesFromCustomLineItem", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "customlineitem*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a billing group", + "privilege": "CreateBillingGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingplan*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -24174,23 +26441,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a keyspace or table", - "privilege": "Create", + "description": "Grants permission to create a custom line item", + "privilege": "CreateCustomLineItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table" + "resource_type": "billinggroup*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -24199,23 +26461,33 @@ }, { "access_level": "Write", - "description": "Grants permission to create a multiregion keyspace or table", - "privilege": "CreateMultiRegionResource", + "description": "Grants permission to create a pricing plan", + "privilege": "CreatePricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" + "resource_type": "pricingrule*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "table" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a pricing rule", + "privilege": "CreatePricingRule", + "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -24224,97 +26496,124 @@ }, { "access_level": "Write", - "description": "Grants permission to drop a keyspace or table", - "privilege": "Drop", + "description": "Grants permission to delete a billing group", + "privilege": "DeleteBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, + "resource_type": "billinggroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a custom line item", + "privilege": "DeleteCustomLineItem", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "customlineitem*" } ] }, { "access_level": "Write", - "description": "Grants permission to drop a multiregion keyspace or table", - "privilege": "DropMultiRegionResource", + "description": "Grants permission to delete a pricing plan", + "privilege": "DeletePricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, + "resource_type": "pricingplan*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a pricing rule", + "privilege": "DeletePricingRule", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "pricingrule*" } ] }, { "access_level": "Write", - "description": "Grants permission to INSERT, UPDATE or DELETE data in a table", - "privilege": "Modify", + "description": "Grants permission to detach between one and 30 accounts from a billing group", + "privilege": "DisassociateAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "billinggroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to INSERT, UPDATE or DELETE data in a multiregion table", - "privilege": "ModifyMultiRegionResource", + "description": "Grants permission to disassociate pricing rules", + "privilege": "DisassociatePricingRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "pricingplan*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingrule*" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore table from a backup", - "privilege": "Restore", + "access_level": "Read", + "description": "Grants permission to view the billing group cost report for the specified billing group", + "privilege": "GetBillingGroupCostReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "billinggroup*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the linked accounts of the payer account for the given billing period while also providing the billing group the linked accounts belong to", + "privilege": "ListAccountAssociations", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore multiregion table from a backup", - "privilege": "RestoreMultiRegionTable", + "access_level": "Read", + "description": "Grants permission to view the billing group cost report", + "privilege": "ListBillingGroupCostReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the details of billing groups", + "privilege": "ListBillingGroups", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -24322,72 +26621,117 @@ }, { "access_level": "Read", - "description": "Grants permission to SELECT data from a table", - "privilege": "Select", + "description": "Grants permission to view custom line item versions", + "privilege": "ListCustomLineItemVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "customlineitem*" } ] }, { "access_level": "Read", - "description": "Grants permission to SELECT data from a multiregion table", - "privilege": "SelectMultiRegionResource", + "description": "Grants permission to view custom line item details", + "privilege": "ListCustomLineItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a multiregion keyspace or table", - "privilege": "TagMultiRegionResource", + "access_level": "Read", + "description": "Grants permission to view the pricing plans details", + "privilege": "ListPricingPlans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list pricing plans associated with a pricing rule", + "privilege": "ListPricingPlansAssociatedWithPricingRule", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" - }, + "resource_type": "pricingrule*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view pricing rules details", + "privilege": "ListPricingRules", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a keyspace or table", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list pricing rules associated to a pricing plan", + "privilege": "ListPricingRulesAssociatedToPricingPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" + "resource_type": "pricingplan*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list resources associated to a percentage custom line item", + "privilege": "ListResourcesAssociatedToCustomLineItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customlineitem*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags of a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "billinggroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "customlineitem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingplan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingrule" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -24396,23 +26740,33 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a multiregion keyspace or table", - "privilege": "UnTagMultiRegionResource", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" + "resource_type": "billinggroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "customlineitem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingplan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingrule" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -24421,22 +26775,31 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a keyspace or table", + "description": "Grants permission to untag a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "keyspace" + "resource_type": "billinggroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "customlineitem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingplan" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingrule" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -24446,80 +26809,124 @@ }, { "access_level": "Write", - "description": "Grants permission to UPDATE the partitioner in a system table", - "privilege": "UpdatePartitioner", + "description": "Grants permission to update a billing group", + "privilege": "UpdateBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "billinggroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a custom line item", + "privilege": "UpdateCustomLineItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customlineitem*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a pricing plan", + "privilege": "UpdatePricingPlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingplan*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a pricing rule", + "privilege": "UpdatePricingRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pricingrule*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/", + "arn": "arn:${Partition}:billingconductor::${Account}:billinggroup/${BillingGroupId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "keyspace" + "resource": "billinggroup" }, { - "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}", + "arn": "arn:${Partition}:billingconductor::${Account}:pricingplan/${PricingPlanId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "table" + "resource": "pricingplan" + }, + { + "arn": "arn:${Partition}:billingconductor::${Account}:pricingrule/${PricingRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pricingrule" + }, + { + "arn": "arn:${Partition}:billingconductor::${Account}:customlineitem/${CustomLineItemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customlineitem" } ], - "service_name": "Amazon Keyspaces (for Apache Cassandra)" + "service_name": "AWS Billing Conductor" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "ce", + "prefix": "braket", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new Anomaly Monitor", - "privilege": "CreateAnomalyMonitor", + "description": "Grants permission to accept the Amazon Braket user agreement", + "privilege": "AcceptUserAgreement", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Anomaly Subscription", - "privilege": "CreateAnomalySubscription", + "access_level": "Read", + "description": "Grants permission to check if an Amazon Braket feature is enabled for an account. Customers need this permission to use all features available in the console", + "privilege": "AccessBraketFeature", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -24527,38 +26934,38 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new Cost Category with the requested name and rules", - "privilege": "CreateCostCategoryDefinition", + "description": "Grants permission to cancel a job", + "privilege": "CancelJob", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to create Reservation expiration alerts", - "privilege": "CreateNotificationSubscription", + "description": "Grants permission to cancel a quantum task", + "privilege": "CancelQuantumTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "quantum-task*" } ] }, { "access_level": "Write", - "description": "Grants permission to create Cost Explorer Reports", - "privilege": "CreateReport", + "description": "Grants permission to create a job", + "privilege": "CreateJob", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -24566,17 +26973,13 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Anomaly Monitor", - "privilege": "DeleteAnomalyMonitor", + "description": "Grants permission to create a quantum task", + "privilege": "CreateQuantumTask", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "anomalymonitor*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -24584,59 +26987,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Anomaly Subscription", - "privilege": "DeleteAnomalySubscription", + "access_level": "Read", + "description": "Grants permission to retrieve information about the devices available in Amazon Braket", + "privilege": "GetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Cost Category", - "privilege": "DeleteCostCategoryDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve jobs", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete Reservation expiration alerts", - "privilege": "DeleteNotificationSubscription", + "access_level": "Read", + "description": "Grants permission to retrieve quantum tasks", + "privilege": "GetQuantumTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "quantum-task*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete Cost Explorer Reports", - "privilege": "DeleteReport", + "access_level": "Read", + "description": "Grants permission to check if the Amazon Braket service linked role has been created", + "privilege": "GetServiceLinkedRoleStatus", "resource_types": [ { "condition_keys": [], @@ -24647,39 +27036,37 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve descriptions such as the name, ARN, rules, definition, and effective dates of a Cost Category", - "privilege": "DescribeCostCategoryDefinition", + "description": "Grants permission to check if the account has accepted the Amazon Braket user agreement", + "privilege": "GetUserAgreementStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "costcategory*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view Reservation expiration alerts", - "privilege": "DescribeNotificationSubscription", + "description": "Grants permission to listing the tags that have been applied to the quantum task resource or the job", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quantum-task" } ] }, { "access_level": "Read", - "description": "Grants permission to view Cost Explorer Reports page", - "privilege": "DescribeReport", + "description": "Grants permission to search for devices available in Amazon Braket", + "privilege": "SearchDevices", "resource_types": [ { "condition_keys": [], @@ -24690,55 +27077,47 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve anomalies", - "privilege": "GetAnomalies", + "description": "Grants permission to search for jobs", + "privilege": "SearchJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to query Anomaly Monitors", - "privilege": "GetAnomalyMonitors", + "description": "Grants permission to search for quantum tasks", + "privilege": "SearchQuantumTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to query Anomaly Subscriptions", - "privilege": "GetAnomalySubscriptions", + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a quantum task or a hybrid job", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription*" + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quantum-task" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -24746,93 +27125,106 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", - "privilege": "GetConsoleActionSetEnforced", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from a quantum task resource or a job. A tag consists of a key-value pair", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the cost and usage metrics for your account", - "privilege": "GetCostAndUsage", - "resource_types": [ + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the cost and usage metrics with resources for your account", - "privilege": "GetCostAndUsageWithResources", - "resource_types": [ + "resource_type": "quantum-task" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:braket:${Region}:${Account}:quantum-task/${RandomId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "quantum-task" }, { - "access_level": "Read", - "description": "Grants permission to query Cost Catagory names and values for a specified time period", - "privilege": "GetCostCategories", + "arn": "arn:${Partition}:braket:${Region}:${Account}:job/${JobName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "job" + } + ], + "service_name": "Amazon Braket" + }, + { + "conditions": [], + "prefix": "budgets", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create and define a response that you can configure to execute once your budget has exceeded a specific budget threshold", + "privilege": "CreateBudgetAction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "budgetAction*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a cost forecast for a forecast time period", - "privilege": "GetCostForecast", + "access_level": "Write", + "description": "Grants permission to delete an action that is associated with a specific budget", + "privilege": "DeleteBudgetAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all available filter values for a filter for a period of time", - "privilege": "GetDimensionValues", + "description": "Grants permission to retrieve the details of a specific budget action associated with a budget", + "privilege": "DescribeBudgetAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { "access_level": "Read", - "description": "Grants permission to view Cost Explorer Preferences page", - "privilege": "GetPreferences", + "description": "Grants permission to retrieve a historical view of the budget actions statuses associated with a particular budget action. These status include statues such as 'Standby', 'Pending' and 'Executed'", + "privilege": "DescribeBudgetActionHistories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the reservation coverage for your account", - "privilege": "GetReservationCoverage", + "description": "Grants permission to retrieve the details of all of the budget actions associated with your account", + "privilege": "DescribeBudgetActionsForAccount", "resource_types": [ { "condition_keys": [], @@ -24843,143 +27235,211 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the reservation recommendations for your account", - "privilege": "GetReservationPurchaseRecommendation", + "description": "Grants permission to retrieve the details of all of the budget actions associated with a budget", + "privilege": "DescribeBudgetActionsForBudget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budget*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the reservation utilization for your account", - "privilege": "GetReservationUtilization", + "access_level": "Write", + "description": "Grants permission to initiate a pending budget action as well as reverse a previously executed budget action", + "privilege": "ExecuteBudgetAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budgetAction*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the rightsizing recommendations for your account", - "privilege": "GetRightsizingRecommendation", + "access_level": "Write", + "description": "Grants permission to modify budgets and budget details", + "privilege": "ModifyBudget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budget*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans coverage for your account", - "privilege": "GetSavingsPlansCoverage", + "access_level": "Write", + "description": "Grants permission to update the details of a specific budget action associated with a budget", + "privilege": "UpdateBudgetAction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "budgetAction*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans recommendations for your account", - "privilege": "GetSavingsPlansPurchaseRecommendation", + "description": "Grants permission to view budgets and budget details", + "privilege": "ViewBudget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "budget*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}", + "condition_keys": [], + "resource": "budget" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans utilization for your account", - "privilege": "GetSavingsPlansUtilization", + "arn": "arn:${Partition}:budgets::${Account}:budget/${BudgetName}/action/${ActionId}", + "condition_keys": [], + "resource": "budgetAction" + } + ], + "service_name": "AWS Budget Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "bugbust", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a BugBust event", + "privilege": "CreateEvent", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the Savings Plans utilization details for your account", - "privilege": "GetSavingsPlansUtilizationDetails", + "access_level": "Write", + "description": "Grants permission to evaluate checked-in profiling groups", + "privilege": "EvaluateProfilingGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to query tags for a specified time period", - "privilege": "GetTags", + "description": "Grants permission to view customer details about an event", + "privilege": "GetEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a usage forecast for a forecast time period", - "privilege": "GetUsageForecast", + "description": "Grants permission to view the status of a BugBust player's attempt to join a BugBust event", + "privilege": "GetJoinEventStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list Cost Allocation Tags", - "privilege": "ListCostAllocationTags", - "resource_types": [ + "resource_type": "Event*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve names, ARN, and effective dates for all Cost Categories", - "privilege": "ListCostCategoryDefinitions", + "access_level": "Write", + "description": "Grants permission to join an event", + "privilege": "JoinEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of your historical recommendation generations", - "privilege": "ListSavingsPlansPurchaseRecommendationGeneration", + "access_level": "Read", + "description": "Grants permission to view the bugs that were imported into an event for players to work on", + "privilege": "ListBugs", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -24987,23 +27447,13 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for a Cost Explorer resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to view the participants of an event", + "privilege": "ListEventParticipants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "anomalysubscription" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "costcategory" + "resource_type": "Event*" }, { "condition_keys": [ @@ -25015,53 +27465,50 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to provide feedback on detected anomalies", - "privilege": "ProvideAnomalyFeedback", + "access_level": "Read", + "description": "Grants permission to view the scores of an event's players", + "privilege": "ListEventScores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to request a Savings Plans recommendation generation", - "privilege": "StartSavingsPlansPurchaseRecommendationGeneration", + "access_level": "List", + "description": "Grants permission to List BugBust events", + "privilege": "ListEvents", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a Cost Explorer resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to view the profiling groups that were imported into an event for players to work on", + "privilege": "ListProfilingGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "anomalysubscription" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "costcategory" + "resource_type": "Event*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -25070,28 +27517,17 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a Cost Explorer resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to view the pull requests used by players to submit fixes to their claimed bugs in an event", + "privilege": "ListPullRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "anomalysubscription" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "costcategory" + "resource_type": "Event*" }, { "condition_keys": [ - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -25100,14 +27536,14 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Anomaly Monitor", - "privilege": "UpdateAnomalyMonitor", + "access_level": "Read", + "description": "Grants permission to lists tag for a Bugbust resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalymonitor*" + "resource_type": "Event*" }, { "condition_keys": [ @@ -25119,18 +27555,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Anomaly Subscription", - "privilege": "UpdateAnomalySubscription", + "access_level": "Tagging", + "description": "Grants permission to tag a Bugbust resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "anomalysubscription*" + "resource_type": "Event*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -25138,24 +27575,20 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", - "privilege": "UpdateConsoleActionSetEnforced", + "access_level": "Tagging", + "description": "Grants permission to untag a Bugbust resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update existing Cost Allocation Tags status", - "privilege": "UpdateCostAllocationTagsStatus", - "resource_types": [ + "resource_type": "Event*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -25163,13 +27596,21 @@ }, { "access_level": "Write", - "description": "Grants permission to update an existing Cost Category", - "privilege": "UpdateCostCategoryDefinition", + "description": "Grants permission to update a BugBust event", + "privilege": "UpdateEvent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "costcategory*" + "dependent_actions": [ + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:ListProfilingGroups", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews", + "codeguru-reviewer:ListRecommendations", + "codeguru-reviewer:TagResource", + "codeguru-reviewer:UnTagResource" + ], + "resource_type": "Event*" }, { "condition_keys": [ @@ -25182,23 +27623,20 @@ }, { "access_level": "Write", - "description": "Grants permission to update Reservation expiration alerts", - "privilege": "UpdateNotificationSubscription", + "description": "Grants permission to update a work item as claimed or unclaimed (bug or profiling group)", + "privilege": "UpdateWorkItem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to edit Cost Explorer Preferences page", - "privilege": "UpdatePreferences", - "resource_types": [ + "dependent_actions": [ + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -25206,11 +27644,20 @@ }, { "access_level": "Write", - "description": "Grants permission to update Cost Explorer Reports", - "privilege": "UpdateReport", + "description": "Grants permission to update an event's work item (bug or profiling group)", + "privilege": "UpdateWorkItemAdmin", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeguru-reviewer:ListRecommendations" + ], + "resource_type": "Event*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -25219,301 +27666,381 @@ ], "resources": [ { - "arn": "arn:${Partition}:ce::${Account}:anomalysubscription/${Identifier}", + "arn": "arn:${Partition}:bugbust:${Region}:${Account}:events/${EventId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "anomalysubscription" + "resource": "Event" + } + ], + "service_name": "AWS BugBust" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" }, { - "arn": "arn:${Partition}:ce::${Account}:anomalymonitor/${Identifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "anomalymonitor" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" }, { - "arn": "arn:${Partition}:ce::${Account}:costcategory/${Identifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "costcategory" + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "connect:UserArn", + "description": "Filters access by connect's UserArn", + "type": "ARN" } ], - "service_name": "AWS Cost Explorer Service" - }, - { - "conditions": [], - "prefix": "chatbot", + "prefix": "cases", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to create an AWS Chatbot Chime Webhook Configuration", - "privilege": "CreateChimeWebhookConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve information about the fields in the case domain", + "privilege": "BatchGetField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Chatbot Microsoft Teams Channel Configuration", - "privilege": "CreateMicrosoftTeamsChannelConfiguration", + "description": "Grants permission to update the field options in the case domain", + "privilege": "BatchPutFieldOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Chatbot Slack Channel Configuration", - "privilege": "CreateSlackChannelConfiguration", + "description": "Grants permission to create a case in the case domain", + "privilege": "CreateCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" + }, + { + "condition_keys": [ + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Chime Webhook Configuration", - "privilege": "DeleteChimeWebhookConfiguration", + "description": "Grants permission to create a new case domain", + "privilege": "CreateDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Microsoft Teams Channel Configuration", - "privilege": "DeleteMicrosoftTeamsChannelConfiguration", + "description": "Grants permission to create a field in the case domain", + "privilege": "CreateField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the Microsoft Teams configured with AWS Chatbot in an AWS account", - "privilege": "DeleteMicrosoftTeamsConfiguredTeam", + "description": "Grants permission to create a layout in the case domain", + "privilege": "CreateLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Microsoft Teams User Identity", - "privilege": "DeleteMicrosoftTeamsUserIdentity", + "description": "Grants permission to create a related item associated to a case in the case domain", + "privilege": "CreateRelatedItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelatedItem*" + }, + { + "condition_keys": [ + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Slack Channel Configuration", - "privilege": "DeleteSlackChannelConfiguration", + "description": "Grants permission to create a template in the case domain", + "privilege": "CreateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Chatbot Slack User Identity", - "privilege": "DeleteSlackUserIdentity", + "description": "Grants permission to delete the domain", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the Slack workspace authorization with AWS Chatbot, associated with an AWS account", - "privilege": "DeleteSlackWorkspaceAuthorization", + "description": "Grants permission to delete the field in the case domain", + "privilege": "DeleteField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all AWS Chatbot Chime Webhook Configurations in an AWS Account", - "privilege": "DescribeChimeWebhookConfigurations", - "resource_types": [ + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Field*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all AWS Chatbot Slack Channel Configurations in an AWS account", - "privilege": "DescribeSlackChannelConfigurations", + "access_level": "Write", + "description": "Grants permission to delete the layout in the case domain", + "privilege": "DeleteLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all public Slack channels in the Slack workspace connected to the AWS Account onboarded with AWS Chatbot service", - "privilege": "DescribeSlackChannels", - "resource_types": [ + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Layout*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe AWS Chatbot Slack User Identities", - "privilege": "DescribeSlackUserIdentities", + "access_level": "Write", + "description": "Grants permission to delete the template in the case domain", + "privilege": "DeleteTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all authorized Slack workspaces connected to the AWS Account onboarded with AWS Chatbot service", - "privilege": "DescribeSlackWorkspaces", - "resource_types": [ + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Template*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve AWS Chatbot account preferences", - "privilege": "GetAccountPreferences", + "description": "Grants permission to retrieve information about a case in the case domain", + "privilege": "GetCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a single AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", - "privilege": "GetMicrosoftTeamsChannelConfiguration", + "description": "Grants permission to view audit history of a case", + "privilege": "GetCaseAuditEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to generate OAuth parameters to request Microsoft Teams OAuth code to be used by the AWS Chatbot service", - "privilege": "GetMicrosoftTeamsOauthParameters", + "description": "Grants permission to retrieve information about the case event configuraton in the case domain", + "privilege": "GetCaseEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to generate OAuth parameters to request Slack OAuth code to be used by the AWS Chatbot service", - "privilege": "GetSlackOauthParameters", + "description": "Grants permission to retrieve information about the case domain", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", - "privilege": "ListMicrosoftTeamsChannelConfigurations", + "description": "Grants permission to retrieve information about the layout in the case domain", + "privilege": "GetLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all Microsoft Teams connected to the AWS Account onboarded with AWS Chatbot service", - "privilege": "ListMicrosoftTeamsConfiguredTeams", + "description": "Grants permission to retrieve information about the template in the case domain", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe AWS Chatbot Microsoft Teams User Identities", - "privilege": "ListMicrosoftTeamsUserIdentities", + "access_level": "List", + "description": "Grants permission to list cases for a specific contact in the case domain", + "privilege": "ListCasesForContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to redeem previously generated parameters with Microsoft APIs, to acquire OAuth tokens to be used by the AWS Chatbot service", - "privilege": "RedeemMicrosoftTeamsOauthCode", + "access_level": "List", + "description": "Grants permission to list all domains in the aws account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], @@ -25523,45 +28050,50 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to redeem previously generated parameters with Slack API, to acquire OAuth tokens to be used by the AWS Chatbot service", - "privilege": "RedeemSlackOauthCode", + "access_level": "List", + "description": "Grants permission to list field options for a single select field in the case domain", + "privilege": "ListFieldOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update AWS Chatbot account preferences", - "privilege": "UpdateAccountPreferences", + "access_level": "List", + "description": "Grants permission to list fields in the case domain", + "privilege": "ListFields", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an AWS Chatbot Chime Webhook Configuration", - "privilege": "UpdateChimeWebhookConfiguration", + "access_level": "List", + "description": "Grants permission to list layouts in the case domain", + "privilege": "ListLayouts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an AWS Chatbot Microsoft Teams Channel Configuration", - "privilege": "UpdateMicrosoftTeamsChannelConfiguration", + "access_level": "Read", + "description": "Grants permission to list the tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -25571,223 +28103,142 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an AWS Chatbot Slack Channel Configuration", - "privilege": "UpdateSlackChannelConfiguration", + "access_level": "List", + "description": "Grants permission to list templates in the case domain", + "privilege": "ListTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChatbotConfiguration*" + "resource_type": "Domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}", - "condition_keys": [], - "resource": "ChatbotConfiguration" - } - ], - "service_name": "AWS Chatbot" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "chime", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept the delegate invitation to share management of an Amazon Chime account with another AWS Account", - "privilege": "AcceptDelegate", + "description": "Grants permission to insert or update the case event configuration in the case domain", + "privilege": "PutCaseEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate users in an Amazon Chime Enterprise account", - "privilege": "ActivateUsers", + "access_level": "Read", + "description": "Grants permission to search for cases in the case domain", + "privilege": "SearchCases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a domain to your Amazon Chime account", - "privilege": "AddDomain", + "access_level": "Read", + "description": "Grants permission to search for related items associated to the case in the case domain", + "privilege": "SearchRelatedItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add new or update existing Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", - "privilege": "AddOrUpdateGroups", - "resource_types": [ + "resource_type": "Case*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a flow with a channel", - "privilege": "AssociateChannelFlow", + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "Case" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "Domain" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "Field" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate a phone number with an Amazon Chime user", - "privilege": "AssociatePhoneNumberWithUser", - "resource_types": [ + "resource_type": "Layout" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector", - "privilege": "AssociatePhoneNumbersWithVoiceConnector", - "resource_types": [ + "resource_type": "RelatedItem" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector Group", - "privilege": "AssociatePhoneNumbersWithVoiceConnectorGroup", - "resource_types": [ + "resource_type": "Template" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate the specified sign-in delegate groups with the specified Amazon Chime account", - "privilege": "AssociateSigninDelegateGroupsWithAccount", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to authorize an Active Directory for your Amazon Chime Enterprise account", - "privilege": "AuthorizeDirectory", - "resource_types": [ + "resource_type": "Case" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create new attendees for an active Amazon Chime SDK meeting", - "privilege": "BatchCreateAttendee", - "resource_types": [ + "resource_type": "Domain" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add multiple users and bots to a channel", - "privilege": "BatchCreateChannelMembership", - "resource_types": [ + "resource_type": "Field" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "Layout" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "RelatedItem" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to batch add room members", - "privilege": "BatchCreateRoomMembership", - "resource_types": [ + "resource_type": "Template" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -25795,199 +28246,323 @@ }, { "access_level": "Write", - "description": "Grants permission to move up to 50 phone numbers to the deletion queue", - "privilege": "BatchDeletePhoneNumber", + "description": "Grants permission to update the field values on the case in the case domain", + "privilege": "UpdateCase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to suspend up to 50 users from a Team or EnterpriseLWA Amazon Chime account", - "privilege": "BatchSuspendUser", - "resource_types": [ + "resource_type": "Case*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "Field*" + }, + { + "condition_keys": [ + "connect:UserArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the suspension from up to 50 previously suspended users for the specified Amazon Chime EnterpriseLWA account", - "privilege": "BatchUnsuspendUser", + "description": "Grants permission to update the field in the case domain", + "privilege": "UpdateField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Field*" } ] }, { "access_level": "Write", - "description": "Grants permission to update AttendeeCapabilities except the capabilities listed in an ExcludedAttendeeIds table", - "privilege": "BatchUpdateAttendeeCapabilitiesExcept", + "description": "Grants permission to update the layout in the case domain", + "privilege": "UpdateLayout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "Domain*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Layout*" } ] }, { "access_level": "Write", - "description": "Grants permission to update phone number details within the UpdatePhoneNumberRequestItem object for up to 50 phone numbers", - "privilege": "BatchUpdatePhoneNumber", + "description": "Grants permission to update the template in the case domain", + "privilege": "UpdateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update user details within the UpdateUserRequestItem object for up to 20 users for the specified Amazon Chime account", - "privilege": "BatchUpdateUser", - "resource_types": [ + "resource_type": "Domain*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Template*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Case" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Domain" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/field/${FieldId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Field" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/layout/${LayoutId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Layout" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/case/${CaseId}/related-item/${RelatedItemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RelatedItem" + }, + { + "arn": "arn:${Partition}:cases:${Region}:${Account}:domain/${DomainId}/template/${TemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Template" + } + ], + "service_name": "Amazon Connect Cases" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cassandra", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to callback for a message on a channel", - "privilege": "ChannelFlowCallback", + "description": "Grants permission to alter a keyspace or table", + "privilege": "Alter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to establish a web socket connection for app instance user to the messaging session endpoint", - "privilege": "Connect", - "resource_types": [ + "resource_type": "keyspace" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to connect an Active Directory to your Amazon Chime Enterprise account", - "privilege": "ConnectDirectory", + "description": "Grants permission to alter a multiregion keyspace or table", + "privilege": "AlterMultiRegionResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:ConnectDirectory" + "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Chime account under the administrator's AWS account", - "privilege": "CreateAccount", + "description": "Grants permission to create a keyspace or table", + "privilege": "Create", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new SCIM access key for your Amazon Chime account and Okta configuration", - "privilege": "CreateApiKey", + "description": "Grants permission to create a multiregion keyspace or table", + "privilege": "CreateMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an app instance under the AWS account", - "privilege": "CreateAppInstance", + "description": "Grants permission to drop a keyspace or table", + "privilege": "Drop", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" } ] }, { "access_level": "Write", - "description": "Grants permission to promote a user or bot to an AppInstanceAdmin", - "privilege": "CreateAppInstanceAdmin", + "description": "Grants permission to drop a multiregion keyspace or table", + "privilege": "DropMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "keyspace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "table" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to INSERT, UPDATE or DELETE data in a table", + "privilege": "Modify", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a bot under an Amazon Chime AppInstance", - "privilege": "CreateAppInstanceBot", + "description": "Grants permission to INSERT, UPDATE or DELETE data in a multiregion table", + "privilege": "ModifyMultiRegionResource", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a user under an Amazon Chime AppInstance", - "privilege": "CreateAppInstanceUser", + "description": "Grants permission to restore table from a backup", + "privilege": "Restore", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -25996,62 +28571,67 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new attendee for an active Amazon Chime SDK meeting", - "privilege": "CreateAttendee", + "description": "Grants permission to restore multiregion table from a backup", + "privilege": "RestoreMultiRegionTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "table*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a bot for an Amazon Chime Enterprise account", - "privilege": "CreateBot", + "access_level": "Read", + "description": "Grants permission to SELECT data from a table", + "privilege": "Select", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Call Detail Record S3 bucket", - "privilege": "CreateCDRBucket", + "access_level": "Read", + "description": "Grants permission to SELECT data from a multiregion table", + "privilege": "SelectMultiRegionResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:CreateBucket", - "s3:ListAllMyBuckets" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel for an app instance under the AWS account", - "privilege": "CreateChannel", + "access_level": "Tagging", + "description": "Grants permission to tag a multiregion keyspace or table", + "privilege": "TagMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "keyspace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "table" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -26059,41 +28639,49 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to ban a user or bot from a channel", - "privilege": "CreateChannelBan", + "access_level": "Tagging", + "description": "Grants permission to tag a keyspace or table", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "keyspace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "table" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel flow for an app instance under the AWS account", - "privilege": "CreateChannelFlow", + "access_level": "Tagging", + "description": "Grants permission to untag a multiregion keyspace or table", + "privilege": "UnTagMultiRegionResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "keyspace" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -26101,101 +28689,145 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add a user or bot to a channel", - "privilege": "CreateChannelMembership", + "access_level": "Tagging", + "description": "Grants permission to untag a keyspace or table", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "keyspace" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "table" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a channel moderator", - "privilege": "CreateChannelModerator", + "description": "Grants permission to UPDATE the partitioner in a system table", + "privilege": "UpdatePartitioner", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "table*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "keyspace" + }, + { + "arn": "arn:${Partition}:cassandra:${Region}:${Account}:/keyspace/${KeyspaceName}/table/${TableName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "table" + } + ], + "service_name": "Amazon Keyspaces (for Apache Cassandra)" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "ce", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new Anomaly Monitor", + "privilege": "CreateAnomalyMonitor", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media capture pipeline", - "privilege": "CreateMediaCapturePipeline", + "description": "Grants permission to create a new Anomaly Subscription", + "privilege": "CreateAnomalySubscription", "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "s3:GetBucketPolicy" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media concatenation pipeline", - "privilege": "CreateMediaConcatenationPipeline", + "description": "Grants permission to create a new Cost Category with the requested name and rules", + "privilege": "CreateCostCategoryDefinition", "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "s3:GetBucketPolicy" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media insights pipeline", - "privilege": "CreateMediaInsightsPipeline", + "description": "Grants permission to create Reservation expiration alerts", + "privilege": "CreateNotificationSubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:TagResource", - "kinesisvideo:DescribeStream" - ], - "resource_type": "media-insights-pipeline-configuration*" - }, + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create Cost Explorer Reports", + "privilege": "CreateReport", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -26203,33 +28835,36 @@ }, { "access_level": "Write", - "description": "Grants permission to create a media insights pipeline configuration", - "privilege": "CreateMediaInsightsPipelineConfiguration", + "description": "Grants permission to delete an Anomaly Monitor", + "privilege": "DeleteAnomalyMonitor", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalymonitor*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "chime:TagResource", - "iam:PassRole", - "kinesis:DescribeStream", - "s3:ListBucket" + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a media live connector pipeline", - "privilege": "CreateMediaLiveConnectorPipeline", + "description": "Grants permission to delete an Anomaly Subscription", + "privilege": "DeleteAnomalySubscription", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalysubscription*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -26238,13 +28873,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon Chime SDK meeting in the specified media Region, with no initial attendees", - "privilege": "CreateMeeting", + "description": "Grants permission to delete a Cost Category", + "privilege": "DeleteCostCategoryDefinition", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "costcategory*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -26253,25 +28892,41 @@ }, { "access_level": "Write", - "description": "Grants permission to call a phone number to join the specified Amazon Chime SDK meeting", - "privilege": "CreateMeetingDialOut", + "description": "Grants permission to delete Reservation expiration alerts", + "privilege": "DeleteNotificationSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon Chime SDK meeting in the specified media Region, with a set of attendees", - "privilege": "CreateMeetingWithAttendees", + "description": "Grants permission to delete Cost Explorer Reports", + "privilege": "DeleteReport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptions such as the name, ARN, rules, definition, and effective dates of a Cost Category", + "privilege": "DescribeCostCategoryDefinition", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "costcategory*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -26279,9 +28934,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a phone number order with the Carriers", - "privilege": "CreatePhoneNumberOrder", + "access_level": "Read", + "description": "Grants permission to view Reservation expiration alerts", + "privilege": "DescribeNotificationSubscription", "resource_types": [ { "condition_keys": [], @@ -26291,50 +28946,68 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a proxy session for the specified Amazon Chime Voice Connector", - "privilege": "CreateProxySession", + "access_level": "Read", + "description": "Grants permission to view Cost Explorer Reports page", + "privilege": "DescribeReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a room", - "privilege": "CreateRoom", + "access_level": "Read", + "description": "Grants permission to retrieve anomalies", + "privilege": "GetAnomalies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "anomalymonitor*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a room member", - "privilege": "CreateRoomMembership", + "access_level": "Read", + "description": "Grants permission to query Anomaly Monitors", + "privilege": "GetAnomalyMonitors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "anomalymonitor*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "CreateSipMediaApplication", + "access_level": "Read", + "description": "Grants permission to query Anomaly Subscriptions", + "privilege": "GetAnomalySubscriptions", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalysubscription*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -26342,33 +29015,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create outbound call for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "CreateSipMediaApplicationCall", + "access_level": "Read", + "description": "Grants permission to retrieve approximate usage record count for the chosen resource, level, and hourly granularity preferences, derived from the past month's usage", + "privilege": "GetApproximateUsageRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "CreateSipRule", + "access_level": "Read", + "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", + "privilege": "GetConsoleActionSetEnforced", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a user under the specified Amazon Chime account", - "privilege": "CreateUser", + "access_level": "Read", + "description": "Grants permission to retrieve the cost and usage metrics for your account", + "privilege": "GetCostAndUsage", "resource_types": [ { "condition_keys": [], @@ -26378,36 +29051,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a Amazon Chime Voice Connector under the administrator's AWS account", - "privilege": "CreateVoiceConnector", + "access_level": "Read", + "description": "Grants permission to retrieve the cost and usage metrics with resources for your account", + "privilege": "GetCostAndUsageWithResources", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Amazon Chime Voice Connector Group under the administrator's AWS account", - "privilege": "CreateVoiceConnectorGroup", + "access_level": "Read", + "description": "Grants permission to query Cost Catagory names and values for a specified time period", + "privilege": "GetCostCategories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a voice profile", - "privilege": "CreateVoiceProfile", + "access_level": "Read", + "description": "Grants permission to retrieve a cost forecast for a forecast time period", + "privilege": "GetCostForecast", "resource_types": [ { "condition_keys": [], @@ -26417,28 +29087,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a voice profile domain", - "privilege": "CreateVoiceProfileDomain", + "access_level": "Read", + "description": "Grants permission to retrieve all available filter values for a filter for a period of time", + "privilege": "GetDimensionValues", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "chime:TagResource", - "kms:CreateGrant", - "kms:DescribeKey" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime account", - "privilege": "DeleteAccount", + "access_level": "Read", + "description": "Grants permission to view Cost Explorer Preferences page", + "privilege": "GetPreferences", "resource_types": [ { "condition_keys": [], @@ -26448,9 +29111,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the OpenIdConfig attributes from your Amazon Chime account", - "privilege": "DeleteAccountOpenIdConfig", + "access_level": "Read", + "description": "Grants permission to retrieve the reservation coverage for your account", + "privilege": "GetReservationCoverage", "resource_types": [ { "condition_keys": [], @@ -26460,9 +29123,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified SCIM access key associated with your Amazon Chime account and Okta configuration", - "privilege": "DeleteApiKey", + "access_level": "Read", + "description": "Grants permission to retrieve the reservation recommendations for your account", + "privilege": "GetReservationPurchaseRecommendation", "resource_types": [ { "condition_keys": [], @@ -26472,251 +29135,329 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AppInstance", - "privilege": "DeleteAppInstance", + "access_level": "Read", + "description": "Grants permission to retrieve the reservation utilization for your account", + "privilege": "GetReservationUtilization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to demote an AppInstanceAdmin to a user or bot", - "privilege": "DeleteAppInstanceAdmin", + "access_level": "Read", + "description": "Grants permission to retrieve the rightsizing recommendations for your account", + "privilege": "GetRightsizingRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plan recommendation details for your account", + "privilege": "GetSavingsPlanPurchaseRecommendationDetails", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans coverage for your account", + "privilege": "GetSavingsPlansCoverage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AppInstanceBot", - "privilege": "DeleteAppInstanceBot", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans recommendations for your account", + "privilege": "GetSavingsPlansPurchaseRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable data streaming for the app instance", - "privilege": "DeleteAppInstanceStreamingConfigurations", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans utilization for your account", + "privilege": "GetSavingsPlansUtilization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AppInstanceUser", - "privilege": "DeleteAppInstanceUser", + "access_level": "Read", + "description": "Grants permission to retrieve the Savings Plans utilization details for your account", + "privilege": "GetSavingsPlansUtilizationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified attendee from an Amazon Chime SDK meeting", - "privilege": "DeleteAttendee", + "access_level": "Read", + "description": "Grants permission to query tags for a specified time period", + "privilege": "GetTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Call Detail Record S3 bucket from your Amazon Chime account", - "privilege": "DeleteCDRBucket", + "access_level": "Read", + "description": "Grants permission to retrieve a usage forecast for a forecast time period", + "privilege": "GetUsageForecast", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:DeleteBucket" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel", - "privilege": "DeleteChannel", + "access_level": "List", + "description": "Grants permission to list Cost Allocation Tag backfill history", + "privilege": "ListCostAllocationTagBackfillHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Cost Allocation Tags", + "privilege": "ListCostAllocationTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve names, ARN, and effective dates for all Cost Categories", + "privilege": "ListCostCategoryDefinitions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a user or bot from a channel's ban list", - "privilege": "DeleteChannelBan", + "access_level": "List", + "description": "Grants permission to retrieve a list of your historical recommendation generations", + "privilege": "ListSavingsPlansPurchaseRecommendationGeneration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a Cost Explorer resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "anomalymonitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "anomalysubscription" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "costcategory" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a channel flow", - "privilege": "DeleteChannelFlow", + "description": "Grants permission to provide feedback on detected anomalies", + "privilege": "ProvideAnomalyFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a member from a channel", - "privilege": "DeleteChannelMembership", + "description": "Grants permission to request a Cost Allocation Tag backfill", + "privilege": "StartCostAllocationTagBackfill", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request a Savings Plans recommendation generation", + "privilege": "StartSavingsPlansPurchaseRecommendationGeneration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel message", - "privilege": "DeleteChannelMessage", + "access_level": "Tagging", + "description": "Grants permission to tag a Cost Explorer resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "anomalymonitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "anomalysubscription" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "costcategory" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel moderator", - "privilege": "DeleteChannelModerator", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a Cost Explorer resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "anomalymonitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "anomalysubscription" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "costcategory" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete delegated AWS account management from your Amazon Chime account", - "privilege": "DeleteDelegate", + "description": "Grants permission to update an existing Anomaly Monitor", + "privilege": "UpdateAnomalyMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "anomalymonitor*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a domain from your Amazon Chime account", - "privilege": "DeleteDomain", + "description": "Grants permission to update an existing Anomaly Subscription", + "privilege": "UpdateAnomalySubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "anomalysubscription*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an events configuration for a bot to receive outgoing events", - "privilege": "DeleteEventsConfiguration", + "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", + "privilege": "UpdateConsoleActionSetEnforced", "resource_types": [ { "condition_keys": [], @@ -26727,8 +29468,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete Active Directory or Okta user groups from your Amazon Chime Enterprise account", - "privilege": "DeleteGroups", + "description": "Grants permission to update existing Cost Allocation Tags status", + "privilege": "UpdateCostAllocationTagsStatus", "resource_types": [ { "condition_keys": [], @@ -26739,70 +29480,105 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a media capture pipeline", - "privilege": "DeleteMediaCapturePipeline", + "description": "Grants permission to update an existing Cost Category", + "privilege": "UpdateCostCategoryDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "costcategory*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a media insights pipeline configuration", - "privilege": "DeleteMediaInsightsPipelineConfiguration", + "description": "Grants permission to update Reservation expiration alerts", + "privilege": "UpdateNotificationSubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:ListVoiceConnectors" - ], - "resource_type": "media-insights-pipeline-configuration*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a media pipeline", - "privilege": "DeleteMediaPipeline", + "description": "Grants permission to edit Cost Explorer Preferences page", + "privilege": "UpdatePreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime SDK meeting", - "privilege": "DeleteMeeting", + "description": "Grants permission to update Cost Explorer Reports", + "privilege": "UpdateReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ce::${Account}:anomalysubscription/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "anomalysubscription" + }, + { + "arn": "arn:${Partition}:ce::${Account}:anomalymonitor/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "anomalymonitor" }, + { + "arn": "arn:${Partition}:ce::${Account}:costcategory/${Identifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "costcategory" + } + ], + "service_name": "AWS Cost Explorer Service" + }, + { + "conditions": [], + "prefix": "chatbot", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete the data streaming configurations of an AppInstance", - "privilege": "DeleteMessagingStreamingConfigurations", + "description": "Grants permission to create an AWS Chatbot Chime Webhook Configuration", + "privilege": "CreateChimeWebhookConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to move a phone number to the deletion queue", - "privilege": "DeletePhoneNumber", + "description": "Grants permission to create an AWS Chatbot Microsoft Teams Channel Configuration", + "privilege": "CreateMicrosoftTeamsChannelConfiguration", "resource_types": [ { "condition_keys": [], @@ -26813,32 +29589,32 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a proxy session for the specified Amazon Chime Voice Connector", - "privilege": "DeleteProxySession", + "description": "Grants permission to create an AWS Chatbot Slack Channel Configuration", + "privilege": "CreateSlackChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a room", - "privilege": "DeleteRoom", + "description": "Grants permission to delete an AWS Chatbot Chime Webhook Configuration", + "privilege": "DeleteChimeWebhookConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ChatbotConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a room member", - "privilege": "DeleteRoomMembership", + "description": "Grants permission to delete an AWS Chatbot Microsoft Teams Channel Configuration", + "privilege": "DeleteMicrosoftTeamsChannelConfiguration", "resource_types": [ { "condition_keys": [], @@ -26849,20 +29625,20 @@ }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "DeleteSipMediaApplication", + "description": "Grants permission to delete the Microsoft Teams configured with AWS Chatbot in an AWS account", + "privilege": "DeleteMicrosoftTeamsConfiguredTeam", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "DeleteSipRule", + "description": "Grants permission to delete an AWS Chatbot Microsoft Teams User Identity", + "privilege": "DeleteMicrosoftTeamsUserIdentity", "resource_types": [ { "condition_keys": [], @@ -26873,37 +29649,32 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnector", + "description": "Grants permission to delete an AWS Chatbot Slack Channel Configuration", + "privilege": "DeleteSlackChannelConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "logs:CreateLogDelivery", - "logs:DeleteLogDelivery", - "logs:GetLogDelivery", - "logs:ListLogDeliveries" - ], - "resource_type": "voice-connector*" + "dependent_actions": [], + "resource_type": "ChatbotConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete emergency calling configuration for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorEmergencyCallingConfiguration", + "description": "Grants permission to delete an AWS Chatbot Slack User Identity", + "privilege": "DeleteSlackUserIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Amazon Chime Voice Connector Group", - "privilege": "DeleteVoiceConnectorGroup", + "description": "Grants permission to delete the Slack workspace authorization with AWS Chatbot, associated with an AWS account", + "privilege": "DeleteSlackWorkspaceAuthorization", "resource_types": [ { "condition_keys": [], @@ -26913,319 +29684,303 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the origination settings for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorOrigination", + "access_level": "Read", + "description": "Grants permission to list all AWS Chatbot Chime Webhook Configurations in an AWS Account", + "privilege": "DescribeChimeWebhookConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete proxy configuration for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorProxy", + "access_level": "Read", + "description": "Grants permission to list all AWS Chatbot Slack Channel Configurations in an AWS account", + "privilege": "DescribeSlackChannelConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete streaming configuration for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorStreamingConfiguration", + "access_level": "Read", + "description": "Grants permission to list all public Slack channels in the Slack workspace connected to the AWS Account onboarded with AWS Chatbot service", + "privilege": "DescribeSlackChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the termination settings for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorTermination", - "resource_types": [ - { + "access_level": "Read", + "description": "Grants permission to describe AWS Chatbot Slack User Identities", + "privilege": "DescribeSlackUserIdentities", + "resource_types": [ + { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete SIP termination credentials for the specified Amazon Chime Voice Connector", - "privilege": "DeleteVoiceConnectorTerminationCredentials", + "access_level": "Read", + "description": "Grants permission to list all authorized Slack workspaces connected to the AWS Account onboarded with AWS Chatbot service", + "privilege": "DescribeSlackWorkspaces", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a voice profile", - "privilege": "DeleteVoiceProfile", + "access_level": "Read", + "description": "Grants permission to retrieve AWS Chatbot account preferences", + "privilege": "GetAccountPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a voice profile domain", - "privilege": "DeleteVoiceProfileDomain", + "access_level": "Read", + "description": "Grants permission to get a single AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", + "privilege": "GetMicrosoftTeamsChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister an endpoint for an app instance user", - "privilege": "DeregisterAppInstanceUserEndpoint", + "access_level": "Read", + "description": "Grants permission to generate OAuth parameters to request Microsoft Teams OAuth code to be used by the AWS Chatbot service", + "privilege": "GetMicrosoftTeamsOauthParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstance", - "privilege": "DescribeAppInstance", + "description": "Grants permission to generate OAuth parameters to request Slack OAuth code to be used by the AWS Chatbot service", + "privilege": "GetSlackOauthParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstanceAdmin", - "privilege": "DescribeAppInstanceAdmin", + "description": "Grants permission to list all AWS Chatbot Microsoft Teams Channel Configurations in an AWS account", + "privilege": "ListMicrosoftTeamsChannelConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstanceBot", - "privilege": "DescribeAppInstanceBot", + "description": "Grants permission to list all Microsoft Teams connected to the AWS Account onboarded with AWS Chatbot service", + "privilege": "ListMicrosoftTeamsConfiguredTeams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the full details of an AppInstanceUser", - "privilege": "DescribeAppInstanceUser", + "description": "Grants permission to describe AWS Chatbot Microsoft Teams User Identities", + "privilege": "ListMicrosoftTeamsUserIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an endpoint registered for an app instance user", - "privilege": "DescribeAppInstanceUserEndpoint", + "access_level": "Write", + "description": "Grants permission to redeem previously generated parameters with Microsoft APIs, to acquire OAuth tokens to be used by the AWS Chatbot service", + "privilege": "RedeemMicrosoftTeamsOauthCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel", - "privilege": "DescribeChannel", + "access_level": "Write", + "description": "Grants permission to redeem previously generated parameters with Slack API, to acquire OAuth tokens to be used by the AWS Chatbot service", + "privilege": "RedeemSlackOauthCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel ban", - "privilege": "DescribeChannelBan", + "access_level": "Write", + "description": "Grants permission to update AWS Chatbot account preferences", + "privilege": "UpdateAccountPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel flow", - "privilege": "DescribeChannelFlow", + "access_level": "Write", + "description": "Grants permission to update an AWS Chatbot Chime Webhook Configuration", + "privilege": "UpdateChimeWebhookConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "ChatbotConfiguration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel membership", - "privilege": "DescribeChannelMembership", + "access_level": "Write", + "description": "Grants permission to update an AWS Chatbot Microsoft Teams Channel Configuration", + "privilege": "UpdateMicrosoftTeamsChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the details of a channel based on the membership of the specified user or bot", - "privilege": "DescribeChannelMembershipForAppInstanceUser", + "access_level": "Write", + "description": "Grants permission to update an AWS Chatbot Slack Channel Configuration", + "privilege": "UpdateSlackChannelConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "ChatbotConfiguration*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:chatbot::${Account}:chat-configuration/${ConfigurationType}/${ChatbotConfigurationName}", + "condition_keys": [], + "resource": "ChatbotConfiguration" + } + ], + "service_name": "AWS Chatbot" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel moderated by the specified user or bot", - "privilege": "DescribeChannelModeratedByAppInstanceUser", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "chime", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept the delegate invitation to share management of an Amazon Chime account with another AWS Account", + "privilege": "AcceptDelegate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a single ChannelModerator", - "privilege": "DescribeChannelModerator", + "access_level": "Write", + "description": "Grants permission to activate users in an Amazon Chime Enterprise account", + "privilege": "ActivateUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a domain to your Amazon Chime account", + "privilege": "AddDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add new or update existing Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", + "privilege": "AddOrUpdateGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a flow from a channel", - "privilege": "DisassociateChannelFlow", + "description": "Grants permission to associate a flow with a channel", + "privilege": "AssociateChannelFlow", "resource_types": [ { "condition_keys": [], @@ -27251,8 +30006,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate the primary provisioned number from the specified Amazon Chime user", - "privilege": "DisassociatePhoneNumberFromUser", + "description": "Grants permission to associate a phone number with an Amazon Chime user", + "privilege": "AssociatePhoneNumberWithUser", "resource_types": [ { "condition_keys": [], @@ -27263,8 +30018,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector", - "privilege": "DisassociatePhoneNumbersFromVoiceConnector", + "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector", + "privilege": "AssociatePhoneNumbersWithVoiceConnector", "resource_types": [ { "condition_keys": [], @@ -27275,8 +30030,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector Group", - "privilege": "DisassociatePhoneNumbersFromVoiceConnectorGroup", + "description": "Grants permission to associate multiple phone numbers with an Amazon Chime Voice Connector Group", + "privilege": "AssociatePhoneNumbersWithVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], @@ -27287,8 +30042,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate the specified sign-in delegate groups from the specified Amazon Chime account", - "privilege": "DisassociateSigninDelegateGroupsFromAccount", + "description": "Grants permission to associate the specified sign-in delegate groups with the specified Amazon Chime account", + "privilege": "AssociateSigninDelegateGroupsWithAccount", "resource_types": [ { "condition_keys": [], @@ -27299,8 +30054,8 @@ }, { "access_level": "Write", - "description": "Grants permission to disconnect the Active Directory from your Amazon Chime Enterprise account", - "privilege": "DisconnectDirectory", + "description": "Grants permission to authorize an Active Directory for your Amazon Chime Enterprise account", + "privilege": "AuthorizeDirectory", "resource_types": [ { "condition_keys": [], @@ -27310,33 +30065,43 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified Amazon Chime account", - "privilege": "GetAccount", + "access_level": "Write", + "description": "Grants permission to create new attendees for an active Amazon Chime SDK meeting", + "privilege": "BatchCreateAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the account resource associated with your Amazon Chime account", - "privilege": "GetAccountResource", + "access_level": "Write", + "description": "Grants permission to add multiple users and bots to a channel", + "privilege": "BatchCreateChannelMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get account settings for the specified Amazon Chime account ID", - "privilege": "GetAccountSettings", + "access_level": "Write", + "description": "Grants permission to batch add room members", + "privilege": "BatchCreateRoomMembership", "resource_types": [ { "condition_keys": [], @@ -27346,9 +30111,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the account details and OpenIdConfig attributes for your Amazon Chime account", - "privilege": "GetAccountWithOpenIdConfig", + "access_level": "Write", + "description": "Grants permission to move up to 50 phone numbers to the deletion queue", + "privilege": "BatchDeletePhoneNumber", "resource_types": [ { "condition_keys": [], @@ -27358,33 +30123,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get retention settings for an app instance", - "privilege": "GetAppInstanceRetentionSettings", + "access_level": "Write", + "description": "Grants permission to suspend up to 50 users from a Team or EnterpriseLWA Amazon Chime account", + "privilege": "BatchSuspendUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the streaming configurations for an app instance", - "privilege": "GetAppInstanceStreamingConfigurations", + "access_level": "Write", + "description": "Grants permission to remove the suspension from up to 50 previously suspended users for the specified Amazon Chime EnterpriseLWA account", + "privilege": "BatchUnsuspendUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get attendee details for a specified meeting ID and attendee ID", - "privilege": "GetAttendee", + "access_level": "Write", + "description": "Grants permission to update AttendeeCapabilities except the capabilities listed in an ExcludedAttendeeIds table", + "privilege": "BatchUpdateAttendeeCapabilitiesExcept", "resource_types": [ { "condition_keys": [], @@ -27394,9 +30159,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details for the specified bot", - "privilege": "GetBot", + "access_level": "Write", + "description": "Grants permission to update phone number details within the UpdatePhoneNumberRequestItem object for up to 50 phone numbers", + "privilege": "BatchUpdatePhoneNumber", "resource_types": [ { "condition_keys": [], @@ -27406,38 +30171,22 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details of a Call Detail Record S3 bucket associated with your Amazon Chime account", - "privilege": "GetCDRBucket", + "access_level": "Write", + "description": "Grants permission to update user details within the UpdateUserRequestItem object for up to 20 users for the specified Amazon Chime account", + "privilege": "BatchUpdateUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the preferences for a channel membership", - "privilege": "GetChannelMembershipPreferences", + "access_level": "Write", + "description": "Grants permission to callback for a message on a channel", + "privilege": "ChannelFlowCallback", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, { "condition_keys": [], "dependent_actions": [], @@ -27446,53 +30195,35 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the full details of a channel message", - "privilege": "GetChannelMessage", + "access_level": "Write", + "description": "Grants permission to establish a web socket connection for app instance user to the messaging session endpoint", + "privilege": "Connect", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of a channel message", - "privilege": "GetChannelMessageStatus", + "access_level": "Write", + "description": "Grants permission to connect an Active Directory to your Amazon Chime Enterprise account", + "privilege": "ConnectDirectory", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "dependent_actions": [ + "ds:ConnectDirectory" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get domain details for a domain associated with your Amazon Chime account", - "privilege": "GetDomain", + "access_level": "Write", + "description": "Grants permission to create an Amazon Chime account under the administrator's AWS account", + "privilege": "CreateAccount", "resource_types": [ { "condition_keys": [], @@ -27502,9 +30233,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details for an events configuration for a bot to receive outgoing events", - "privilege": "GetEventsConfiguration", + "access_level": "Write", + "description": "Grants permission to create a new SCIM access key for your Amazon Chime account and Okta configuration", + "privilege": "CreateApiKey", "resource_types": [ { "condition_keys": [], @@ -27514,57 +30245,76 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get global settings related to Amazon Chime for the AWS account", - "privilege": "GetGlobalSettings", + "access_level": "Write", + "description": "Grants permission to create an app instance under the AWS account", + "privilege": "CreateAppInstance", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing media capture pipeline", - "privilege": "GetMediaCapturePipeline", + "access_level": "Write", + "description": "Grants permission to promote a user or bot to an AppInstanceAdmin", + "privilege": "CreateAppInstanceAdmin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "app-instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a media insights pipeline configuration", - "privilege": "GetMediaInsightsPipelineConfiguration", + "access_level": "Write", + "description": "Grants permission to create a bot under an Amazon Chime AppInstance", + "privilege": "CreateAppInstanceBot", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an existing media pipeline", - "privilege": "GetMediaPipeline", + "access_level": "Write", + "description": "Grants permission to create a user under an Amazon Chime AppInstance", + "privilege": "CreateAppInstanceUser", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the meeting record for a specified meeting ID", - "privilege": "GetMeeting", + "access_level": "Write", + "description": "Grants permission to create a new attendee for an active Amazon Chime SDK meeting", + "privilege": "CreateAttendee", "resource_types": [ { "condition_keys": [], @@ -27574,9 +30324,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get attendee, connection, and other details for a meeting", - "privilege": "GetMeetingDetail", + "access_level": "Write", + "description": "Grants permission to create a bot for an Amazon Chime Enterprise account", + "privilege": "CreateBot", "resource_types": [ { "condition_keys": [], @@ -27586,249 +30336,313 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the endpoint for the messaging session", - "privilege": "GetMessagingSessionEndpoint", + "access_level": "Write", + "description": "Grants permission to create a new Call Detail Record S3 bucket", + "privilege": "CreateCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "s3:CreateBucket", + "s3:ListAllMyBuckets" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data streaming configurations of an AppInstance", - "privilege": "GetMessagingStreamingConfigurations", + "access_level": "Write", + "description": "Grants permission to create a channel for an app instance under the AWS account", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details for the specified phone number", - "privilege": "GetPhoneNumber", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified phone number order", - "privilege": "GetPhoneNumberOrder", + "access_level": "Write", + "description": "Grants permission to ban a user or bot from a channel", + "privilege": "CreateChannelBan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get phone number settings related to Amazon Chime for the AWS account", - "privilege": "GetPhoneNumberSettings", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details of the specified proxy session for the specified Amazon Chime Voice Connector", - "privilege": "GetProxySession", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the retention settings for the specified Amazon Chime account", - "privilege": "GetRetentionSettings", + "access_level": "Write", + "description": "Grants permission to create a channel flow for an app instance under the AWS account", + "privilege": "CreateChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "app-instance*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a room", - "privilege": "GetRoom", + "access_level": "Write", + "description": "Grants permission to add a user or bot to a channel", + "privilege": "CreateChannelMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details of Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "GetSipMediaApplication", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "GetSipMediaApplicationAlexaSkillConfiguration", + "access_level": "Write", + "description": "Grants permission to create a channel moderator", + "privilege": "CreateChannelModerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "GetSipMediaApplicationLoggingConfiguration", + "access_level": "Write", + "description": "Grants permission to create a media capture pipeline", + "privilege": "CreateMediaCapturePipeline", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sip-media-application*" + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "s3:GetBucketPolicy" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "GetSipRule", + "access_level": "Write", + "description": "Grants permission to create a media concatenation pipeline", + "privilege": "CreateMediaConcatenationPipeline", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "s3:GetBucketPolicy" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a speaker search task", - "privilege": "GetSpeakerSearchTask", + "access_level": "Write", + "description": "Grants permission to create a media insights pipeline", + "privilege": "CreateMediaInsightsPipeline", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "chime:TagResource", + "kinesisvideo:DescribeStream" + ], + "resource_type": "media-insights-pipeline-configuration*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get telephony limits for the AWS account", - "privilege": "GetTelephonyLimits", + "access_level": "Write", + "description": "Grants permission to create a media insights pipeline configuration", + "privilege": "CreateMediaInsightsPipelineConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:TagResource", + "iam:PassRole", + "kinesis:DescribeStream", + "s3:ListBucket" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified user ID", - "privilege": "GetUser", + "access_level": "Write", + "description": "Grants permission to create a media live connector pipeline", + "privilege": "CreateMediaLiveConnectorPipeline", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a summary of user activity on the user details page", - "privilege": "GetUserActivityReportData", + "access_level": "Write", + "description": "Grants permission to create kinesis video stream pool", + "privilege": "CreateMediaPipelineKinesisVideoStreamPool", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "kinesis:DescribeStream", + "kinesisvideo:CreateStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:ListStreams" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get user details for an Amazon Chime user based on the email address in an Amazon Chime Enterprise or Team account", - "privilege": "GetUserByEmail", + "access_level": "Write", + "description": "Grants permission to create a media stream pipeline", + "privilege": "CreateMediaStreamPipeline", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kinesisvideo:DescribeStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:PutMedia" + ], + "resource_type": "media-pipeline-kinesis-video-stream-pool*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get user settings related to the specified Amazon Chime user", - "privilege": "GetUserSettings", + "access_level": "Write", + "description": "Grants permission to create a new Amazon Chime SDK meeting in the specified media Region, with no initial attendees", + "privilege": "CreateMeeting", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnector", + "access_level": "Write", + "description": "Grants permission to call a phone number to join the specified Amazon Chime SDK meeting", + "privilege": "CreateMeetingDialOut", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the emergency calling configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorEmergencyCallingConfiguration", + "access_level": "Write", + "description": "Grants permission to create a new Amazon Chime SDK meeting in the specified media Region, with a set of attendees", + "privilege": "CreateMeetingWithAttendees", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details for the specified Amazon Chime Voice Connector Group", - "privilege": "GetVoiceConnectorGroup", + "access_level": "Write", + "description": "Grants permission to create a phone number order with the Carriers", + "privilege": "CreatePhoneNumberOrder", "resource_types": [ { "condition_keys": [], @@ -27838,9 +30652,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the logging configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorLoggingConfiguration", + "access_level": "Write", + "description": "Grants permission to create a proxy session for the specified Amazon Chime Voice Connector", + "privilege": "CreateProxySession", "resource_types": [ { "condition_keys": [], @@ -27850,105 +30664,111 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the origination settings for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorOrigination", + "access_level": "Write", + "description": "Grants permission to create a room", + "privilege": "CreateRoom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the proxy configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorProxy", + "access_level": "Write", + "description": "Grants permission to add a room member", + "privilege": "CreateRoomMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the streaming configuration for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorStreamingConfiguration", + "access_level": "Write", + "description": "Grants permission to create an Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "CreateSipMediaApplication", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the termination settings for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorTermination", + "access_level": "Write", + "description": "Grants permission to create outbound call for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "CreateSipMediaApplicationCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of the termination health for the specified Amazon Chime Voice Connector", - "privilege": "GetVoiceConnectorTerminationHealth", + "access_level": "Write", + "description": "Grants permission to create an Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "CreateSipRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "sip-media-application" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a voice profile", - "privilege": "GetVoiceProfile", + "access_level": "Write", + "description": "Grants permission to create a user under the specified Amazon Chime account", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a voice profile domain", - "privilege": "GetVoiceProfileDomain", + "access_level": "Write", + "description": "Grants permission to create a Amazon Chime Voice Connector under the administrator's AWS account", + "privilege": "CreateVoiceConnector", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a voice tone analysis task", - "privilege": "GetVoiceToneAnalysisTask", + "access_level": "Write", + "description": "Grants permission to create a Amazon Chime Voice Connector Group under the administrator's AWS account", + "privilege": "CreateVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account", - "privilege": "InviteDelegate", + "description": "Grants permission to create a voice profile", + "privilege": "CreateVoiceProfile", "resource_types": [ { "condition_keys": [], @@ -27959,20 +30779,27 @@ }, { "access_level": "Write", - "description": "Grants permission to invite as many as 50 users to the specified Amazon Chime account", - "privilege": "InviteUsers", + "description": "Grants permission to create a voice profile domain", + "privilege": "CreateVoiceProfileDomain", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "chime:TagResource", + "kms:CreateGrant", + "kms:DescribeKey" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to invite users from a third party provider to your Amazon Chime account", - "privilege": "InviteUsersFromProvider", + "description": "Grants permission to delete the specified Amazon Chime account", + "privilege": "DeleteAccount", "resource_types": [ { "condition_keys": [], @@ -27982,9 +30809,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Amazon Chime account usage reporting data", - "privilege": "ListAccountUsageReportData", + "access_level": "Write", + "description": "Grants permission to delete the OpenIdConfig attributes from your Amazon Chime account", + "privilege": "DeleteAccountOpenIdConfig", "resource_types": [ { "condition_keys": [], @@ -27994,9 +30821,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon Chime accounts under the administrator's AWS account", - "privilege": "ListAccounts", + "access_level": "Write", + "description": "Grants permission to delete the specified SCIM access key associated with your Amazon Chime account and Okta configuration", + "privilege": "DeleteApiKey", "resource_types": [ { "condition_keys": [], @@ -28006,21 +30833,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the SCIM access keys defined for your Amazon Chime account and Okta configuration", - "privilege": "ListApiKeys", + "access_level": "Write", + "description": "Grants permission to delete an AppInstance", + "privilege": "DeleteAppInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list administrators in the app instance", - "privilege": "ListAppInstanceAdmins", + "access_level": "Write", + "description": "Grants permission to demote an AppInstanceAdmin to a user or bot", + "privilege": "DeleteAppInstanceAdmin", "resource_types": [ { "condition_keys": [], @@ -28040,9 +30867,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all AppInstanceBots created under a single app instance", - "privilege": "ListAppInstanceBots", + "access_level": "Write", + "description": "Grants permission to delete an AppInstanceBot", + "privilege": "DeleteAppInstanceBot", "resource_types": [ { "condition_keys": [], @@ -28052,33 +30879,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the endpoints registered for an app instance user", - "privilege": "ListAppInstanceUserEndpoints", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all AppInstanceUsers created under a single app instance", - "privilege": "ListAppInstanceUsers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all Amazon Chime app instances created under a single AWS account", - "privilege": "ListAppInstances", + "access_level": "Write", + "description": "Grants permission to disable data streaming for the app instance", + "privilege": "DeleteAppInstanceStreamingConfigurations", "resource_types": [ { "condition_keys": [], @@ -28088,21 +30891,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the tags applied to an Amazon Chime SDK attendee resource", - "privilege": "ListAttendeeTags", + "access_level": "Write", + "description": "Grants permission to delete an AppInstanceUser", + "privilege": "DeleteAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "List", - "description": "Grants permission to list up to 100 attendees for a specified Amazon Chime SDK meeting", - "privilege": "ListAttendees", + "access_level": "Write", + "description": "Grants permission to delete the specified attendee from an Amazon Chime SDK meeting", + "privilege": "DeleteAttendee", "resource_types": [ { "condition_keys": [], @@ -28112,60 +30915,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the available AWS Regions in which you can create an Amazon Chime SDK Voice Connector", - "privilege": "ListAvailableVoiceConnectorRegions", + "access_level": "Write", + "description": "Grants permission to delete a Call Detail Record S3 bucket from your Amazon Chime account", + "privilege": "DeleteCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "s3:DeleteBucket" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the bots associated with the administrator's Amazon Chime Enterprise account", - "privilege": "ListBots", + "access_level": "Write", + "description": "Grants permission to delete a channel", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list Call Detail Record S3 buckets", - "privilege": "ListCDRBucket", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], - "dependent_actions": [ - "s3:ListAllMyBuckets", - "s3:ListBucket" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the calling regions available for the administrator's AWS account", - "privilege": "ListCallingRegions", - "resource_types": [ + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the users and bots banned from a particular channel", - "privilege": "ListChannelBans", + "access_level": "Write", + "description": "Grants permission to remove a user or bot from a channel's ban list", + "privilege": "DeleteChannelBan", "resource_types": [ { "condition_keys": [], @@ -28185,21 +30973,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the Channel Flows created under a single Chime AppInstance", - "privilege": "ListChannelFlows", + "access_level": "Write", + "description": "Grants permission to delete a channel flow", + "privilege": "DeleteChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all channel memberships in a channel", - "privilege": "ListChannelMemberships", + "access_level": "Write", + "description": "Grants permission to remove a member from a channel", + "privilege": "DeleteChannelMembership", "resource_types": [ { "condition_keys": [], @@ -28219,9 +31007,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all channels that a particular user or bot is a part of", - "privilege": "ListChannelMembershipsForAppInstanceUser", + "access_level": "Write", + "description": "Grants permission to delete a channel message", + "privilege": "DeleteChannelMessage", "resource_types": [ { "condition_keys": [], @@ -28232,13 +31020,18 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the messages in a channel", - "privilege": "ListChannelMessages", + "access_level": "Write", + "description": "Grants permission to delete a channel moderator", + "privilege": "DeleteChannelModerator", "resource_types": [ { "condition_keys": [], @@ -28258,125 +31051,131 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the moderators for a channel", - "privilege": "ListChannelModerators", + "access_level": "Write", + "description": "Grants permission to delete delegated AWS account management from your Amazon Chime account", + "privilege": "DeleteDelegate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the Channels created under a single Chime AppInstance", - "privilege": "ListChannels", + "access_level": "Write", + "description": "Grants permission to delete a domain from your Amazon Chime account", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an events configuration for a bot to receive outgoing events", + "privilege": "DeleteEventsConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the Channels associated with a single Chime Channel Flow", - "privilege": "ListChannelsAssociatedWithChannelFlow", + "access_level": "Write", + "description": "Grants permission to delete Active Directory or Okta user groups from your Amazon Chime Enterprise account", + "privilege": "DeleteGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all channels moderated by a user or bot", - "privilege": "ListChannelsModeratedByAppInstanceUser", + "access_level": "Write", + "description": "Grants permission to delete a media capture pipeline", + "privilege": "DeleteMediaCapturePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "media-pipeline*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a media insights pipeline configuration", + "privilege": "DeleteMediaInsightsPipelineConfiguration", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "dependent_actions": [ + "chime:ListVoiceConnectors" + ], + "resource_type": "media-insights-pipeline-configuration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list account delegate information associated with your Amazon Chime account", - "privilege": "ListDelegates", + "access_level": "Write", + "description": "Grants permission to delete a media pipeline", + "privilege": "DeleteMediaPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list active Active Directories hosted in the Directory Service of your AWS account", - "privilege": "ListDirectories", + "access_level": "Write", + "description": "Grants permission to delete kinesis video stream pool", + "privilege": "DeleteMediaPipelineKinesisVideoStreamPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-pipeline-kinesis-video-stream-pool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list domains associated with your Amazon Chime account", - "privilege": "ListDomains", + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime SDK meeting", + "privilege": "DeleteMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "meeting*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to delete the data streaming configurations of an AppInstance", + "privilege": "DeleteMessagingStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list media capture pipelines", - "privilege": "ListMediaCapturePipelines", + "access_level": "Write", + "description": "Grants permission to move a phone number to the deletion queue", + "privilege": "DeletePhoneNumber", "resource_types": [ { "condition_keys": [], @@ -28386,21 +31185,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all media insights pipeline configurations", - "privilege": "ListMediaInsightsPipelineConfigurations", + "access_level": "Write", + "description": "Grants permission to delete a proxy session for the specified Amazon Chime Voice Connector", + "privilege": "DeleteProxySession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list media pipelines", - "privilege": "ListMediaPipelines", + "access_level": "Write", + "description": "Grants permission to delete a room", + "privilege": "DeleteRoom", "resource_types": [ { "condition_keys": [], @@ -28410,9 +31209,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all events that occurred for a specified meeting", - "privilege": "ListMeetingEvents", + "access_level": "Write", + "description": "Grants permission to remove a room member", + "privilege": "DeleteRoomMembership", "resource_types": [ { "condition_keys": [], @@ -28422,21 +31221,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the tags applied to an Amazon Chime SDK meeting resource", - "privilege": "ListMeetingTags", + "access_level": "Write", + "description": "Grants permission to delete Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "DeleteSipMediaApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list up to 100 active Amazon Chime SDK meetings", - "privilege": "ListMeetings", + "access_level": "Write", + "description": "Grants permission to delete Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "DeleteSipRule", "resource_types": [ { "condition_keys": [], @@ -28446,33 +31245,38 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list meetings ended during the specified date range", - "privilege": "ListMeetingsReportData", + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnector", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries" + ], + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the phone number orders under the administrator's AWS account", - "privilege": "ListPhoneNumberOrders", + "access_level": "Write", + "description": "Grants permission to delete emergency calling configuration for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorEmergencyCallingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the phone numbers under the administrator's AWS account", - "privilege": "ListPhoneNumbers", + "access_level": "Write", + "description": "Grants permission to delete the specified Amazon Chime Voice Connector Group", + "privilege": "DeleteVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], @@ -28482,9 +31286,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list proxy sessions for the specified Amazon Chime Voice Connector", - "privilege": "ListProxySessions", + "access_level": "Write", + "description": "Grants permission to delete the origination settings for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorOrigination", "resource_types": [ { "condition_keys": [], @@ -28494,274 +31298,291 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all room members", - "privilege": "ListRoomMemberships", + "access_level": "Write", + "description": "Grants permission to delete proxy configuration for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorProxy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list rooms", - "privilege": "ListRooms", + "access_level": "Write", + "description": "Grants permission to delete streaming configuration for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorStreamingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Chime SIP media applications under the administrator's AWS account", - "privilege": "ListSipMediaApplications", + "access_level": "Write", + "description": "Grants permission to delete the termination settings for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorTermination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Chime SIP rules under the administrator's AWS account", - "privilege": "ListSipRules", + "access_level": "Write", + "description": "Grants permission to delete SIP termination credentials for the specified Amazon Chime Voice Connector", + "privilege": "DeleteVoiceConnectorTerminationCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" + "resource_type": "voice-connector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the SubChannels under a single Channel", - "privilege": "ListSubChannels", + "access_level": "Write", + "description": "Grants permission to delete a voice profile", + "privilege": "DeleteVoiceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "voice-profile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a voice profile domain", + "privilege": "DeleteVoiceProfileDomain", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" - }, + "resource_type": "voice-profile-domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister an endpoint for an app instance user", + "privilege": "DeregisterAppInstanceUserEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the phone number countries supported by the AWS account", - "privilege": "ListSupportedPhoneNumberCountries", + "access_level": "Read", + "description": "Grants permission to get the full details of an AppInstance", + "privilege": "DescribeAppInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags applied to an Amazon Chime resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get the full details of an AppInstanceAdmin", + "privilege": "DescribeAppInstanceAdmin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance" + "resource_type": "app-instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user" - }, + "resource_type": "app-instance-user*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of an AppInstanceBot", + "privilege": "DescribeAppInstanceBot", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, + "resource_type": "app-instance-bot*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of an AppInstanceUser", + "privilege": "DescribeAppInstanceUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow" - }, + "resource_type": "app-instance-user*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an endpoint registered for an app instance user", + "privilege": "DescribeAppInstanceUserEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" - }, + "resource_type": "app-instance-user*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of a channel", + "privilege": "DescribeChannel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the full details of a channel ban", + "privilege": "DescribeChannelBan", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the users that belong to the specified Amazon Chime account", - "privilege": "ListUsers", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon Chime Voice Connector Groups under the administrator's AWS account", - "privilege": "ListVoiceConnectorGroups", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel flow", + "privilege": "DescribeChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel-flow*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the SIP termination credentials for the specified Amazon Chime Voice Connector", - "privilege": "ListVoiceConnectorTerminationCredentials", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel membership", + "privilege": "DescribeChannelMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the Amazon Chime Voice Connectors under the administrator's AWS account", - "privilege": "ListVoiceConnectors", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list voice profile domains", - "privilege": "ListVoiceProfileDomains", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list voice profiles", - "privilege": "ListVoiceProfiles", + "access_level": "Read", + "description": "Grants permission to get the details of a channel based on the membership of the specified user or bot", + "privilege": "DescribeChannelMembershipForAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to log out the specified user from all of the devices they are currently logged into", - "privilege": "LogoutUser", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable data retention for the app instance", - "privilege": "PutAppInstanceRetentionSettings", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure data streaming for the app instance", - "privilege": "PutAppInstanceStreamingConfigurations", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel moderated by the specified user or bot", + "privilege": "DescribeChannelModeratedByAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to put expiration settings for an AppInstanceUser", - "privilege": "PutAppInstanceUserExpirationSettings", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put expiration settings for a channel", - "privilege": "PutChannelExpirationSettings", + "access_level": "Read", + "description": "Grants permission to get the full details of a single ChannelModerator", + "privilege": "DescribeChannelModerator", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], @@ -28776,8 +31597,8 @@ }, { "access_level": "Write", - "description": "Grants permission to put the preferences for a channel membership", - "privilege": "PutChannelMembershipPreferences", + "description": "Grants permission to disassociate a flow from a channel", + "privilege": "DisassociateChannelFlow", "resource_types": [ { "condition_keys": [], @@ -28793,13 +31614,18 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "channel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel-flow*" } ] }, { "access_level": "Write", - "description": "Grants permission to update details for an events configuration for a bot to receive outgoing events", - "privilege": "PutEventsConfiguration", + "description": "Grants permission to disassociate the primary provisioned number from the specified Amazon Chime user", + "privilege": "DisassociatePhoneNumberFromUser", "resource_types": [ { "condition_keys": [], @@ -28810,20 +31636,20 @@ }, { "access_level": "Write", - "description": "Grants permission to put the data streaming configurations of an AppInstance", - "privilege": "PutMessagingStreamingConfigurations", + "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector", + "privilege": "DisassociatePhoneNumbersFromVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "voice-connector*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update retention settings for the specified Amazon Chime account", - "privilege": "PutRetentionSettings", + "description": "Grants permission to disassociate multiple phone numbers from the specified Amazon Chime Voice Connector Group", + "privilege": "DisassociatePhoneNumbersFromVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], @@ -28834,130 +31660,146 @@ }, { "access_level": "Write", - "description": "Grants permission to update Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "PutSipMediaApplicationAlexaSkillConfiguration", + "description": "Grants permission to disassociate the specified sign-in delegate groups from the specified Amazon Chime account", + "privilege": "DisassociateSigninDelegateGroupsFromAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "PutSipMediaApplicationLoggingConfiguration", + "description": "Grants permission to disconnect the Active Directory from your Amazon Chime Enterprise account", + "privilege": "DisconnectDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add emergency calling configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorEmergencyCallingConfiguration", + "access_level": "Read", + "description": "Grants permission to get details for the specified Amazon Chime account", + "privilege": "GetAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add logging configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorLoggingConfiguration", + "access_level": "Read", + "description": "Grants permission to get details for the account resource associated with your Amazon Chime account", + "privilege": "GetAccountResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:DeleteLogDelivery", - "logs:DescribeLogGroups", - "logs:GetLogDelivery", - "logs:ListLogDeliveries" - ], - "resource_type": "voice-connector*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the origination settings for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorOrigination", + "access_level": "Read", + "description": "Grants permission to get account settings for the specified Amazon Chime account ID", + "privilege": "GetAccountSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add proxy configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorProxy", + "access_level": "Read", + "description": "Grants permission to get the account details and OpenIdConfig attributes for your Amazon Chime account", + "privilege": "GetAccountWithOpenIdConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add streaming configuration for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorStreamingConfiguration", + "access_level": "Read", + "description": "Grants permission to get retention settings for an app instance", + "privilege": "GetAppInstanceRetentionSettings", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:GetMediaInsightsPipelineConfiguration" - ], - "resource_type": "voice-connector*" - }, + "dependent_actions": [], + "resource_type": "app-instance*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the streaming configurations for an app instance", + "privilege": "GetAppInstanceStreamingConfigurations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" + "resource_type": "app-instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the termination settings for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorTermination", + "access_level": "Read", + "description": "Grants permission to get attendee details for a specified meeting ID and attendee ID", + "privilege": "GetAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add SIP termination credentials for the specified Amazon Chime Voice Connector", - "privilege": "PutVoiceConnectorTerminationCredentials", + "access_level": "Read", + "description": "Grants permission to retrieve details for the specified bot", + "privilege": "GetBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to redact message content", - "privilege": "RedactChannelMessage", + "access_level": "Read", + "description": "Grants permission to get details of a Call Detail Record S3 bucket associated with your Amazon Chime account", + "privilege": "GetCDRBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the preferences for a channel membership", + "privilege": "GetChannelMembershipPreferences", "resource_types": [ { "condition_keys": [], @@ -28977,71 +31819,53 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to redact the specified Chime conversation Message", - "privilege": "RedactConversationMessage", + "access_level": "Read", + "description": "Grants permission to get the full details of a channel message", + "privilege": "GetChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to redacts the specified Chime room Message", - "privilege": "RedactRoomMessage", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to regenerate the security token for the specified bot", - "privilege": "RegenerateSecurityToken", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an endpoint for an app instance user", - "privilege": "RegisterAppInstanceUserEndpoint", + "access_level": "Read", + "description": "Grants permission to get the status of a channel message", + "privilege": "GetChannelMessageStatus", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "mobiletargeting:GetApp" - ], + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "app-instance-user*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the account name for your Amazon Chime Enterprise or Team account", - "privilege": "RenameAccount", - "resource_types": [ + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to renew the delegation request associated with an Amazon Chime account", - "privilege": "RenewDelegate", + "access_level": "Read", + "description": "Grants permission to get domain details for a domain associated with your Amazon Chime account", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], @@ -29051,9 +31875,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reset the account resource in your Amazon Chime account", - "privilege": "ResetAccountResource", + "access_level": "Read", + "description": "Grants permission to retrieve details for an events configuration for a bot to receive outgoing events", + "privilege": "GetEventsConfiguration", "resource_types": [ { "condition_keys": [], @@ -29063,9 +31887,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reset the personal meeting PIN for the specified user on an Amazon Chime account", - "privilege": "ResetPersonalPIN", + "access_level": "Read", + "description": "Grants permission to get global settings related to Amazon Chime for the AWS account", + "privilege": "GetGlobalSettings", "resource_types": [ { "condition_keys": [], @@ -29075,84 +31899,69 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to restore the specified phone number from the deltion queue back to the phone number inventory", - "privilege": "RestorePhoneNumber", + "access_level": "Read", + "description": "Grants permission to get an existing media capture pipeline", + "privilege": "GetMediaCapturePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-pipeline*" } ] }, { "access_level": "Read", - "description": "Grants permission to download the file containing links to all user attachments returned as part of the \"Request attachments\" action", - "privilege": "RetrieveDataExports", + "description": "Grants permission to get a media insights pipeline configuration", + "privilege": "GetMediaInsightsPipelineConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-insights-pipeline-configuration*" } ] }, { "access_level": "Read", - "description": "Grants permission to search phone numbers that can be ordered from the carrier", - "privilege": "SearchAvailablePhoneNumbers", + "description": "Grants permission to get an existing media pipeline", + "privilege": "GetMediaPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to search channels that an AppInstanceUser belongs to, or search channels across the AppInstance for an AppInstaceAdmin", - "privilege": "SearchChannels", + "access_level": "Read", + "description": "Grants permission to get an existing media pipeline", + "privilege": "GetMediaPipelineKinesisVideoStreamPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "media-pipeline-kinesis-video-stream-pool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send a message to a particular channel that the member is a part of", - "privilege": "SendChannelMessage", + "access_level": "Read", + "description": "Grants permission to get the meeting record for a specified meeting ID", + "privilege": "GetMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit the \"Request attachments\" request", - "privilege": "StartDataExport", + "access_level": "Read", + "description": "Grants permission to get attendee, connection, and other details for a meeting", + "privilege": "GetMeetingDetail", "resource_types": [ { "condition_keys": [], @@ -29162,9 +31971,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start transcription for a meeting", - "privilege": "StartMeetingTranscription", + "access_level": "Read", + "description": "Grants permission to get the endpoint for the messaging session", + "privilege": "GetMessagingSessionEndpoint", "resource_types": [ { "condition_keys": [], @@ -29174,33 +31983,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a speaker search task", - "privilege": "StartSpeakerSearchTask", + "access_level": "Read", + "description": "Grants permission to get the data streaming configurations of an AppInstance", + "privilege": "GetMessagingStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a voice tone analysis task", - "privilege": "StartVoiceToneAnalysisTask", + "access_level": "Read", + "description": "Grants permission to get details for the specified phone number", + "privilege": "GetPhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop transcription for a meeting", - "privilege": "StopMeetingTranscription", + "access_level": "Read", + "description": "Grants permission to get details for the specified phone number order", + "privilege": "GetPhoneNumberOrder", "resource_types": [ { "condition_keys": [], @@ -29210,21 +32019,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a speaker search task", - "privilege": "StopSpeakerSearchTask", + "access_level": "Read", + "description": "Grants permission to get phone number settings related to Amazon Chime for the AWS account", + "privilege": "GetPhoneNumberSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a voice tone analysis task", - "privilege": "StopVoiceToneAnalysisTask", + "access_level": "Read", + "description": "Grants permission to get details of the specified proxy session for the specified Amazon Chime Voice Connector", + "privilege": "GetProxySession", "resource_types": [ { "condition_keys": [], @@ -29234,9 +32043,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to submit a customer service support request", - "privilege": "SubmitSupportRequest", + "access_level": "Read", + "description": "Grants permission to retrieve the retention settings for the specified Amazon Chime account", + "privilege": "GetRetentionSettings", "resource_types": [ { "condition_keys": [], @@ -29246,9 +32055,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to suspend users from an Amazon Chime Enterprise account", - "privilege": "SuspendUsers", + "access_level": "Read", + "description": "Grants permission to retrieve a room", + "privilege": "GetRoom", "resource_types": [ { "condition_keys": [], @@ -29258,113 +32067,74 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK attendee", - "privilege": "TagAttendee", + "access_level": "Read", + "description": "Grants permission to get details of Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "GetSipMediaApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK meeting", - "privilege": "TagMeeting", + "access_level": "Read", + "description": "Grants permission to get Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "GetSipMediaApplicationAlexaSkillConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply the specified tags to the specified Amazon Chime resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "GetSipMediaApplicationLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel-flow" - }, + "resource_type": "sip-media-application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "GetSipRule", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a speaker search task on the specified Amazon Chime resource", + "privilege": "GetSpeakerSearchTask", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "media-pipeline" }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "meeting" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sip-media-application" - }, { "condition_keys": [], "dependent_actions": [], "resource_type": "voice-connector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-profile-domain" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to unauthorize an Active Directory from your Amazon Chime Enterprise account", - "privilege": "UnauthorizeDirectory", + "access_level": "Read", + "description": "Grants permission to get telephony limits for the AWS account", + "privilege": "GetTelephonyLimits", "resource_types": [ { "condition_keys": [], @@ -29374,102 +32144,45 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK attendee", - "privilege": "UntagAttendee", + "access_level": "Read", + "description": "Grants permission to get details for the specified user ID", + "privilege": "GetUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK meeting", - "privilege": "UntagMeeting", + "access_level": "Read", + "description": "Grants permission to get a summary of user activity on the user details page", + "privilege": "GetUserActivityReportData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified tags from the specified Amazon Chime resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get user details for an Amazon Chime user based on the email address in an Amazon Chime Enterprise or Team account", + "privilege": "GetUserByEmail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-insights-pipeline-configuration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "media-pipeline" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "meeting" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sip-media-application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-connector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "voice-profile-domain" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update account details for the specified Amazon Chime account", - "privilege": "UpdateAccount", + "access_level": "Read", + "description": "Grants permission to get user settings related to the specified Amazon Chime user", + "privilege": "GetUserSettings", "resource_types": [ { "condition_keys": [], @@ -29479,33 +32192,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the OpenIdConfig attributes for your Amazon Chime account", - "privilege": "UpdateAccountOpenIdConfig", + "access_level": "Read", + "description": "Grants permission to get details for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the account resource in your Amazon Chime account", - "privilege": "UpdateAccountResource", + "access_level": "Read", + "description": "Grants permission to get details of the emergency calling configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorEmergencyCallingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the settings for the specified Amazon Chime account", - "privilege": "UpdateAccountSettings", + "access_level": "Read", + "description": "Grants permission to get details for the specified Amazon Chime Voice Connector Group", + "privilege": "GetVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], @@ -29515,175 +32228,158 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update AppInstance metadata", - "privilege": "UpdateAppInstance", + "access_level": "Read", + "description": "Grants permission to get details of the logging configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the details for an AppInstanceBot", - "privilege": "UpdateAppInstanceBot", + "access_level": "Read", + "description": "Grants permission to get details of the origination settings for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorOrigination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the details for an AppInstanceUser", - "privilege": "UpdateAppInstanceUser", + "access_level": "Read", + "description": "Grants permission to get details of the proxy configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorProxy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an endpoint registered for an app instance user", - "privilege": "UpdateAppInstanceUserEndpoint", + "access_level": "Read", + "description": "Grants permission to get details of the streaming configuration for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorStreamingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to the capabilties that you want to update", - "privilege": "UpdateAttendeeCapabilities", + "access_level": "Read", + "description": "Grants permission to get details of the termination settings for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorTermination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "meeting*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of the specified bot", - "privilege": "UpdateBot", + "access_level": "Read", + "description": "Grants permission to get details of the termination health for the specified Amazon Chime Voice Connector", + "privilege": "GetVoiceConnectorTerminationHealth", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update your Call Detail Record S3 bucket", - "privilege": "UpdateCDRSettings", + "access_level": "Read", + "description": "Grants permission to get a voice profile", + "privilege": "GetVoiceProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:ListAllMyBuckets" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "voice-profile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a channel's attributes", - "privilege": "UpdateChannel", + "access_level": "Read", + "description": "Grants permission to get a voice profile domain", + "privilege": "GetVoiceProfileDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, + "resource_type": "voice-profile-domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a voice tone analysis task on the specified Amazon Chime resource", + "privilege": "GetVoiceToneAnalysisTask", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-user*" + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to update a channel flow", - "privilege": "UpdateChannelFlow", + "description": "Grants permission to send an invitation to accept a request for AWS account delegation for an Amazon Chime account", + "privilege": "InviteDelegate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel-flow*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the content of a message", - "privilege": "UpdateChannelMessage", + "description": "Grants permission to invite as many as 50 users to the specified Amazon Chime account", + "privilege": "InviteUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the timestamp to the point when a user last read messages in a channel", - "privilege": "UpdateChannelReadMarker", + "description": "Grants permission to invite users from a third party provider to your Amazon Chime account", + "privilege": "InviteUsersFromProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app-instance-bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "app-instance-user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the global settings related to Amazon Chime for the AWS account", - "privilege": "UpdateGlobalSettings", + "access_level": "List", + "description": "Grants permission to list Amazon Chime account usage reporting data", + "privilege": "ListAccountUsageReportData", "resource_types": [ { "condition_keys": [], @@ -29693,134 +32389,127 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of a media insights pipeline configuration", - "privilege": "UpdateMediaInsightsPipelineConfiguration", + "access_level": "List", + "description": "Grants permission to list the Amazon Chime accounts under the administrator's AWS account", + "privilege": "ListAccounts", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "chime:ListVoiceConnectors", - "iam:PassRole", - "kinesis:DescribeStream", - "s3:ListBucket" - ], - "resource_type": "media-insights-pipeline-configuration*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of a media insights pipeline", - "privilege": "UpdateMediaInsightsPipelineStatus", + "access_level": "List", + "description": "Grants permission to list the SCIM access keys defined for your Amazon Chime account and Okta configuration", + "privilege": "ListApiKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "media-pipeline*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update phone number details for the specified phone number", - "privilege": "UpdatePhoneNumber", + "access_level": "List", + "description": "Grants permission to list administrators in the app instance", + "privilege": "ListAppInstanceAdmins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update phone number settings related to Amazon Chime for the AWS account", - "privilege": "UpdatePhoneNumberSettings", - "resource_types": [ + "resource_type": "app-instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a proxy session for the specified Amazon Chime Voice Connector", - "privilege": "UpdateProxySession", + "access_level": "List", + "description": "Grants permission to list all AppInstanceBots created under a single app instance", + "privilege": "ListAppInstanceBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" + "resource_type": "app-instance-bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a room", - "privilege": "UpdateRoom", + "access_level": "List", + "description": "Grants permission to list the endpoints registered for an app instance user", + "privilege": "ListAppInstanceUserEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update room membership role", - "privilege": "UpdateRoomMembership", + "access_level": "List", + "description": "Grants permission to list all AppInstanceUsers created under a single app instance", + "privilege": "ListAppInstanceUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update properties of Amazon Chime SIP media application under the administrator's AWS account", - "privilege": "UpdateSipMediaApplication", + "access_level": "List", + "description": "Grants permission to list all Amazon Chime app instances created under a single AWS account", + "privilege": "ListAppInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "app-instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWS account", - "privilege": "UpdateSipMediaApplicationCall", + "access_level": "List", + "description": "Grants permission to list the tags applied to an Amazon Chime SDK attendee resource", + "privilege": "ListAttendeeTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application*" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWS account", - "privilege": "UpdateSipRule", + "access_level": "List", + "description": "Grants permission to list up to 100 attendees for a specified Amazon Chime SDK meeting", + "privilege": "ListAttendees", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sip-media-application" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the supported license tiers available for users in your Amazon Chime account", - "privilege": "UpdateSupportedLicenses", + "access_level": "List", + "description": "Grants permission to list the available AWS Regions in which you can create an Amazon Chime SDK Voice Connector", + "privilege": "ListAvailableVoiceConnectorRegions", "resource_types": [ { "condition_keys": [], @@ -29830,9 +32519,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update user details for a specified user ID", - "privilege": "UpdateUser", + "access_level": "List", + "description": "Grants permission to list the bots associated with the administrator's Amazon Chime Enterprise account", + "privilege": "ListBots", "resource_types": [ { "condition_keys": [], @@ -29842,21 +32531,24 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the licenses for your Amazon Chime users", - "privilege": "UpdateUserLicenses", + "access_level": "List", + "description": "Grants permission to list Call Detail Record S3 buckets", + "privilege": "ListCDRBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update user settings related to the specified Amazon Chime user", - "privilege": "UpdateUserSettings", + "access_level": "List", + "description": "Grants permission to list the calling regions available for the administrator's AWS account", + "privilege": "ListCallingRegions", "resource_types": [ { "condition_keys": [], @@ -29866,511 +32558,316 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update Amazon Chime Voice Connector details for the specified Amazon Chime Voice Connector", - "privilege": "UpdateVoiceConnector", + "access_level": "List", + "description": "Grants permission to list all the users and bots banned from a particular channel", + "privilege": "ListChannelBans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update Amazon Chime Voice Connector Group details for the specified Amazon Chime Voice Connector Group", - "privilege": "UpdateVoiceConnectorGroup", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-connector" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a voice profile", - "privilege": "UpdateVoiceProfile", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a voice profile domain", - "privilege": "UpdateVoiceProfileDomain", + "access_level": "List", + "description": "Grants permission to list all the Channel Flows created under a single Chime AppInstance", + "privilege": "ListChannelFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "voice-profile-domain*" + "resource_type": "channel-flow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate the account resource in your Amazon Chime account", - "privilege": "ValidateAccountResource", + "access_level": "List", + "description": "Grants permission to list all channel memberships in a channel", + "privilege": "ListChannelMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to validate an address to be used for 911 calls made with Amazon Chime Voice Connectors", - "privilege": "ValidateE911Address", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:chime::${AccountId}:meeting/${MeetingId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "meeting" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-instance" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/user/${AppInstanceUserId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-instance-user" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/bot/${AppInstanceBotId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app-instance-bot" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel/${ChannelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel-flow/${ChannelFlowId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel-flow" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline/${MediaPipelineId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "media-pipeline" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-insights-pipeline-configuration/${ConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "media-insights-pipeline-configuration" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile-domain/${VoiceProfileDomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "voice-profile-domain" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile/${VoiceProfileId}", - "condition_keys": [], - "resource": "voice-profile" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:vc/${VoiceConnectorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "voice-connector" - }, - { - "arn": "arn:${Partition}:chime:${Region}:${AccountId}:sma/${SipMediaApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "sip-media-application" - } - ], - "service_name": "Amazon Chime" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cleanrooms", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to view details for schemas", - "privilege": "BatchGetSchema", + "access_level": "List", + "description": "Grants permission to list all channels that a particular user or bot is a part of", + "privilege": "ListChannelMembershipsForAppInstanceUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetSchema" - ], - "resource_type": "Collaboration*" + "dependent_actions": [], + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new collaboration, a shared data collaboration environment", - "privilege": "CreateCollaboration", + "access_level": "Read", + "description": "Grants permission to list all the messages in a channel", + "privilege": "ListChannelMessages", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new configured table", - "privilege": "CreateConfiguredTable", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "glue:BatchGetPartition", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetSchemaVersion", - "glue:GetTable", - "glue:GetTables" - ], - "resource_type": "ConfiguredTable*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a analysis rule for a configured table", - "privilege": "CreateConfiguredTableAnalysisRule", - "resource_types": [ + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to link a configured table with a collaboration by creating a new association", - "privilege": "CreateConfiguredTableAssociation", + "access_level": "List", + "description": "Grants permission to list all the moderators for a channel", + "privilege": "ListChannelModerators", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "ConfiguredTable*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-bot*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation*" + "resource_type": "app-instance-user*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to join collaborations by creating a membership", - "privilege": "CreateMembership", + "access_level": "List", + "description": "Grants permission to list all the Channels created under a single Chime AppInstance", + "privilege": "ListChannels", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:DeleteLogDelivery", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:GetLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "logs:UpdateLogDelivery" - ], - "resource_type": "Collaboration*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-bot*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing collaboration", - "privilege": "DeleteCollaboration", + "access_level": "List", + "description": "Grants permission to list all the Channels associated with a single Chime Channel Flow", + "privilege": "ListChannelsAssociatedWithChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" + "resource_type": "channel-flow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a configured table", - "privilege": "DeleteConfiguredTable", + "access_level": "List", + "description": "Grants permission to list all channels moderated by a user or bot", + "privilege": "ListChannelsModeratedByAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing analysis rule", - "privilege": "DeleteConfiguredTableAnalysisRule", + "access_level": "List", + "description": "Grants permission to list account delegate information associated with your Amazon Chime account", + "privilege": "ListDelegates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a configured table association from a collaboration", - "privilege": "DeleteConfiguredTableAssociation", + "access_level": "List", + "description": "Grants permission to list active Active Directories hosted in the Directory Service of your AWS account", + "privilege": "ListDirectories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete members from a collaboration", - "privilege": "DeleteMember", + "access_level": "List", + "description": "Grants permission to list domains associated with your Amazon Chime account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to leave collaborations by deleting a membership", - "privilege": "DeleteMembership", + "access_level": "List", + "description": "Grants permission to list Active Directory or Okta user groups associated with your Amazon Chime Enterprise account", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for a collaboration", - "privilege": "GetCollaboration", + "access_level": "List", + "description": "Grants permission to list media capture pipelines", + "privilege": "ListMediaCapturePipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for a configured table", - "privilege": "GetConfiguredTable", + "access_level": "List", + "description": "Grants permission to list all media insights pipeline configurations", + "privilege": "ListMediaInsightsPipelineConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view analysis rules for a configured table", - "privilege": "GetConfiguredTableAnalysisRule", + "access_level": "List", + "description": "Grants permission to list media pipelines", + "privilege": "ListMediaPipelineKinesisVideoStreamPools", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for a configured table association", - "privilege": "GetConfiguredTableAssociation", + "access_level": "List", + "description": "Grants permission to list media pipelines", + "privilege": "ListMediaPipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about a membership", - "privilege": "GetMembership", + "access_level": "List", + "description": "Grants permission to list all events that occurred for a specified meeting", + "privilege": "ListMeetingEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view a protected query", - "privilege": "GetProtectedQuery", + "access_level": "List", + "description": "Grants permission to list the tags applied to an Amazon Chime SDK meeting resource", + "privilege": "ListMeetingTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details for a schema", - "privilege": "GetSchema", + "access_level": "List", + "description": "Grants permission to list up to 100 active Amazon Chime SDK meetings", + "privilege": "ListMeetings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view analysis rules associated with a schema", - "privilege": "GetSchemaAnalysisRule", + "access_level": "List", + "description": "Grants permission to list meetings ended during the specified date range", + "privilege": "ListMeetingsReportData", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetSchema" - ], - "resource_type": "Collaboration*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list available collaborations", - "privilege": "ListCollaborations", + "description": "Grants permission to list the phone number orders under the administrator's AWS account", + "privilege": "ListPhoneNumberOrders", "resource_types": [ { "condition_keys": [], @@ -30381,44 +32878,44 @@ }, { "access_level": "List", - "description": "Grants permission to list available configured table associations for a membership", - "privilege": "ListConfiguredTableAssociations", + "description": "Grants permission to list the phone numbers under the administrator's AWS account", + "privilege": "ListPhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list available configured tables", - "privilege": "ListConfiguredTables", + "description": "Grants permission to list proxy sessions for the specified Amazon Chime Voice Connector", + "privilege": "ListProxySessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { "access_level": "List", - "description": "Grants permission to list the members of a collaboration", - "privilege": "ListMembers", + "description": "Grants permission to list all room members", + "privilege": "ListRoomMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list available memberships", - "privilege": "ListMemberships", + "description": "Grants permission to list rooms", + "privilege": "ListRooms", "resource_types": [ { "condition_keys": [], @@ -30429,716 +32926,570 @@ }, { "access_level": "List", - "description": "Grants permission to list protected queries", - "privilege": "ListProtectedQueries", + "description": "Grants permission to list all Amazon Chime SIP media applications under the administrator's AWS account", + "privilege": "ListSipMediaApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to view available schemas for a collaboration", - "privilege": "ListSchemas", + "description": "Grants permission to list all Amazon Chime SIP rules under the administrator's AWS account", + "privilege": "ListSipRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" + "resource_type": "sip-media-application" } ] }, { "access_level": "List", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list all the SubChannels under a single Channel", + "privilege": "ListSubChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfiguredTable" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start protected queries", - "privilege": "StartProtectedQuery", + "access_level": "List", + "description": "Grants permission to list the phone number countries supported by the AWS account", + "privilege": "ListSupportedPhoneNumberCountries", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cleanrooms:GetSchema", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:PutObject" - ], - "resource_type": "Membership*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list the tags applied to an Amazon Chime resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration" + "resource_type": "app-instance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable" + "resource_type": "app-instance-bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation" + "resource_type": "app-instance-user" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership" + "resource_type": "channel" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "channel-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration" + "resource_type": "media-insights-pipeline-configuration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable" + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTableAssociation" + "resource_type": "media-pipeline-kinesis-video-stream-pool" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership" + "resource_type": "meeting" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sip-media-application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-connector" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "voice-profile-domain" } ] }, { - "access_level": "Write", - "description": "Grants permission to update details of the collaboration", - "privilege": "UpdateCollaboration", + "access_level": "List", + "description": "Grants permission to list the users that belong to the specified Amazon Chime account", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Collaboration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing configured table", - "privilege": "UpdateConfiguredTable", + "access_level": "List", + "description": "Grants permission to list the Amazon Chime Voice Connector Groups under the administrator's AWS account", + "privilege": "ListVoiceConnectorGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update analysis rules for a configured table", - "privilege": "UpdateConfiguredTableAnalysisRule", + "access_level": "List", + "description": "Grants permission to list the SIP termination credentials for the specified Amazon Chime Voice Connector", + "privilege": "ListVoiceConnectorTerminationCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfiguredTable*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a configured table association", - "privilege": "UpdateConfiguredTableAssociation", + "access_level": "List", + "description": "Grants permission to list the Amazon Chime Voice Connectors under the administrator's AWS account", + "privilege": "ListVoiceConnectors", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "ConfiguredTableAssociation*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update details of a membership", - "privilege": "UpdateMembership", + "access_level": "List", + "description": "Grants permission to list voice profile domains", + "privilege": "ListVoiceProfileDomains", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:DeleteLogDelivery", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:GetLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "logs:UpdateLogDelivery" - ], - "resource_type": "Membership*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update protected queries", - "privilege": "UpdateProtectedQuery", + "access_level": "List", + "description": "Grants permission to list voice profiles", + "privilege": "ListVoiceProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Membership*" + "resource_type": "voice-profile-domain*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:collaboration/${CollaborationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Collaboration" - }, - { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:configuredtable/${ConfiguredTableId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfiguredTable" - }, - { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredtableassociation/${ConfiguredTableAssociationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfiguredTableAssociation" - }, - { - "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Membership" - } - ], - "service_name": "AWS Clean Rooms" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" }, - { - "condition": "cloud9:EnvironmentId", - "description": "Filters access by the AWS Cloud9 environment ID", - "type": "String" - }, - { - "condition": "cloud9:EnvironmentName", - "description": "Filters access by the AWS Cloud9 environment name", - "type": "String" - }, - { - "condition": "cloud9:InstanceType", - "description": "Filters access by the instance type of the AWS Cloud9 environment's Amazon EC2 instance", - "type": "String" - }, - { - "condition": "cloud9:OwnerArn", - "description": "Filters access by the owner ARN specified", - "type": "ARN" - }, - { - "condition": "cloud9:Permissions", - "description": "Filters access by the type of AWS Cloud9 permissions", - "type": "String" - }, - { - "condition": "cloud9:SubnetId", - "description": "Filters access by the subnet ID that the AWS Cloud9 environment will be created in", - "type": "String" - }, - { - "condition": "cloud9:UserArn", - "description": "Filters access by the user ARN specified", - "type": "ARN" - } - ], - "prefix": "cloud9", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to start the Amazon EC2 instance that your AWS Cloud9 IDE connects to", - "privilege": "ActivateEC2Remote", + "description": "Grants permission to log out the specified user from all of the devices they are currently logged into", + "privilege": "LogoutUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Cloud9 development environment, launches an Amazon Elastic Compute Cloud (Amazon EC2) instance, and then hosts the environment on the instance", - "privilege": "CreateEnvironmentEC2", + "description": "Grants permission to enable data retention for the app instance", + "privilege": "PutAppInstanceRetentionSettings", "resource_types": [ { - "condition_keys": [ - "cloud9:EnvironmentName", - "cloud9:InstanceType", - "cloud9:SubnetId", - "cloud9:UserArn", - "cloud9:OwnerArn", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to add an environment member to an AWS Cloud9 development environment", - "privilege": "CreateEnvironmentMembership", + "description": "Grants permission to configure data streaming for the app instance", + "privilege": "PutAppInstanceStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "cloud9:UserArn", - "cloud9:EnvironmentId", - "cloud9:Permissions" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Cloud9 SSH development environment", - "privilege": "CreateEnvironmentSSH", + "description": "Grants permission to put expiration settings for an AppInstanceUser", + "privilege": "PutAppInstanceUserExpirationSettings", "resource_types": [ { - "condition_keys": [ - "cloud9:EnvironmentName", - "cloud9:OwnerArn", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to create an authentication token that allows a connection between the AWS Cloud9 IDE and the user's environment", - "privilege": "CreateEnvironmentToken", + "access_level": "Write", + "description": "Grants permission to put expiration settings for a channel", + "privilege": "PutChannelExpirationSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Cloud9 development environment. If the environment is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance, also terminates the instance", - "privilege": "DeleteEnvironment", + "description": "Grants permission to put the preferences for a channel membership", + "privilege": "PutChannelMembershipPreferences", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "environment*" + "dependent_actions": [], + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an environment member from an AWS Cloud9 development environment", - "privilege": "DeleteEnvironmentMembership", + "description": "Grants permission to update details for an events configuration for a bot to receive outgoing events", + "privilege": "PutEventsConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about the connection to the EC2 development environment, including host, user, and port", - "privilege": "DescribeEC2Remote", + "access_level": "Write", + "description": "Grants permission to put the data streaming configurations of an AppInstance", + "privilege": "PutMessagingStreamingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "app-instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about environment members for an AWS Cloud9 development environment", - "privilege": "DescribeEnvironmentMemberships", + "access_level": "Write", + "description": "Grants permission to create or update retention settings for the specified Amazon Chime account", + "privilege": "PutRetentionSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "cloud9:UserArn", - "cloud9:EnvironmentId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get status information for an AWS Cloud9 development environment", - "privilege": "DescribeEnvironmentStatus", + "access_level": "Write", + "description": "Grants permission to update Alexa Skill configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "PutSipMediaApplicationAlexaSkillConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about AWS Cloud9 development environments", - "privilege": "DescribeEnvironments", + "access_level": "Write", + "description": "Grants permission to update logging configuration settings for Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "PutSipMediaApplicationLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "sip-media-application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about the connection to the SSH development environment, including host, user, and port", - "privilege": "DescribeSSHRemote", + "access_level": "Write", + "description": "Grants permission to add emergency calling configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorEmergencyCallingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get configuration information that's used to initialize the AWS Cloud9 IDE", - "privilege": "GetEnvironmentConfig", + "access_level": "Write", + "description": "Grants permission to add logging configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorLoggingConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" + "dependent_actions": [ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:GetLogDelivery", + "logs:ListLogDeliveries" + ], + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified development environment", - "privilege": "GetEnvironmentSettings", + "access_level": "Write", + "description": "Grants permission to update the origination settings for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorOrigination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified environment member", - "privilege": "GetMembershipSettings", + "access_level": "Write", + "description": "Grants permission to add proxy configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorProxy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the migration experience for a cloud9 user", - "privilege": "GetMigrationExperiences", + "access_level": "Write", + "description": "Grants permission to add streaming configuration for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorStreamingConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "chime:GetMediaInsightsPipelineConfiguration" + ], + "resource_type": "voice-connector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-insights-pipeline-configuration" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the user's public SSH key, which is used by AWS Cloud9 to connect to SSH development environments", - "privilege": "GetUserPublicKey", + "access_level": "Write", + "description": "Grants permission to update the termination settings for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorTermination", "resource_types": [ { - "condition_keys": [ - "cloud9:UserArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified user", - "privilege": "GetUserSettings", + "access_level": "Write", + "description": "Grants permission to add SIP termination credentials for the specified Amazon Chime Voice Connector", + "privilege": "PutVoiceConnectorTerminationCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of AWS Cloud9 development environment identifiers", - "privilege": "ListEnvironments", + "access_level": "Write", + "description": "Grants permission to redact message content", + "privilege": "RedactChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for a cloud9 environment", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to set AWS managed temporary credentials on the Amazon EC2 instance that's used by the AWS Cloud9 integrated development environment (IDE)", - "privilege": "ModifyTemporaryCredentialsOnEnvironmentEC2", + "description": "Grants permission to redact the specified Chime conversation Message", + "privilege": "RedactConversationMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a cloud9 environment", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to redacts the specified Chime room Message", + "privilege": "RedactRoomMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a cloud9 environment", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to regenerate the security token for the specified bot", + "privilege": "RegenerateSecurityToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing AWS Cloud9 development environment", - "privilege": "UpdateEnvironment", + "description": "Grants permission to register an endpoint for an app instance user", + "privilege": "RegisterAppInstanceUserEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" + "dependent_actions": [ + "mobiletargeting:GetApp" + ], + "resource_type": "app-instance-user*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing environment member for an AWS Cloud9 development environment", - "privilege": "UpdateEnvironmentMembership", + "description": "Grants permission to modify the account name for your Amazon Chime Enterprise or Team account", + "privilege": "RenameAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "cloud9:UserArn", - "cloud9:EnvironmentId", - "cloud9:Permissions" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified development environment", - "privilege": "UpdateEnvironmentSettings", + "description": "Grants permission to renew the delegation request associated with an Amazon Chime account", + "privilege": "RenewDelegate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified environment member", - "privilege": "UpdateMembershipSettings", + "description": "Grants permission to reset the account resource in your Amazon Chime account", + "privilege": "ResetAccountResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update details about the connection to the SSH development environment, including host, user, and port", - "privilege": "UpdateSSHRemote", + "description": "Grants permission to reset the personal meeting PIN for the specified user on an Amazon Chime account", + "privilege": "ResetPersonalPIN", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update IDE-specific settings of an AWS Cloud9 user", - "privilege": "UpdateUserSettings", + "description": "Grants permission to restore the specified phone number from the deltion queue back to the phone number inventory", + "privilege": "RestorePhoneNumber", "resource_types": [ { "condition_keys": [], @@ -31149,8 +33500,8 @@ }, { "access_level": "Read", - "description": "Grants permission to validate the environment name during the process of creating an AWS Cloud9 development environment", - "privilege": "ValidateEnvironmentName", + "description": "Grants permission to download the file containing links to all user attachments returned as part of the \"Request attachments\" action", + "privilege": "RetrieveDataExports", "resource_types": [ { "condition_keys": [], @@ -31158,589 +33509,445 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" - } - ], - "service_name": "AWS Cloud9" - }, - { - "conditions": [], - "prefix": "clouddirectory", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to add a new Facet to an object", - "privilege": "AddFacetToObject", + "access_level": "Read", + "description": "Grants permission to search phone numbers that can be ordered from the carrier", + "privilege": "SearchAvailablePhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy input published schema into Directory with same name and version as that of published schema", - "privilege": "ApplySchema", + "access_level": "List", + "description": "Grants permission to search channels that an AppInstanceUser belongs to, or search channels across the AppInstance for an AppInstaceAdmin", + "privilege": "SearchChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "app-instance-user*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach an existing object to another existing object", - "privilege": "AttachObject", + "description": "Grants permission to send a message to a particular channel that the member is a part of", + "privilege": "SendChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to attach a policy object to any other object", - "privilege": "AttachPolicy", - "resource_types": [ + "resource_type": "app-instance-bot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to attach the specified object to the specified index", - "privilege": "AttachToIndex", - "resource_types": [ + "resource_type": "app-instance-user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a typed link b/w a source & target object reference", - "privilege": "AttachTypedLink", + "description": "Grants permission to submit the \"Request attachments\" request", + "privilege": "StartDataExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to perform all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly", - "privilege": "BatchRead", + "access_level": "Write", + "description": "Grants permission to start transcription for a meeting", + "privilege": "StartMeetingTranscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to perform all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly", - "privilege": "BatchWrite", + "description": "Grants permission to start a speaker search task on the specified Amazon Chime resource", + "privilege": "StartSpeakerSearchTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a Directory by copying the published schema into the directory", - "privilege": "CreateDirectory", - "resource_types": [ + "resource_type": "media-pipeline" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Facet in a schema", - "privilege": "CreateFacet", + "description": "Grants permission to start a voice tone analysis task on the specified Amazon Chime resource", + "privilege": "StartVoiceToneAnalysisTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to create an index object", - "privilege": "CreateIndex", + "description": "Grants permission to stop transcription for a meeting", + "privilege": "StopMeetingTranscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an object in a Directory", - "privilege": "CreateObject", + "description": "Grants permission to stop a speaker search task on the specified Amazon Chime resource", + "privilege": "StopSpeakerSearchTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new schema in a development state", - "privilege": "CreateSchema", - "resource_types": [ + "resource_type": "media-pipeline" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Typed Link facet in a schema", - "privilege": "CreateTypedLinkFacet", + "description": "Grants permission to stop a voice tone analysis task on the specified Amazon Chime resource", + "privilege": "StopVoiceToneAnalysisTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "media-pipeline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "voice-connector" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a directory. Only disabled directories can be deleted", - "privilege": "DeleteDirectory", + "description": "Grants permission to submit a customer service support request", + "privilege": "SubmitSupportRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a given Facet. All attributes and Rules associated with the facet will be deleted", - "privilege": "DeleteFacet", + "description": "Grants permission to suspend users from an Amazon Chime Enterprise account", + "privilege": "SuspendUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an object and its associated attributes", - "privilege": "DeleteObject", + "access_level": "Tagging", + "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK attendee", + "privilege": "TagAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "meeting*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a given schema", - "privilege": "DeleteSchema", + "access_level": "Tagging", + "description": "Grants permission to apply the specified tags to the specified Amazon Chime SDK meeting", + "privilege": "TagMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "meeting*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted", - "privilege": "DeleteTypedLinkFacet", + "access_level": "Tagging", + "description": "Grants permission to apply the specified tags to the specified Amazon Chime resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to detach the specified object from the specified index", - "privilege": "DetachFromIndex", - "resource_types": [ + "resource_type": "app-instance" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to detach a given object from the parent object", - "privilege": "DetachObject", - "resource_types": [ + "resource_type": "app-instance-bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to detach a policy from an object", - "privilege": "DetachPolicy", - "resource_types": [ + "resource_type": "app-instance-user" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to detach a given typed link b/w given source and target object reference", - "privilege": "DetachTypedLink", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disable the specified directory", - "privilege": "DisableDirectory", - "resource_types": [ + "resource_type": "channel-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable the specified directory", - "privilege": "EnableDirectory", - "resource_types": [ + "resource_type": "media-insights-pipeline-configuration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return current applied schema version ARN, including the minor version in use", - "privilege": "GetAppliedSchemaVersion", - "resource_types": [ + "resource_type": "media-pipeline" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve metadata about a directory", - "privilege": "GetDirectory", - "resource_types": [ + "resource_type": "media-pipeline-kinesis-video-stream-pool" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType", - "privilege": "GetFacet", - "resource_types": [ + "resource_type": "meeting" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "sip-media-application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "voice-connector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "voice-profile-domain" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve attributes that are associated with a typed link", - "privilege": "GetLinkAttributes", + "access_level": "Write", + "description": "Grants permission to unauthorize an Active Directory from your Amazon Chime Enterprise account", + "privilege": "UnauthorizeDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve attributes within a facet that are associated with an object", - "privilege": "GetObjectAttributes", + "access_level": "Tagging", + "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK attendee", + "privilege": "UntagAttendee", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metadata about an object", - "privilege": "GetObjectInformation", + "access_level": "Tagging", + "description": "Grants permission to untag the specified tags from the specified Amazon Chime SDK meeting", + "privilege": "UntagMeeting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a JSON representation of the schema", - "privilege": "GetSchemaAsJson", + "access_level": "Tagging", + "description": "Grants permission to untag the specified tags from the specified Amazon Chime resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "app-instance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "app-instance-bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return identity attributes order information associated with a given typed link facet", - "privilege": "GetTypedLinkFacetInformation", - "resource_types": [ + "resource_type": "app-instance-user" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "channel-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list schemas applied to a directory", - "privilege": "ListAppliedSchemaArns", - "resource_types": [ + "resource_type": "media-insights-pipeline-configuration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list indices attached to an object", - "privilege": "ListAttachedIndices", - "resource_types": [ + "resource_type": "media-pipeline" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve the ARNs of schemas in the development state", - "privilege": "ListDevelopmentSchemaArns", - "resource_types": [ + "resource_type": "media-pipeline-kinesis-video-stream-pool" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list directories created within an account", - "privilege": "ListDirectories", - "resource_types": [ + "resource_type": "meeting" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve attributes attached to the facet", - "privilege": "ListFacetAttributes", - "resource_types": [ + "resource_type": "sip-media-application" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "voice-connector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "voice-profile-domain" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the names of facets that exist in a schema", - "privilege": "ListFacetNames", + "access_level": "Write", + "description": "Grants permission to update account details for the specified Amazon Chime account", + "privilege": "UpdateAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "developmentSchema*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of all incoming TypedLinks for a given object", - "privilege": "ListIncomingTypedLinks", + "access_level": "Write", + "description": "Grants permission to update the OpenIdConfig attributes for your Amazon Chime account", + "privilege": "UpdateAccountOpenIdConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list objects attached to the specified index", - "privilege": "ListIndex", + "access_level": "Write", + "description": "Grants permission to update the account resource in your Amazon Chime account", + "privilege": "UpdateAccountResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the major version families of each managed schema. If a major version ARN is provided as SchemaArn, the minor version revisions in that family are listed instead", - "privilege": "ListManagedSchemaArns", + "access_level": "Write", + "description": "Grants permission to update the settings for the specified Amazon Chime account", + "privilege": "UpdateAccountSettings", "resource_types": [ { "condition_keys": [], @@ -31750,361 +33957,348 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all attributes associated with an object", - "privilege": "ListObjectAttributes", + "access_level": "Write", + "description": "Grants permission to update AppInstance metadata", + "privilege": "UpdateAppInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "app-instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of child objects associated with a given object", - "privilege": "ListObjectChildren", + "access_level": "Write", + "description": "Grants permission to update the details for an AppInstanceBot", + "privilege": "UpdateAppInstanceBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "app-instance-bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all available parent paths for any object type such as node, leaf node, policy node, and index node objects", - "privilege": "ListObjectParentPaths", + "access_level": "Write", + "description": "Grants permission to update the details for an AppInstanceUser", + "privilege": "UpdateAppInstanceUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list parent objects associated with a given object in pagination fashion", - "privilege": "ListObjectParents", + "access_level": "Write", + "description": "Grants permission to update an endpoint registered for an app instance user", + "privilege": "UpdateAppInstanceUserEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "app-instance-user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return policies attached to an object in pagination fashion", - "privilege": "ListObjectPolicies", + "access_level": "Write", + "description": "Grants permission to the capabilties that you want to update", + "privilege": "UpdateAttendeeCapabilities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "meeting*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of all outgoing TypedLinks for a given object", - "privilege": "ListOutgoingTypedLinks", + "access_level": "Write", + "description": "Grants permission to update the status of the specified bot", + "privilege": "UpdateBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return all of the ObjectIdentifiers to which a given policy is attached", - "privilege": "ListPolicyAttachments", + "access_level": "Write", + "description": "Grants permission to update your Call Detail Record S3 bucket", + "privilege": "UpdateCDRSettings", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:ListAllMyBuckets" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve published schema ARNs", - "privilege": "ListPublishedSchemaArns", + "access_level": "Write", + "description": "Grants permission to update a channel's attributes", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app-instance-bot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app-instance-user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a channel flow", + "privilege": "UpdateChannelFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "channel-flow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of attributes associated with typed link facet", - "privilege": "ListTypedLinkFacetAttributes", + "access_level": "Write", + "description": "Grants permission to update the content of a message", + "privilege": "UpdateChannelMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of typed link facet names that exist in a schema", - "privilege": "ListTypedLinkFacetNames", + "access_level": "Write", + "description": "Grants permission to set the timestamp to the point when a user last read messages in a channel", + "privilege": "UpdateChannelReadMarker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" + "resource_type": "app-instance-bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "app-instance-user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all policies from the root of the Directory to the object specified", - "privilege": "LookupPolicy", + "access_level": "Write", + "description": "Grants permission to update the global settings related to Amazon Chime for the AWS account", + "privilege": "UpdateGlobalSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to publish a development schema with a version", - "privilege": "PublishSchema", + "description": "Grants permission to update the status of a media insights pipeline configuration", + "privilege": "UpdateMediaInsightsPipelineConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "developmentSchema*" + "dependent_actions": [ + "chime:ListVoiceConnectors", + "iam:PassRole", + "kinesis:DescribeStream", + "s3:ListBucket" + ], + "resource_type": "media-insights-pipeline-configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a schema using JSON upload. Only available for development schemas", - "privilege": "PutSchemaFromJson", + "description": "Grants permission to update the status of a media insights pipeline", + "privilege": "UpdateMediaInsightsPipelineStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "media-pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the specified facet from the specified object", - "privilege": "RemoveFacetFromObject", + "description": "Grants permission to update kinesis video stream pool", + "privilege": "UpdateMediaPipelineKinesisVideoStreamPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "media-pipeline-kinesis-video-stream-pool*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update phone number details for the specified phone number", + "privilege": "UpdatePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update phone number settings related to Amazon Chime for the AWS account", + "privilege": "UpdatePhoneNumberSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add/update/delete existing Attributes, Rules, or ObjectType of a Facet", - "privilege": "UpdateFacet", + "description": "Grants permission to update a proxy session for the specified Amazon Chime Voice Connector", + "privilege": "UpdateProxySession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "appliedSchema*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "voice-connector*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a given typed link\u2019s attributes. Attributes to be updated must not contribute to the typed link\u2019s identity, as defined by its IdentityAttributeOrder", - "privilege": "UpdateLinkAttributes", + "description": "Grants permission to update a room", + "privilege": "UpdateRoom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a given object's attributes", - "privilege": "UpdateObjectAttributes", + "description": "Grants permission to update room membership role", + "privilege": "UpdateRoomMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the schema name with a new name", - "privilege": "UpdateSchema", + "description": "Grants permission to update properties of Amazon Chime SIP media application under the administrator's AWS account", + "privilege": "UpdateSipMediaApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "sip-media-application*" } ] }, { "access_level": "Write", - "description": "Grants permission to add/update/delete existing Attributes, Rules, identity attribute order of a TypedLink Facet", - "privilege": "UpdateTypedLinkFacet", + "description": "Grants permission to update an Amazon Chime SIP media application call under the administrator's AWS account", + "privilege": "UpdateSipMediaApplicationCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" + "resource_type": "sip-media-application*" } ] }, { "access_level": "Write", - "description": "Grants permission to upgrade a single directory in-place using the PublishedSchemaArn with schema updates found in MinorVersion. Backwards-compatible minor version upgrades are instantaneously available for readers on all objects in the directory", - "privilege": "UpgradeAppliedSchema", + "description": "Grants permission to update properties of Amazon Chime SIP rule under the administrator's AWS account", + "privilege": "UpdateSipRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "sip-media-application" } ] }, { "access_level": "Write", - "description": "Grants permission to upgrade a published schema under a new minor version revision using the current contents of DevelopmentSchemaArn", - "privilege": "UpgradePublishedSchema", + "description": "Grants permission to update the supported license tiers available for users in your Amazon Chime account", + "privilege": "UpdateSupportedLicenses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "developmentSchema*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update user details for a specified user ID", + "privilege": "UpdateUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishedSchema*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}/schema/${SchemaName}/${Version}", - "condition_keys": [], - "resource": "appliedSchema" - }, - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/development/${SchemaName}", - "condition_keys": [], - "resource": "developmentSchema" - }, - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}", - "condition_keys": [], - "resource": "directory" }, - { - "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/published/${SchemaName}/${Version}", - "condition_keys": [], - "resource": "publishedSchema" - } - ], - "service_name": "Amazon Cloud Directory" - }, - { - "conditions": [], - "prefix": "cloudformation", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel resource requests in your account", - "privilege": "CancelResourceRequest", + "description": "Grants permission to update the licenses for your Amazon Chime users", + "privilege": "UpdateUserLicenses", "resource_types": [ { "condition_keys": [], @@ -32115,8 +34309,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create resources in your account", - "privilege": "CreateResource", + "description": "Grants permission to update user settings related to the specified Amazon Chime user", + "privilege": "UpdateUserSettings", "resource_types": [ { "condition_keys": [], @@ -32127,56 +34321,56 @@ }, { "access_level": "Write", - "description": "Grants permission to delete resources in your account", - "privilege": "DeleteResource", + "description": "Grants permission to update Amazon Chime Voice Connector details for the specified Amazon Chime Voice Connector", + "privilege": "UpdateVoiceConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resources in your account", - "privilege": "GetResource", + "access_level": "Write", + "description": "Grants permission to update Amazon Chime Voice Connector Group details for the specified Amazon Chime Voice Connector Group", + "privilege": "UpdateVoiceConnectorGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-connector" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resource requests in your account", - "privilege": "GetResourceRequestStatus", + "access_level": "Write", + "description": "Grants permission to update a voice profile", + "privilege": "UpdateVoiceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-profile*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list resource requests in your account", - "privilege": "ListResourceRequests", + "access_level": "Write", + "description": "Grants permission to update a voice profile domain", + "privilege": "UpdateVoiceProfileDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "voice-profile-domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to list resources in your account", - "privilege": "ListResources", + "description": "Grants permission to validate the account resource in your Amazon Chime account", + "privilege": "ValidateAccountResource", "resource_types": [ { "condition_keys": [], @@ -32186,9 +34380,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update resources in your account", - "privilege": "UpdateResource", + "access_level": "Read", + "description": "Grants permission to validate an address to be used for 911 calls made with Amazon Chime Voice Connectors", + "privilege": "ValidateE911Address", "resource_types": [ { "condition_keys": [], @@ -32198,792 +34392,811 @@ ] } ], - "resources": [], - "service_name": "AWS Cloud Control API" - }, - { - "conditions": [ + "resources": [ { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "arn": "arn:${Partition}:chime::${AccountId}:meeting/${MeetingId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "meeting" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "app-instance" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/user/${AppInstanceUserId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "app-instance-user" }, { - "condition": "cloudformation:ChangeSetName", - "description": "Filters access by an AWS CloudFormation change set name. Use to control which change sets IAM users can execute or delete", - "type": "String" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/bot/${AppInstanceBotId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "app-instance-bot" }, { - "condition": "cloudformation:ImportResourceTypes", - "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they want to import a resource into a stack", - "type": "String" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel/${ChannelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" }, { - "condition": "cloudformation:ResourceTypes", - "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they create or update a stack", - "type": "ArrayOfString" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:app-instance/${AppInstanceId}/channel-flow/${ChannelFlowId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel-flow" }, { - "condition": "cloudformation:RoleArn", - "description": "Filters access by the ARN of an IAM service role. Use to control which service role IAM users can use to work with stacks or change sets", - "type": "ARN" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline/${MediaPipelineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "media-pipeline" }, { - "condition": "cloudformation:StackPolicyUrl", - "description": "Filters access by an Amazon S3 stack policy URL. Use to control which stack policies IAM users can associate with a stack during a create or update stack action", - "type": "String" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-insights-pipeline-configuration/${ConfigurationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "media-insights-pipeline-configuration" }, { - "condition": "cloudformation:TargetRegion", - "description": "Filters access by stack set target region. Use to control which regions IAM users can use when they create or update stack sets", - "type": "ArrayOfString" + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:media-pipeline-kinesis-video-stream-pool/${PoolName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "media-pipeline-kinesis-video-stream-pool" }, { - "condition": "cloudformation:TemplateUrl", - "description": "Filters access by an Amazon S3 template URL. Use to control which templates IAM users can use when they create or update stacks", + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile-domain/${VoiceProfileDomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "voice-profile-domain" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:voice-profile/${VoiceProfileId}", + "condition_keys": [], + "resource": "voice-profile" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:vc/${VoiceConnectorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "voice-connector" + }, + { + "arn": "arn:${Partition}:chime:${Region}:${AccountId}:sma/${SipMediaApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sip-media-application" + } + ], + "service_name": "Amazon Chime" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" } ], - "prefix": "cloudformation", + "prefix": "cleanrooms", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to activate trusted access between StackSets and Organizations. With trusted access between StackSets and Organizations activated, the management account has permissions to create and manage StackSets for your organization", - "privilege": "ActivateOrganizationsAccess", + "access_level": "Read", + "description": "Grants permission to view details of analysisTemplates associated to the collaboration", + "privilege": "BatchGetCollaborationAnalysisTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetCollaborationAnalysisTemplate" + ], + "resource_type": "analysistemplate*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate a public third-party extension, making it available for use in stack templates", - "privilege": "ActivateType", + "access_level": "Read", + "description": "Grants permission to view details for schemas", + "privilege": "BatchGetSchema", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetSchema" + ], + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return configuration data for the specified CloudFormation extensions", - "privilege": "BatchDescribeTypeConfigurations", + "description": "Grants permission to view analysis rules associated with schemas", + "privilege": "BatchGetSchemaAnalysisRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetSchema" + ], + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an update on the specified stack", - "privilege": "CancelUpdateStack", + "description": "Grants permission to create a new analysis template", + "privilege": "CreateAnalysisTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "analysistemplate*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to continue rolling back a stack that is in the UPDATE_ROLLBACK_FAILED state to the UPDATE_ROLLBACK_COMPLETE state", - "privilege": "ContinueUpdateRollback", + "description": "Grants permission to create a new collaboration, a shared data collaboration environment", + "privilege": "CreateCollaboration", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack*" - }, { "condition_keys": [ - "cloudformation:RoleArn" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a list of changes for a stack", - "privilege": "CreateChangeSet", + "description": "Grants permission to link a Cleanrooms ML configured audience model with a collaboration by creating a new association", + "privilege": "CreateConfiguredAudienceModelAssociation", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "cleanrooms-ml:GetConfiguredAudienceModel", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" + ], + "resource_type": "configuredaudiencemodelassociation*" }, { "condition_keys": [ - "cloudformation:ChangeSetName", - "cloudformation:ResourceTypes", - "cloudformation:ImportResourceTypes", - "cloudformation:RoleArn", - "cloudformation:StackPolicyUrl", - "cloudformation:TemplateUrl", "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a stack as specified in the template", - "privilege": "CreateStack", + "description": "Grants permission to create a new configured table", + "privilege": "CreateConfiguredTable", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack*" - }, { "condition_keys": [ - "cloudformation:ResourceTypes", - "cloudformation:RoleArn", - "cloudformation:StackPolicyUrl", - "cloudformation:TemplateUrl", "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "glue:BatchGetPartition", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchemaVersion", + "glue:GetTable", + "glue:GetTables" + ], + "resource_type": "configuredtable*" } ] }, { "access_level": "Write", - "description": "Grants permission to create stack instances for the specified accounts, within the specified regions", - "privilege": "CreateStackInstances", + "description": "Grants permission to create a analysis rule for a configured table", + "privilege": "CreateConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to link a configured table with a collaboration by creating a new association", + "privilege": "CreateConfiguredTableAssociation", + "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stackset-target" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "configuredtable*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "type" + "resource_type": "configuredtableassociation*" }, { "condition_keys": [ - "aws:TagKeys", - "cloudformation:TargetRegion" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a stackset as specified in the template", - "privilege": "CreateStackSet", + "description": "Grants permission to join collaborations by creating a membership", + "privilege": "CreateMembership", "resource_types": [ { "condition_keys": [ - "cloudformation:RoleArn", - "cloudformation:TemplateUrl", "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "s3:GetBucketLocation" + ], + "resource_type": "collaboration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to upload templates to Amazon S3 buckets. Used only by the AWS CloudFormation console and is not documented in the API reference", - "privilege": "CreateUploadBucket", + "description": "Grants permission to create a new privacy budget template", + "privilege": "CreatePrivacyBudgetTemplate", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to deactivate trusted access between StackSets and Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization", - "privilege": "DeactivateOrganizationsAccess", - "resource_types": [ + "resource_type": "membership*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate a public extension that was previously activated in this account and region", - "privilege": "DeactivateType", + "description": "Grants permission to delete an existing analysis template", + "privilege": "DeleteAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "analysistemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified change set. Deleting change sets ensures that no one executes the wrong change set", - "privilege": "DeleteChangeSet", + "description": "Grants permission to delete an existing collaboration", + "privilege": "DeleteCollaboration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ChangeSetName" + "dependent_actions": [ + "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified stack", - "privilege": "DeleteStack", + "description": "Grants permission to delete an existing configured audience model association", + "privilege": "DeleteConfiguredAudienceModelAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:RoleArn" + "dependent_actions": [ + "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredaudiencemodelassociation*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete stack instances for the specified accounts, in the specified regions", - "privilege": "DeleteStackInstances", + "description": "Grants permission to delete a configured table", + "privilege": "DeleteConfiguredTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stackset-target" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "type" - }, - { - "condition_keys": [ - "cloudformation:TargetRegion" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtable*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified stackset", - "privilege": "DeleteStackSet", + "description": "Grants permission to delete an existing analysis rule", + "privilege": "DeleteConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "configuredtable*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an existing CloudFormation type or type version", - "privilege": "DeregisterType", + "description": "Grants permission to remove a configured table association from a collaboration", + "privilege": "DeleteConfiguredTableAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve your account's AWS CloudFormation limits", - "privilege": "DescribeAccountLimits", + "access_level": "Write", + "description": "Grants permission to delete members from a collaboration", + "privilege": "DeleteMember", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "cleanrooms-ml:DeleteConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:PutConfiguredAudienceModelPolicy" + ], + "resource_type": "collaboration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the description for the specified change set", - "privilege": "DescribeChangeSet", + "access_level": "Write", + "description": "Grants permission to leave collaborations by deleting a membership", + "privilege": "DeleteMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the Hook invocation information for the specified change set", - "privilege": "DescribeChangeSetHooks", + "access_level": "Write", + "description": "Grants permission to delete an existing privacy budget template", + "privilege": "DeletePrivacyBudgetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the account's OrganizationAccess status", - "privilege": "DescribeOrganizationsAccess", + "description": "Grants permission to view details for an analysis template", + "privilege": "GetAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "analysistemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a CloudFormation extension publisher", - "privilege": "DescribePublisher", + "description": "Grants permission to view details for a collaboration", + "privilege": "GetCollaboration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a stack drift detection operation", - "privilege": "DescribeStackDriftDetectionStatus", + "description": "Grants permission to view details for an analysis template within a collaboration", + "privilege": "GetCollaborationAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return all stack related events for a specified stack", - "privilege": "DescribeStackEvents", - "resource_types": [ + "resource_type": "analysistemplate*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "collaboration*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the stack instance that's associated with the specified stack set, AWS account, and region", - "privilege": "DescribeStackInstance", + "description": "Grants permission to view details for a configured audience model association within a collaboration", + "privilege": "GetCollaborationConfiguredAudienceModelAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return a description of the specified resource in the specified stack", - "privilege": "DescribeStackResource", - "resource_types": [ + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "configuredaudiencemodelassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack", - "privilege": "DescribeStackResourceDrifts", + "description": "Grants permission to view details for a privacy budget template within a collaboration", + "privilege": "GetCollaborationPrivacyBudgetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return AWS resource descriptions for running and deleted stacks", - "privilege": "DescribeStackResources", - "resource_types": [ + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the description of the specified stack set", - "privilege": "DescribeStackSet", + "description": "Grants permission to view details for a configured audience model association", + "privilege": "GetConfiguredAudienceModelAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "configuredaudiencemodelassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the description of the specified stack set operation", - "privilege": "DescribeStackSetOperation", + "description": "Grants permission to view details for a configured table", + "privilege": "GetConfiguredTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return the description for the specified stack, and to all stacks when used in combination with the ListStacks action", - "privilege": "DescribeStacks", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "cloudformation:ListStacks" - ], - "resource_type": "stack" + "resource_type": "configuredtable*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the CloudFormation type requested", - "privilege": "DescribeType", + "description": "Grants permission to view analysis rules for a configured table", + "privilege": "GetConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtable*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the registration process for a CloudFormation type", - "privilege": "DescribeTypeRegistration", + "description": "Grants permission to view details for a configured table association", + "privilege": "GetConfiguredTableAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to detects whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", - "privilege": "DetectStackDrift", + "description": "Grants permission to view details about a membership", + "privilege": "GetMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "membership*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about whether a resource's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", - "privilege": "DetectStackResourceDrift", + "description": "Grants permission to view details for a privacy budget template", + "privilege": "GetPrivacyBudgetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "Read", - "description": "Grants permission to enable users to detect drift on a stack set and the stack instances that belong to that stack set", - "privilege": "DetectStackSetDrift", + "description": "Grants permission to view a protected query", + "privilege": "GetProtectedQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "membership*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the estimated monthly cost of a template", - "privilege": "EstimateTemplateCost", - "resource_types": [ - { - "condition_keys": [ - "cloudformation:TemplateUrl" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a stack using the input information that was provided when the specified change set was created", - "privilege": "ExecuteChangeSet", + "description": "Grants permission to view details for a schema", + "privilege": "GetSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "collaboration*" }, { - "condition_keys": [ - "cloudformation:ChangeSetName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtableassociation*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the stack policy for a specified stack", - "privilege": "GetStackPolicy", + "description": "Grants permission to view analysis rules associated with a schema", + "privilege": "GetSchemaAnalysisRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the template body for a specified stack", - "privilege": "GetTemplate", - "resource_types": [ + "dependent_actions": [ + "cleanrooms:GetSchema" + ], + "resource_type": "collaboration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "configuredtableassociation*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a new or existing template", - "privilege": "GetTemplateSummary", + "access_level": "List", + "description": "Grants permission to list available analysis templates", + "privilege": "ListAnalysisTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "analysistemplate*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset" - }, - { - "condition_keys": [ - "cloudformation:TemplateUrl" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable users to import existing stacks to a new or existing stackset", - "privilege": "ImportStacksToStackSet", + "access_level": "List", + "description": "Grants permission to list available analysis templates within a collaboration", + "privilege": "ListCollaborationAnalysisTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return the ID and status of each active change set for a stack. For example, AWS CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or CREATE_PENDING state", - "privilege": "ListChangeSets", + "description": "Grants permission to list available configured audience model association within a collaboration", + "privilege": "ListCollaborationConfiguredAudienceModelAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to list all exported output values in the account and region in which you call this action", - "privilege": "ListExports", + "description": "Grants permission to list available privacy budget templates within a collaboration", + "privilege": "ListCollaborationPrivacyBudgetTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to list all stacks that are importing an exported output value", - "privilege": "ListImports", + "description": "Grants permission to list privacy budgets within a collaboration", + "privilege": "ListCollaborationPrivacyBudgets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack instance", - "privilege": "ListStackInstanceResourceDrifts", + "description": "Grants permission to list available collaborations", + "privilege": "ListCollaborations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return summary information about stack instances that are associated with the specified stack set", - "privilege": "ListStackInstances", + "description": "Grants permission to list available configured audience model associations for a membership", + "privilege": "ListConfiguredAudienceModelAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return descriptions of all resources of the specified stack", - "privilege": "ListStackResources", - "resource_types": [ + "resource_type": "configuredaudiencemodelassociation*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "membership*" } ] }, { "access_level": "List", - "description": "Grants permission to return summary information about the results of a stack set operation", - "privilege": "ListStackSetOperationResults", + "description": "Grants permission to list available configured table associations for a membership", + "privilege": "ListConfiguredTableAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return summary information about operations performed on a stack set", - "privilege": "ListStackSetOperations", - "resource_types": [ + "resource_type": "configuredtableassociation*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "membership*" } ] }, { "access_level": "List", - "description": "Grants permission to return summary information about stack sets that are associated with the user", - "privilege": "ListStackSets", + "description": "Grants permission to list available configured tables", + "privilege": "ListConfiguredTables", "resource_types": [ { "condition_keys": [], @@ -32994,20 +35207,20 @@ }, { "access_level": "List", - "description": "Grants permission to return the summary information for stacks whose status matches the specified StackStatusFilter. In combination with the DescribeStacks action, grants permission to list descriptions for stacks", - "privilege": "ListStacks", + "description": "Grants permission to list the members of a collaboration", + "privilege": "ListMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "collaboration*" } ] }, { "access_level": "List", - "description": "Grants permission to list CloudFormation type registration attempts", - "privilege": "ListTypeRegistrations", + "description": "Grants permission to list available memberships", + "privilege": "ListMemberships", "resource_types": [ { "condition_keys": [], @@ -33018,181 +35231,178 @@ }, { "access_level": "List", - "description": "Grants permission to list versions of a particular CloudFormation type", - "privilege": "ListTypeVersions", + "description": "Grants permission to list available privacy budget templates", + "privilege": "ListPrivacyBudgetTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "privacybudgettemplate*" } ] }, { "access_level": "List", - "description": "Grants permission to list available CloudFormation types", - "privilege": "ListTypes", + "description": "Grants permission to list available privacy budgets", + "privilege": "ListPrivacyBudgets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish the specified extension to the CloudFormation registry as a public extension in this region", - "privilege": "PublishType", + "access_level": "List", + "description": "Grants permission to list protected queries", + "privilege": "ListProtectedQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { - "access_level": "Write", - "description": "Grants permission to record the handler progress", - "privilege": "RecordHandlerProgress", + "access_level": "List", + "description": "Grants permission to view available schemas for a collaboration", + "privilege": "ListSchemas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "collaboration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register account as a publisher of public extensions in the CloudFormation registry", - "privilege": "RegisterPublisher", + "access_level": "List", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register a new CloudFormation type", - "privilege": "RegisterType", - "resource_types": [ + "resource_type": "analysistemplate" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to rollback the stack to the last stable state", - "privilege": "RollbackStack", - "resource_types": [ + "resource_type": "collaboration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "configuredaudiencemodelassociation" }, { - "condition_keys": [ - "cloudformation:RoleArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to set a stack policy for a specified stack", - "privilege": "SetStackPolicy", - "resource_types": [ + "resource_type": "configuredtable" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "configuredtableassociation" }, { - "condition_keys": [ - "cloudformation:StackPolicyUrl" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the configuration data for a registered CloudFormation extension, in the given account and region", - "privilege": "SetTypeConfiguration", - "resource_types": [ + "resource_type": "membership" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "privacybudgettemplate" } ] }, { - "access_level": "Write", - "description": "Grants permission to set which version of a CloudFormation type applies to CloudFormation operations", - "privilege": "SetTypeDefaultVersion", + "access_level": "Read", + "description": "Grants permission to preview privacy budget template settings", + "privilege": "PreviewPrivacyImpact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to send a signal to the specified resource with a success or failure status", - "privilege": "SignalResource", + "description": "Grants permission to start protected queries", + "privilege": "StartProtectedQuery", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cleanrooms:GetCollaborationAnalysisTemplate", + "cleanrooms:GetSchema", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:PutObject" + ], + "resource_type": "configuredtableassociation*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop an in-progress operation on a stack set and its associated stack instances", - "privilege": "StopStackSetOperation", - "resource_types": [ + "resource_type": "membership*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" + "resource_type": "analysistemplate" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag cloudformation resources", + "description": "Grants permission to tag a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "changeset" + "resource_type": "analysistemplate" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "collaboration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset" + "resource_type": "configuredaudiencemodelassociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtable" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtableassociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "privacybudgettemplate" }, { "condition_keys": [ @@ -33205,36 +35415,44 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to test a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry", - "privilege": "TestType", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to untag cloudformation resources", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "analysistemplate" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "changeset" + "resource_type": "collaboration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "configuredaudiencemodelassociation" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset" + "resource_type": "configuredtable" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredtableassociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "membership" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "privacybudgettemplate" }, { "condition_keys": [ @@ -33247,151 +35465,179 @@ }, { "access_level": "Write", - "description": "Grants permission to update a stack as specified in the template", - "privilege": "UpdateStack", + "description": "Grants permission to update details of the analysis template", + "privilege": "UpdateAnalysisTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" - }, - { - "condition_keys": [ - "cloudformation:ResourceTypes", - "cloudformation:RoleArn", - "cloudformation:StackPolicyUrl", - "cloudformation:TemplateUrl", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "analysistemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the parameter values for stack instances for the specified accounts, within the specified regions", - "privilege": "UpdateStackInstances", + "description": "Grants permission to update details of the collaboration", + "privilege": "UpdateCollaboration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, + "resource_type": "collaboration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a configured audience model association", + "privilege": "UpdateConfiguredAudienceModelAssociation", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset-target" - }, + "resource_type": "configuredaudiencemodelassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing configured table", + "privilege": "UpdateConfiguredTable", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "type" - }, - { - "condition_keys": [ - "cloudformation:TargetRegion" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "configuredtable*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a stackset as specified in the template", - "privilege": "UpdateStackSet", + "description": "Grants permission to update analysis rules for a configured table", + "privilege": "UpdateConfiguredTableAnalysisRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stackset*" - }, + "resource_type": "configuredtable*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a configured table association", + "privilege": "UpdateConfiguredTableAssociation", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stackset-target" - }, + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "configuredtableassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update details of a membership", + "privilege": "UpdateMembership", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "type" - }, - { - "condition_keys": [ - "cloudformation:RoleArn", - "cloudformation:TemplateUrl", - "cloudformation:TargetRegion", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "iam:PassRole", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "s3:GetBucketLocation" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] }, { "access_level": "Write", - "description": "Grants permission to update termination protection for the specified stack", - "privilege": "UpdateTerminationProtection", + "description": "Grants permission to update details of the privacy budget template", + "privilege": "UpdatePrivacyBudgetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack*" + "resource_type": "privacybudgettemplate*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate a specified template", - "privilege": "ValidateTemplate", + "access_level": "Write", + "description": "Grants permission to update protected queries", + "privilege": "UpdateProtectedQuery", "resource_types": [ { - "condition_keys": [ - "cloudformation:TemplateUrl" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "membership*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:changeSet/${ChangeSetName}/${Id}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/analysistemplate/${AnalysisTemplateId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "changeset" + "resource": "analysistemplate" }, { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stack/${StackName}/${Id}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:collaboration/${CollaborationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "stack" + "resource": "collaboration" }, { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset/${StackSetName}:${Id}", + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredaudiencemodelassociation/${ConfiguredAudienceModelAssociationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "stackset" + "resource": "configuredaudiencemodelassociation" }, { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset-target/${StackSetTarget}", - "condition_keys": [], - "resource": "stackset-target" + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:configuredtable/${ConfiguredTableId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configuredtable" }, { - "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:type/resource/${Type}", - "condition_keys": [], - "resource": "type" + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/configuredtableassociation/${ConfiguredTableAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configuredtableassociation" + }, + { + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "membership" + }, + { + "arn": "arn:${Partition}:cleanrooms:${Region}:${Account}:membership/${MembershipId}/privacybudgettemplate/${PrivacyBudgetTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "privacybudgettemplate" } ], - "service_name": "AWS CloudFormation" + "service_name": "AWS Clean Rooms" }, { "conditions": [ @@ -33409,93 +35655,85 @@ "condition": "aws:TagKeys", "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "cleanrooms-ml:CollaborationId", + "description": "Filters access by clean rooms collaboration id", + "type": "String" } ], - "prefix": "cloudfront", + "prefix": "cleanrooms-ml", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate an alias to a CloudFront distribution", - "privilege": "AssociateAlias", + "description": "Grants permission to create an audience model", + "privilege": "CreateAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to copy an existing distribution and create a new web distribution", - "privilege": "CopyDistribution", - "resource_types": [ + "resource_type": "trainingdataset*" + }, { - "condition_keys": [], - "dependent_actions": [ - "cloudfront:CopyDistribution", - "cloudfront:CreateDistribution", - "cloudfront:GetDistribution" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "distribution*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add a new cache policy to CloudFront", - "privilege": "CreateCachePolicy", + "description": "Grants permission to create a configured audience model", + "privilege": "CreateConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new CloudFront origin access identity", - "privilege": "CreateCloudFrontOriginAccessIdentity", - "resource_types": [ + "resource_type": "audiencemodel*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add a new continuous-deployment policy to CloudFront", - "privilege": "CreateContinuousDeploymentPolicy", + "description": "Grants permission to create a training dataset, or seed audience. In Clean Rooms ML, the TrainingDataset is metadata that points to a Glue table, which is read only during AudienceModel creation", + "privilege": "CreateTrainingDataset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new web distribution", - "privilege": "CreateDistribution", + "description": "Grants permission to delete the specified audience generation job, and removes all data associated with the job", + "privilege": "DeleteAudienceGenerationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new field-level encryption configuration", - "privilege": "CreateFieldLevelEncryptionConfig", - "resource_types": [ + "resource_type": "audiencegenerationjob*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -33503,157 +35741,213 @@ }, { "access_level": "Write", - "description": "Grants permission to create a field-level encryption profile", - "privilege": "CreateFieldLevelEncryptionProfile", + "description": "Grants permission to delete the specified audience generation job, and removes all data associated with the job", + "privilege": "DeleteAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "audiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a CloudFront function", - "privilege": "CreateFunction", + "description": "Grants permission to delete the specified configured audience model", + "privilege": "DeleteConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new invalidation batch request", - "privilege": "CreateInvalidation", - "resource_types": [ + "resource_type": "configuredaudiencemodel*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add a new key group to CloudFront", - "privilege": "CreateKeyGroup", + "description": "Grants permission to delete the specified configured audience model policy", + "privilege": "DeleteConfiguredAudienceModelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost", - "privilege": "CreateMonitoringSubscription", + "description": "Grants permission to delete a training dataset", + "privilege": "DeleteTrainingDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "trainingdataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new origin access control", - "privilege": "CreateOriginAccessControl", + "access_level": "Read", + "description": "Grants permission to return information about an audience generation job", + "privilege": "GetAudienceGenerationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "audiencegenerationjob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new origin request policy to CloudFront", - "privilege": "CreateOriginRequestPolicy", + "access_level": "Read", + "description": "Grants permission to return information about an audience model", + "privilege": "GetAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add a new public key to CloudFront", - "privilege": "CreatePublicKey", - "resource_types": [ + "resource_type": "audiencemodel*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a real-time log configuration", - "privilege": "CreateRealtimeLogConfig", + "access_level": "Read", + "description": "Grants permission to return information about a configured audience model", + "privilege": "GetConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new response headers policy to CloudFront", - "privilege": "CreateResponseHeadersPolicy", + "access_level": "Read", + "description": "Grants permission to return information about a configured audience model policy", + "privilege": "GetConfiguredAudienceModelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new savings plan", - "privilege": "CreateSavingsPlan", + "access_level": "Read", + "description": "Grants permission to return information about a training dataset", + "privilege": "GetTrainingDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "trainingdataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new RTMP distribution", - "privilege": "CreateStreamingDistribution", + "access_level": "List", + "description": "Grants permission to return a list of the audience export jobs", + "privilege": "ListAudienceExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "audiencegenerationjob" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new RTMP distribution with tags", - "privilege": "CreateStreamingDistributionWithTags", + "access_level": "List", + "description": "Grants permission to return a list of audience generation jobs", + "privilege": "ListAudienceGenerationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "configuredaudiencemodel" }, { "condition_keys": [ @@ -33666,369 +35960,571 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a cache policy", - "privilege": "DeleteCachePolicy", + "access_level": "List", + "description": "Grants permission to return a list of audience models", + "privilege": "ListAudienceModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudFront origin access identity", - "privilege": "DeleteCloudFrontOriginAccessIdentity", + "access_level": "List", + "description": "Grants permission to return a list of configured audience models", + "privilege": "ListConfiguredAudienceModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a continuous-deployment policy", - "privilege": "DeleteContinuousDeploymentPolicy", + "access_level": "List", + "description": "Grants permission to return a list of tags for a provided resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a web distribution", - "privilege": "DeleteDistribution", - "resource_types": [ + "resource_type": "audiencegenerationjob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a field-level encryption configuration", - "privilege": "DeleteFieldLevelEncryptionConfig", - "resource_types": [ + "resource_type": "audiencemodel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-config*" + "resource_type": "configuredaudiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trainingdataset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a field-level encryption profile", - "privilege": "DeleteFieldLevelEncryptionProfile", + "access_level": "List", + "description": "Grants permission to return a list of training datasets", + "privilege": "ListTrainingDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudFront function", - "privilege": "DeleteFunction", + "access_level": "Permissions management", + "description": "Grants permission to create or update the resource policy for a configured audience model", + "privilege": "PutConfiguredAudienceModelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "configuredaudiencemodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a key group", - "privilege": "DeleteKeyGroup", + "description": "Grants permission to export an audience of a specified size after you have generated an audience", + "privilege": "StartAudienceExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "audiencegenerationjob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable additional CloudWatch metrics for the specified CloudFront distribution", - "privilege": "DeleteMonitoringSubscription", + "description": "Grants permission to start the audience generation job", + "privilege": "StartAudienceGenerationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cleanrooms-ml:CollaborationId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an origin access control", - "privilege": "DeleteOriginAccessControl", + "access_level": "Tagging", + "description": "Grants permission to tag a specific resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "audiencegenerationjob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "audiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredaudiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trainingdataset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an origin request policy", - "privilege": "DeleteOriginRequestPolicy", + "access_level": "Tagging", + "description": "Grants permission to untag a specific resource", + "privilege": "UnTagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "audiencegenerationjob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "audiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuredaudiencemodel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trainingdataset" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a public key from CloudFront", - "privilege": "DeletePublicKey", + "description": "Grants permission to update a configured audience model.", + "privilege": "UpdateConfiguredAudienceModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "configuredaudiencemodel*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "audiencemodel" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:training-dataset/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "trainingdataset" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:audience-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "audiencemodel" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:configured-audience-model/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configuredaudiencemodel" + }, + { + "arn": "arn:${Partition}:cleanrooms-ml:${Region}:${Account}:audience-generation-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "audiencegenerationjob" + } + ], + "service_name": "AWS Clean Rooms ML" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "cloud9:EnvironmentId", + "description": "Filters access by the AWS Cloud9 environment ID", + "type": "String" + }, + { + "condition": "cloud9:EnvironmentName", + "description": "Filters access by the AWS Cloud9 environment name", + "type": "String" + }, + { + "condition": "cloud9:InstanceType", + "description": "Filters access by the instance type of the AWS Cloud9 environment's Amazon EC2 instance", + "type": "String" + }, + { + "condition": "cloud9:OwnerArn", + "description": "Filters access by the owner ARN specified", + "type": "ARN" + }, + { + "condition": "cloud9:Permissions", + "description": "Filters access by the type of AWS Cloud9 permissions", + "type": "String" + }, + { + "condition": "cloud9:SubnetId", + "description": "Filters access by the subnet ID that the AWS Cloud9 environment will be created in", + "type": "String" }, + { + "condition": "cloud9:UserArn", + "description": "Filters access by the user ARN specified", + "type": "ARN" + } + ], + "prefix": "cloud9", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a real-time log configuration", - "privilege": "DeleteRealtimeLogConfig", + "description": "Grants permission to start the Amazon EC2 instance that your AWS Cloud9 IDE connects to", + "privilege": "ActivateEC2Remote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a response headers policy", - "privilege": "DeleteResponseHeadersPolicy", + "description": "Grants permission to create an AWS Cloud9 development environment, launches an Amazon Elastic Compute Cloud (Amazon EC2) instance, and then hosts the environment on the instance", + "privilege": "CreateEnvironmentEC2", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "response-headers-policy*" + "condition_keys": [ + "cloud9:EnvironmentName", + "cloud9:InstanceType", + "cloud9:SubnetId", + "cloud9:UserArn", + "cloud9:OwnerArn", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an RTMP distribution", - "privilege": "DeleteStreamingDistribution", + "description": "Grants permission to add an environment member to an AWS Cloud9 development environment", + "privilege": "CreateEnvironmentMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId", + "cloud9:Permissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a CloudFront function summary", - "privilege": "DescribeFunction", + "access_level": "Write", + "description": "Grants permission to create an AWS Cloud9 SSH development environment", + "privilege": "CreateEnvironmentSSH", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloud9:EnvironmentName", + "cloud9:OwnerArn", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the cache policy", - "privilege": "GetCachePolicy", + "description": "Grants permission to create an authentication token that allows a connection between the AWS Cloud9 IDE and the user's environment", + "privilege": "CreateEnvironmentToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the cache policy configuration", - "privilege": "GetCachePolicyConfig", + "access_level": "Write", + "description": "Grants permission to delete an AWS Cloud9 development environment. If the environment is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance, also terminates the instance", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "cache-policy*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about a CloudFront origin access identity", - "privilege": "GetCloudFrontOriginAccessIdentity", + "access_level": "Write", + "description": "Grants permission to delete an environment member from an AWS Cloud9 development environment", + "privilege": "DeleteEnvironmentMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the configuration information about a Cloudfront origin access identity", - "privilege": "GetCloudFrontOriginAccessIdentityConfig", + "description": "Grants permission to get details about the connection to the EC2 development environment, including host, user, and port", + "privilege": "DescribeEC2Remote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the continuous-deployment policy", - "privilege": "GetContinuousDeploymentPolicy", + "description": "Grants permission to get information about environment members for an AWS Cloud9 development environment", + "privilege": "DescribeEnvironmentMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the continuous-deployment policy configuration", - "privilege": "GetContinuousDeploymentPolicyConfig", + "description": "Grants permission to get status information for an AWS Cloud9 development environment", + "privilege": "DescribeEnvironmentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the information about a web distribution", - "privilege": "GetDistribution", + "description": "Grants permission to get information about AWS Cloud9 development environments", + "privilege": "DescribeEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the configuration information about a distribution", - "privilege": "GetDistributionConfig", + "description": "Grants permission to get details about the connection to the SSH development environment, including host, user, and port", + "privilege": "DescribeSSHRemote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the field-level encryption configuration information", - "privilege": "GetFieldLevelEncryption", + "description": "Grants permission to get configuration information that's used to initialize the AWS Cloud9 IDE", + "privilege": "GetEnvironmentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-config*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the field-level encryption configuration information", - "privilege": "GetFieldLevelEncryptionConfig", + "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified development environment", + "privilege": "GetEnvironmentSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-config*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the field-level encryption configuration information", - "privilege": "GetFieldLevelEncryptionProfile", + "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified environment member", + "privilege": "GetMembershipSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the field-level encryption profile configuration information", - "privilege": "GetFieldLevelEncryptionProfileConfig", + "description": "Grants permission to get the migration experience for a cloud9 user", + "privilege": "GetMigrationExperiences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a CloudFront function's code", - "privilege": "GetFunction", + "description": "Grants permission to get the user's public SSH key, which is used by AWS Cloud9 to connect to SSH development environments", + "privilege": "GetUserPublicKey", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloud9:UserArn" + ], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the information about an invalidation", - "privilege": "GetInvalidation", + "description": "Grants permission to get the AWS Cloud9 IDE settings for a specified user", + "privilege": "GetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a key group", - "privilege": "GetKeyGroup", + "description": "Grants permission to get a list of AWS Cloud9 development environment identifiers", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], @@ -34039,284 +36535,334 @@ }, { "access_level": "Read", - "description": "Grants permission to get a key group configuration", - "privilege": "GetKeyGroupConfig", + "description": "Grants permission to list tags for a cloud9 environment", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution", - "privilege": "GetMonitoringSubscription", + "access_level": "Write", + "description": "Grants permission to set AWS managed temporary credentials on the Amazon EC2 instance that's used by the AWS Cloud9 integrated development environment (IDE)", + "privilege": "ModifyTemporaryCredentialsOnEnvironmentEC2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin access control", - "privilege": "GetOriginAccessControl", + "access_level": "Tagging", + "description": "Grants permission to add tags to a cloud9 environment", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin access control configuration", - "privilege": "GetOriginAccessControlConfig", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a cloud9 environment", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin request policy", - "privilege": "GetOriginRequestPolicy", + "access_level": "Write", + "description": "Grants permission to change the settings of an existing AWS Cloud9 development environment", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the origin request policy configuration", - "privilege": "GetOriginRequestPolicyConfig", + "access_level": "Write", + "description": "Grants permission to change the settings of an existing environment member for an AWS Cloud9 development environment", + "privilege": "UpdateEnvironmentMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "environment*" + }, + { + "condition_keys": [ + "cloud9:UserArn", + "cloud9:EnvironmentId", + "cloud9:Permissions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the public key information", - "privilege": "GetPublicKey", + "access_level": "Write", + "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified development environment", + "privilege": "UpdateEnvironmentSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the public key configuration information", - "privilege": "GetPublicKeyConfig", + "access_level": "Write", + "description": "Grants permission to update the AWS Cloud9 IDE settings for a specified environment member", + "privilege": "UpdateMembershipSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a real-time log configuration", - "privilege": "GetRealtimeLogConfig", + "access_level": "Write", + "description": "Grants permission to update details about the connection to the SSH development environment, including host, user, and port", + "privilege": "UpdateSSHRemote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the response headers policy", - "privilege": "GetResponseHeadersPolicy", + "access_level": "Write", + "description": "Grants permission to update IDE-specific settings of an AWS Cloud9 user", + "privilege": "UpdateUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the response headers policy configuration", - "privilege": "GetResponseHeadersPolicyConfig", + "description": "Grants permission to validate the environment name during the process of creating an AWS Cloud9 development environment", + "privilege": "ValidateEnvironmentName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "" } ] - }, + } + ], + "resources": [ { - "access_level": "Read", - "description": "Grants permission to get a savings plan", - "privilege": "GetSavingsPlan", + "arn": "arn:${Partition}:cloud9:${Region}:${Account}:environment:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" + } + ], + "service_name": "AWS Cloud9" + }, + { + "conditions": [], + "prefix": "clouddirectory", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add a new Facet to an object", + "privilege": "AddFacetToObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about an RTMP distribution", - "privilege": "GetStreamingDistribution", + "access_level": "Write", + "description": "Grants permission to copy input published schema into Directory with same name and version as that of published schema", + "privilege": "ApplySchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "directory*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration information about a streaming distribution", - "privilege": "GetStreamingDistributionConfig", + "access_level": "Write", + "description": "Grants permission to attach an existing object to another existing object", + "privilege": "AttachObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all cache policies that have been created in CloudFront for this account", - "privilege": "ListCachePolicies", + "access_level": "Write", + "description": "Grants permission to attach a policy object to any other object", + "privilege": "AttachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your CloudFront origin access identities", - "privilege": "ListCloudFrontOriginAccessIdentities", + "access_level": "Write", + "description": "Grants permission to attach the specified object to the specified index", + "privilege": "AttachToIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all aliases that conflict with the given alias in CloudFront", - "privilege": "ListConflictingAliases", + "access_level": "Write", + "description": "Grants permission to attach a typed link b/w a source & target object reference", + "privilege": "AttachTypedLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all continuous-deployment policies in the account", - "privilege": "ListContinuousDeploymentPolicies", + "access_level": "Read", + "description": "Grants permission to perform all the read operations in a batch. Each individual operation inside BatchRead needs to be granted permissions explicitly", + "privilege": "BatchRead", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions associated with your AWS account", - "privilege": "ListDistributions", + "access_level": "Write", + "description": "Grants permission to perform all the write operations in a batch. Each individual operation inside BatchWrite needs to be granted permissions explicitly", + "privilege": "BatchWrite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy", - "privilege": "ListDistributionsByCachePolicyId", + "access_level": "Write", + "description": "Grants permission to create a Directory by copying the published schema into the directory", + "privilege": "CreateDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified key group", - "privilege": "ListDistributionsByKeyGroup", + "access_level": "Write", + "description": "Grants permission to create a new Facet in a schema", + "privilege": "CreateFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions associated a Lambda function", - "privilege": "ListDistributionsByLambdaFunction", + "access_level": "Write", + "description": "Grants permission to create an index object", + "privilege": "CreateIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy", - "privilege": "ListDistributionsByOriginRequestPolicyId", + "access_level": "Write", + "description": "Grants permission to create an object in a Directory", + "privilege": "CreateObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of distributions that have a cache behavior that\u2019s associated with the specified real-time log configuration", - "privilege": "ListDistributionsByRealtimeLogConfig", + "access_level": "Write", + "description": "Grants permission to create a new schema in a development state", + "privilege": "CreateSchema", "resource_types": [ { "condition_keys": [], @@ -34326,555 +36872,501 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified response headers policy", - "privilege": "ListDistributionsByResponseHeadersPolicyId", + "access_level": "Write", + "description": "Grants permission to create a new Typed Link facet in a schema", + "privilege": "CreateTypedLinkFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the distributions associated with your AWS account with given AWS WAF web ACL", - "privilege": "ListDistributionsByWebACLId", + "access_level": "Write", + "description": "Grants permission to delete a directory. Only disabled directories can be deleted", + "privilege": "DeleteDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all field-level encryption configurations that have been created in CloudFront for this account", - "privilege": "ListFieldLevelEncryptionConfigs", + "access_level": "Write", + "description": "Grants permission to delete a given Facet. All attributes and Rules associated with the facet will be deleted", + "privilege": "DeleteFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all field-level encryption profiles that have been created in CloudFront for this account", - "privilege": "ListFieldLevelEncryptionProfiles", + "access_level": "Write", + "description": "Grants permission to delete an object and its associated attributes", + "privilege": "DeleteObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of CloudFront functions", - "privilege": "ListFunctions", + "access_level": "Write", + "description": "Grants permission to delete a given schema", + "privilege": "DeleteSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your invalidation batches", - "privilege": "ListInvalidations", + "access_level": "Write", + "description": "Grants permission to delete a given TypedLink Facet. All attributes and Rules associated with the facet will be deleted", + "privilege": "DeleteTypedLinkFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all key groups that have been created in CloudFront for this account", - "privilege": "ListKeyGroups", + "access_level": "Write", + "description": "Grants permission to detach the specified object from the specified index", + "privilege": "DetachFromIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all origin access controls in the account", - "privilege": "ListOriginAccessControls", + "access_level": "Write", + "description": "Grants permission to detach a given object from the parent object", + "privilege": "DetachObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all origin request policies that have been created in CloudFront for this account", - "privilege": "ListOriginRequestPolicies", + "access_level": "Write", + "description": "Grants permission to detach a policy from an object", + "privilege": "DetachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all public keys that have been added to CloudFront for this account", - "privilege": "ListPublicKeys", + "access_level": "Write", + "description": "Grants permission to detach a given typed link b/w given source and target object reference", + "privilege": "DetachTypedLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list CloudFront rate cards for the account", - "privilege": "ListRateCards", + "access_level": "Write", + "description": "Grants permission to disable the specified directory", + "privilege": "DisableDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of real-time log configurations", - "privilege": "ListRealtimeLogConfigs", + "access_level": "Write", + "description": "Grants permission to enable the specified directory", + "privilege": "EnableDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all response headers policies that have been created in CloudFront for this account", - "privilege": "ListResponseHeadersPolicies", + "access_level": "Read", + "description": "Grants permission to return current applied schema version ARN, including the minor version in use", + "privilege": "GetAppliedSchemaVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" } ] }, { - "access_level": "List", - "description": "Grants permission to list savings plans in the account", - "privilege": "ListSavingsPlans", + "access_level": "Read", + "description": "Grants permission to retrieve metadata about a directory", + "privilege": "GetDirectory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your RTMP distributions", - "privilege": "ListStreamingDistributions", + "access_level": "Read", + "description": "Grants permission to get details of the Facet, such as Facet Name, Attributes, Rules, or ObjectType", + "privilege": "GetFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for a CloudFront resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve attributes that are associated with a typed link", + "privilege": "GetLinkAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to list CloudFront usage", - "privilege": "ListUsages", + "access_level": "Read", + "description": "Grants permission to retrieve attributes within a facet that are associated with an object", + "privilege": "GetObjectAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish a CloudFront function", - "privilege": "PublishFunction", + "access_level": "Read", + "description": "Grants permission to retrieve metadata about an object", + "privilege": "GetObjectInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "directory*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a CloudFront resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve a JSON representation of the schema", + "privilege": "GetSchemaAsJson", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution" + "resource_type": "appliedSchema*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution" + "resource_type": "developmentSchema*" }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to test a CloudFront function", - "privilege": "TestFunction", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a CloudFront resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to return identity attributes order information associated with a given typed link facet", + "privilege": "GetTypedLinkFacetInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution" + "resource_type": "appliedSchema*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution" + "resource_type": "developmentSchema*" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a cache policy", - "privilege": "UpdateCachePolicy", + "access_level": "List", + "description": "Grants permission to list schemas applied to a directory", + "privilege": "ListAppliedSchemaArns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cache-policy*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the configuration for a CloudFront origin access identity", - "privilege": "UpdateCloudFrontOriginAccessIdentity", + "access_level": "Read", + "description": "Grants permission to list indices attached to an object", + "privilege": "ListAttachedIndices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-identity*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a continuous-deployment policy", - "privilege": "UpdateContinuousDeploymentPolicy", + "access_level": "List", + "description": "Grants permission to retrieve the ARNs of schemas in the development state", + "privilege": "ListDevelopmentSchemaArns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "continuous-deployment-policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration for a web distribution", - "privilege": "UpdateDistribution", + "access_level": "List", + "description": "Grants permission to list directories created within an account", + "privilege": "ListDirectories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distribution*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a field-level encryption configuration", - "privilege": "UpdateFieldLevelEncryptionConfig", + "access_level": "Read", + "description": "Grants permission to retrieve attributes attached to the facet", + "privilege": "ListFacetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a field-level encryption profile", - "privilege": "UpdateFieldLevelEncryptionProfile", + "access_level": "Read", + "description": "Grants permission to retrieve the names of facets that exist in a schema", + "privilege": "ListFacetNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "field-level-encryption-profile*" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a CloudFront function", - "privilege": "UpdateFunction", + "access_level": "Read", + "description": "Grants permission to return a paginated list of all incoming TypedLinks for a given object", + "privilege": "ListIncomingTypedLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a key group", - "privilege": "UpdateKeyGroup", + "access_level": "Read", + "description": "Grants permission to list objects attached to the specified index", + "privilege": "ListIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an origin access control", - "privilege": "UpdateOriginAccessControl", + "access_level": "List", + "description": "Grants permission to list the major version families of each managed schema. If a major version ARN is provided as SchemaArn, the minor version revisions in that family are listed instead", + "privilege": "ListManagedSchemaArns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-access-control*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an origin request policy", - "privilege": "UpdateOriginRequestPolicy", + "access_level": "Read", + "description": "Grants permission to list all attributes associated with an object", + "privilege": "ListObjectAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin-request-policy*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update public key information", - "privilege": "UpdatePublicKey", + "access_level": "Read", + "description": "Grants permission to return a paginated list of child objects associated with a given object", + "privilege": "ListObjectChildren", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a real-time log configuration", - "privilege": "UpdateRealtimeLogConfig", + "access_level": "Read", + "description": "Grants permission to retrieve all available parent paths for any object type such as node, leaf node, policy node, and index node objects", + "privilege": "ListObjectParentPaths", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "realtime-log-config*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a response headers policy", - "privilege": "UpdateResponseHeadersPolicy", + "access_level": "Read", + "description": "Grants permission to list parent objects associated with a given object in pagination fashion", + "privilege": "ListObjectParents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "response-headers-policy*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a savings plan", - "privilege": "UpdateSavingsPlan", + "access_level": "Read", + "description": "Grants permission to return policies attached to an object in pagination fashion", + "privilege": "ListObjectPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration for an RTMP distribution", - "privilege": "UpdateStreamingDistribution", + "access_level": "Read", + "description": "Grants permission to return a paginated list of all outgoing TypedLinks for a given object", + "privilege": "ListOutgoingTypedLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-distribution*" + "resource_type": "directory*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "distribution" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:streaming-distribution/${DistributionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "streaming-distribution" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-identity/${Id}", - "condition_keys": [], - "resource": "origin-access-identity" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-config/${Id}", - "condition_keys": [], - "resource": "field-level-encryption-config" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-profile/${Id}", - "condition_keys": [], - "resource": "field-level-encryption-profile" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:cache-policy/${Id}", - "condition_keys": [], - "resource": "cache-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:origin-request-policy/${Id}", - "condition_keys": [], - "resource": "origin-request-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:realtime-log-config/${Name}", - "condition_keys": [], - "resource": "realtime-log-config" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:function/${Name}", - "condition_keys": [], - "resource": "function" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:response-headers-policy/${Id}", - "condition_keys": [], - "resource": "response-headers-policy" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-control/${Id}", - "condition_keys": [], - "resource": "origin-access-control" - }, - { - "arn": "arn:${Partition}:cloudfront::${Account}:continuous-deployment-policy/${Id}", - "condition_keys": [], - "resource": "continuous-deployment-policy" - } - ], - "service_name": "Amazon CloudFront" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to return all of the ObjectIdentifiers to which a given policy is attached", + "privilege": "ListPolicyAttachments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "directory*" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudhsm", - "privileges": [ - { - "access_level": "Tagging", - "description": "Adds or overwrites one or more tags for the specified AWS CloudHSM resource", - "privilege": "AddTagsToResource", + "access_level": "List", + "description": "Grants permission to retrieve published schema ARNs", + "privilege": "ListPublishedSchemaArns", "resource_types": [ { "condition_keys": [], @@ -34884,229 +37376,277 @@ ] }, { - "access_level": "Write", - "description": "Creates a copy of a backup in the specified region", - "privilege": "CopyBackupToRegion", + "access_level": "Read", + "description": "Grants permission to return tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Creates a new AWS CloudHSM cluster", - "privilege": "CreateCluster", + "access_level": "Read", + "description": "Grants permission to return a paginated list of attributes associated with typed link facet", + "privilege": "ListTypedLinkFacetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" + "resource_type": "appliedSchema*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Creates a high-availability partition group", - "privilege": "CreateHapg", + "access_level": "Read", + "description": "Grants permission to return a paginated list of typed link facet names that exist in a schema", + "privilege": "ListTypedLinkFacetNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Write", - "description": "Creates a new hardware security module (HSM) in the specified AWS CloudHSM cluster", - "privilege": "CreateHsm", + "access_level": "Read", + "description": "Grants permission to list all policies from the root of the Directory to the object specified", + "privilege": "LookupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Creates an HSM client", - "privilege": "CreateLunaClient", + "description": "Grants permission to publish a development schema with a version", + "privilege": "PublishSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { "access_level": "Write", - "description": "Deletes the specified CloudHSM backup", - "privilege": "DeleteBackup", + "description": "Grants permission to update a schema using JSON upload. Only available for development schemas", + "privilege": "PutSchemaFromJson", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Deletes the specified AWS CloudHSM cluster", - "privilege": "DeleteCluster", + "description": "Grants permission to remove the specified facet from the specified object", + "privilege": "RemoveFacetFromObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Deletes a high-availability partition group", - "privilege": "DeleteHapg", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Deletes the specified HSM", - "privilege": "DeleteHsm", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Deletes a client", - "privilege": "DeleteLunaClient", + "description": "Grants permission to add/update/delete existing Attributes, Rules, or ObjectType of a Facet", + "privilege": "UpdateFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "appliedSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "developmentSchema*" } ] }, { - "access_level": "Read", - "description": "Gets information about backups of AWS CloudHSM clusters", - "privilege": "DescribeBackups", + "access_level": "Write", + "description": "Grants permission to update a given typed link\u2019s attributes. Attributes to be updated must not contribute to the typed link\u2019s identity, as defined by its IdentityAttributeOrder", + "privilege": "UpdateLinkAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Gets information about AWS CloudHSM clusters", - "privilege": "DescribeClusters", + "access_level": "Write", + "description": "Grants permission to update a given object's attributes", + "privilege": "UpdateObjectAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Read", - "description": "Retrieves information about a high-availability partition group", - "privilege": "DescribeHapg", + "access_level": "Write", + "description": "Grants permission to update the schema name with a new name", + "privilege": "UpdateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "Read", - "description": "Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number", - "privilege": "DescribeHsm", + "access_level": "Write", + "description": "Grants permission to add/update/delete existing Attributes, Rules, identity attribute order of a TypedLink Facet", + "privilege": "UpdateTypedLinkFacet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" } ] }, { - "access_level": "Read", - "description": "Retrieves information about an HSM client", - "privilege": "DescribeLunaClient", + "access_level": "Write", + "description": "Grants permission to upgrade a single directory in-place using the PublishedSchemaArn with schema updates found in MinorVersion. Backwards-compatible minor version upgrades are instantaneously available for readers on all objects in the directory", + "privilege": "UpgradeAppliedSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] }, { - "access_level": "Read", - "description": "Gets the configuration files necessary to connect to all high availability partition groups the client is associated with", - "privilege": "GetConfig", + "access_level": "Write", + "description": "Grants permission to upgrade a published schema under a new minor version revision using the current contents of DevelopmentSchemaArn", + "privilege": "UpgradePublishedSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "developmentSchema*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "publishedSchema*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}/schema/${SchemaName}/${Version}", + "condition_keys": [], + "resource": "appliedSchema" + }, + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/development/${SchemaName}", + "condition_keys": [], + "resource": "developmentSchema" + }, + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}", + "condition_keys": [], + "resource": "directory" }, + { + "arn": "arn:${Partition}:clouddirectory:${Region}:${Account}:schema/published/${SchemaName}/${Version}", + "condition_keys": [], + "resource": "publishedSchema" + } + ], + "service_name": "Amazon Cloud Directory" + }, + { + "conditions": [], + "prefix": "cloudformation", + "privileges": [ { "access_level": "Write", - "description": "Claims an AWS CloudHSM cluster", - "privilege": "InitializeCluster", + "description": "Grants permission to cancel resource requests in your account", + "privilege": "CancelResourceRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Lists the Availability Zones that have available AWS CloudHSM capacity", - "privilege": "ListAvailableZones", + "access_level": "Write", + "description": "Grants permission to create resources in your account", + "privilege": "CreateResource", "resource_types": [ { "condition_keys": [], @@ -35116,9 +37656,9 @@ ] }, { - "access_level": "List", - "description": "Lists the high-availability partition groups for the account", - "privilege": "ListHapgs", + "access_level": "Write", + "description": "Grants permission to delete resources in your account", + "privilege": "DeleteResource", "resource_types": [ { "condition_keys": [], @@ -35128,9 +37668,9 @@ ] }, { - "access_level": "List", - "description": "Retrieves the identifiers of all of the HSMs provisioned for the current customer", - "privilege": "ListHsms", + "access_level": "Read", + "description": "Grants permission to get resources in your account", + "privilege": "GetResource", "resource_types": [ { "condition_keys": [], @@ -35140,9 +37680,9 @@ ] }, { - "access_level": "List", - "description": "Lists all of the clients", - "privilege": "ListLunaClients", + "access_level": "Read", + "description": "Grants permission to get resource requests in your account", + "privilege": "GetResourceRequestStatus", "resource_types": [ { "condition_keys": [], @@ -35153,25 +37693,20 @@ }, { "access_level": "Read", - "description": "Gets a list of tags for the specified AWS CloudHSM cluster", - "privilege": "ListTags", + "description": "Grants permission to list resource requests in your account", + "privilege": "ListResourceRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Returns a list of all tags for the specified AWS CloudHSM resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list resources in your account", + "privilege": "ListResources", "resource_types": [ { "condition_keys": [], @@ -35182,32 +37717,91 @@ }, { "access_level": "Write", - "description": "Modifies attributes for AWS CloudHSM backup", - "privilege": "ModifyBackupAttributes", + "description": "Grants permission to update resources in your account", + "privilege": "UpdateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Cloud Control API" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "cloudformation:ChangeSetName", + "description": "Filters access by an AWS CloudFormation change set name. Use to control which change sets IAM users can execute or delete", + "type": "String" + }, + { + "condition": "cloudformation:ImportResourceTypes", + "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they want to import a resource into a stack", + "type": "String" + }, + { + "condition": "cloudformation:ResourceTypes", + "description": "Filters access by the template resource types, such as AWS::EC2::Instance. Use to control which resource types IAM users can work with when they create or update a stack", + "type": "ArrayOfString" + }, + { + "condition": "cloudformation:RoleArn", + "description": "Filters access by the ARN of an IAM service role. Use to control which service role IAM users can use to work with stacks or change sets", + "type": "ARN" + }, + { + "condition": "cloudformation:StackPolicyUrl", + "description": "Filters access by an Amazon S3 stack policy URL. Use to control which stack policies IAM users can associate with a stack during a create or update stack action", + "type": "String" + }, + { + "condition": "cloudformation:TargetRegion", + "description": "Filters access by stack set target region. Use to control which regions IAM users can use when they create or update stack sets", + "type": "ArrayOfString" }, + { + "condition": "cloudformation:TemplateUrl", + "description": "Filters access by an Amazon S3 template URL. Use to control which templates IAM users can use when they create or update stacks", + "type": "String" + } + ], + "prefix": "cloudformation", + "privileges": [ { "access_level": "Write", - "description": "Modifies AWS CloudHSM cluster", - "privilege": "ModifyCluster", + "description": "Grants permission to activate trusted access between StackSets and Organizations. With trusted access between StackSets and Organizations activated, the management account has permissions to create and manage StackSets for your organization", + "privilege": "ActivateOrganizationsAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Modifies an existing high-availability partition group", - "privilege": "ModifyHapg", + "description": "Grants permission to activate a public third-party extension, making it available for use in stack templates", + "privilege": "ActivateType", "resource_types": [ { "condition_keys": [], @@ -35217,9 +37811,9 @@ ] }, { - "access_level": "Write", - "description": "Modifies an HSM", - "privilege": "ModifyHsm", + "access_level": "Read", + "description": "Grants permission to return configuration data for the specified CloudFormation extensions", + "privilege": "BatchDescribeTypeConfigurations", "resource_types": [ { "condition_keys": [], @@ -35230,57 +37824,89 @@ }, { "access_level": "Write", - "description": "Modifies the certificate used by the client", - "privilege": "ModifyLunaClient", + "description": "Grants permission to cancel an update on the specified stack", + "privilege": "CancelUpdateStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack*" } ] }, { - "access_level": "Tagging", - "description": "Removes one or more tags from the specified AWS CloudHSM resource", - "privilege": "RemoveTagsFromResource", + "access_level": "Write", + "description": "Grants permission to continue rolling back a stack that is in the UPDATE_ROLLBACK_FAILED state to the UPDATE_ROLLBACK_COMPLETE state", + "privilege": "ContinueUpdateRollback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:RoleArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Restores the specified CloudHSM backup", - "privilege": "RestoreBackup", + "description": "Grants permission to create a list of changes for a stack", + "privilege": "CreateChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ChangeSetName", + "cloudformation:ResourceTypes", + "cloudformation:ImportResourceTypes", + "cloudformation:RoleArn", + "cloudformation:StackPolicyUrl", + "cloudformation:TemplateUrl", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Adds or overwrites one or more tags for the specified AWS CloudHSM cluster", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a template from existing resources that are not already managed with CloudFormation", + "privilege": "CreateGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a stack as specified in the template", + "privilege": "CreateStack", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "stack*" }, { "condition_keys": [ + "cloudformation:ResourceTypes", + "cloudformation:RoleArn", + "cloudformation:StackPolicyUrl", + "cloudformation:TemplateUrl", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -35290,807 +37916,760 @@ ] }, { - "access_level": "Tagging", - "description": "Removes the specified tag or tags from the specified AWS CloudHSM cluster", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create stack instances for the specified accounts, within the specified regions", + "privilege": "CreateStackInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup" + "resource_type": "stackset*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "stackset-target" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "type" }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "cloudformation:TargetRegion" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:backup/${CloudHsmBackupInstanceName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "backup" }, { - "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:cluster/${CloudHsmClusterInstanceName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster" - } - ], - "service_name": "AWS CloudHSM" - }, - { - "conditions": [], - "prefix": "cloudsearch", - "privileges": [ - { - "access_level": "Tagging", - "description": "Attaches resource tags to an Amazon CloudSearch domain", - "privilege": "AddTags", + "access_level": "Write", + "description": "Grants permission to create a stackset as specified in the template", + "privilege": "CreateStackSet", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloudformation:RoleArn", + "cloudformation:TemplateUrl", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Indexes the search suggestions", - "privilege": "BuildSuggesters", + "description": "Grants permission to upload templates to Amazon S3 buckets. Used only by the AWS CloudFormation console and is not documented in the API reference", + "privilege": "CreateUploadBucket", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Creates a new search domain", - "privilege": "CreateDomain", + "description": "Grants permission to deactivate trusted access between StackSets and Organizations. If trusted access is deactivated, the management account does not have permissions to create and manage service-managed StackSets for your organization", + "privilege": "DeactivateOrganizationsAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Configures an analysis scheme that can be applied to a text or text-array field to define language-specific text processing options", - "privilege": "DefineAnalysisScheme", + "description": "Grants permission to deactivate a public extension that was previously activated in this account and region", + "privilege": "DeactivateType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Configures an Expression for the search domain", - "privilege": "DefineExpression", + "description": "Grants permission to delete the specified change set. Deleting change sets ensures that no one executes the wrong change set", + "privilege": "DeleteChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ChangeSetName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Configures an IndexField for the search domain", - "privilege": "DefineIndexField", + "description": "Grants permission to delete a generated template", + "privilege": "DeleteGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Configures a suggester for a domain", - "privilege": "DefineSuggester", + "description": "Grants permission to delete a specified stack", + "privilege": "DeleteStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:RoleArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Deletes an analysis scheme", - "privilege": "DeleteAnalysisScheme", + "description": "Grants permission to delete stack instances for the specified accounts, in the specified regions", + "privilege": "DeleteStackInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stackset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset-target" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "type" + }, + { + "condition_keys": [ + "cloudformation:TargetRegion" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Permanently deletes a search domain and all of its data", - "privilege": "DeleteDomain", + "description": "Grants permission to delete a specified stackset", + "privilege": "DeleteStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stackset*" } ] }, { "access_level": "Write", - "description": "Removes an Expression from the search domain", - "privilege": "DeleteExpression", + "description": "Grants permission to deregister an existing CloudFormation type or type version", + "privilege": "DeregisterType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Removes an IndexField from the search domain", - "privilege": "DeleteIndexField", + "access_level": "Read", + "description": "Grants permission to retrieve your account's AWS CloudFormation limits", + "privilege": "DescribeAccountLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Deletes a suggester", - "privilege": "DeleteSuggester", + "access_level": "Read", + "description": "Grants permission to return the description for the specified change set", + "privilege": "DescribeChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ChangeSetName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Gets the analysis schemes configured for a domain", - "privilege": "DescribeAnalysisSchemes", + "description": "Grants permission to return the Hook invocation information for the specified change set", + "privilege": "DescribeChangeSetHooks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ChangeSetName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Gets the availability options configured for a domain", - "privilege": "DescribeAvailabilityOptions", + "description": "Grants permission to describe a generated template. The output includes details about the progress of the creation of a generated template", + "privilege": "DescribeGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Gets the domain endpoint options configured for a domain", - "privilege": "DescribeDomainEndpointOptions", + "description": "Grants permission to return information about the account's OrganizationAccess status", + "privilege": "DescribeOrganizationsAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Gets information about the search domains owned by this account", - "privilege": "DescribeDomains", + "access_level": "Read", + "description": "Grants permission to return information about a CloudFormation extension publisher", + "privilege": "DescribePublisher", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Gets the expressions configured for the search domain", - "privilege": "DescribeExpressions", + "description": "Grants permission to describe details of a resource scan", + "privilege": "DescribeResourceScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Gets information about the index fields configured for the search domain", - "privilege": "DescribeIndexFields", + "description": "Grants permission to return information about a stack drift detection operation", + "privilege": "DescribeStackDriftDetectionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Gets the scaling parameters configured for a domain", - "privilege": "DescribeScalingParameters", + "description": "Grants permission to return all stack related events for a specified stack", + "privilege": "DescribeStackEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" } ] }, { "access_level": "Read", - "description": "Gets information about the access policies that control access to the domain's document and search endpoints", - "privilege": "DescribeServiceAccessPolicies", + "description": "Grants permission to return the stack instance that's associated with the specified stack set, AWS account, and region", + "privilege": "DescribeStackInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stackset*" } ] }, { "access_level": "Read", - "description": "Gets the suggesters configured for a domain", - "privilege": "DescribeSuggesters", + "description": "Grants permission to return a description of the specified resource in the specified stack", + "privilege": "DescribeStackResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Tells the search domain to start indexing its documents using the latest indexing options", - "privilege": "IndexDocuments", + "access_level": "Read", + "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack", + "privilege": "DescribeStackResourceDrifts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" } ] }, { - "access_level": "List", - "description": "Lists all search domains owned by an account", - "privilege": "ListDomainNames", + "access_level": "Read", + "description": "Grants permission to return AWS resource descriptions for running and deleted stacks", + "privilege": "DescribeStackResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" } ] }, { "access_level": "Read", - "description": "Displays all of the resource tags for an Amazon CloudSearch domain", - "privilege": "ListTags", + "description": "Grants permission to return the description of the specified stack set", + "privilege": "DescribeStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stackset*" } ] }, { - "access_level": "Tagging", - "description": "Removes the specified resource tags from an Amazon ES domain", - "privilege": "RemoveTags", + "access_level": "Read", + "description": "Grants permission to return the description of the specified stack set operation", + "privilege": "DescribeStackSetOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Configures the availability options for a domain", - "privilege": "UpdateAvailabilityOptions", + "access_level": "List", + "description": "Grants permission to return the description for the specified stack, and to all stacks when used in combination with the ListStacks action", + "privilege": "DescribeStacks", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "dependent_actions": [ + "cloudformation:ListStacks" + ], + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Configures the domain endpoint options for a domain", - "privilege": "UpdateDomainEndpointOptions", + "access_level": "Read", + "description": "Grants permission to return information about the CloudFormation type requested", + "privilege": "DescribeType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Configures scaling parameters for a domain", - "privilege": "UpdateScalingParameters", + "access_level": "Read", + "description": "Grants permission to return information about the registration process for a CloudFormation type", + "privilege": "DescribeTypeRegistration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Configures the access rules that control access to the domain's document and search endpoints", - "privilege": "UpdateServiceAccessPolicies", + "access_level": "Read", + "description": "Grants permission to detects whether a stack's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", + "privilege": "DetectStackDrift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Allows access to the document service operations", - "privilege": "document", + "access_level": "Read", + "description": "Grants permission to return information about whether a resource's actual configuration differs, or has drifted, from it's expected configuration, as defined in the stack template and any values specified as template parameters", + "privilege": "DetectStackResourceDrift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "stack*" } ] }, { "access_level": "Read", - "description": "Allows access to the search operations", - "privilege": "search", + "description": "Grants permission to enable users to detect drift on a stack set and the stack instances that belong to that stack set", + "privilege": "DetectStackSetDrift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "stackset*" } ] }, { "access_level": "Read", - "description": "Allows access to the suggest operations", - "privilege": "suggest", + "description": "Grants permission to return the estimated monthly cost of a template", + "privilege": "EstimateTemplateCost", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloudformation:TemplateUrl" + ], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudsearch:${Region}:${Account}:domain/${DomainName}", - "condition_keys": [], - "resource": "domain" - } - ], - "service_name": "Amazon CloudSearch" - }, - { - "conditions": [], - "prefix": "cloudshell", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permissions to create a CloudShell environment", - "privilege": "CreateEnvironment", + "description": "Grants permission to update a stack using the input information that was provided when the specified change set was created", + "privilege": "ExecuteChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:ChangeSetName" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console", - "privilege": "CreateSession", + "access_level": "Read", + "description": "Grants permission to retrieve a generated template", + "privilege": "GetGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a CloudShell environment", - "privilege": "DeleteEnvironment", + "access_level": "Read", + "description": "Grants permission to return the stack policy for a specified stack", + "privilege": "GetStackPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "stack*" } ] }, { "access_level": "Read", - "description": "Grants permission to read a CloudShell environment status", - "privilege": "GetEnvironmentStatus", + "description": "Grants permission to return the template body for a specified stack", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permissions to download files from a CloudShell environment", - "privilege": "GetFileDownloadUrls", + "access_level": "Read", + "description": "Grants permission to return information about a new or existing template", + "privilege": "GetTemplateSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "stack" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stackset" + }, + { + "condition_keys": [ + "cloudformation:TemplateUrl" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permissions to upload files to a CloudShell environment", - "privilege": "GetFileUploadUrls", + "description": "Grants permission to enable users to import existing stacks to a new or existing stackset", + "privilege": "ImportStacksToStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permissions to forward console credentials to the environment", - "privilege": "PutCredentials", + "access_level": "List", + "description": "Grants permission to return the ID and status of each active change set for a stack. For example, AWS CloudFormation lists change sets that are in the CREATE_IN_PROGRESS or CREATE_PENDING state", + "privilege": "ListChangeSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a stopped CloudShell environment", - "privilege": "StartEnvironment", + "access_level": "List", + "description": "Grants permission to list all exported output values in the account and region in which you call this action", + "privilege": "ListExports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a running CloudShell environment", - "privilege": "StopEnvironment", + "access_level": "List", + "description": "Grants permission to list your generated templates in this Region", + "privilege": "ListGeneratedTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudshell:${Region}:${Account}:environment/${EnvironmentId}", - "condition_keys": [], - "resource": "Environment" - } - ], - "service_name": "AWS CloudShell" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudtrail", - "privileges": [ - { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a trail, event data store, or channel, up to a limit of 50", - "privilege": "AddTags", + "access_level": "List", + "description": "Grants permission to list all stacks that are importing an exported output value", + "privilege": "ListImports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trail" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a running query", - "privilege": "CancelQuery", + "access_level": "List", + "description": "Grants permission to list the related resources for a list of resources from a resource scan. The response indicates whether each returned resource is already managed by CloudFormation", + "privilege": "ListResourceScanRelatedResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a channel", - "privilege": "CreateChannel", + "access_level": "List", + "description": "Grants permission to list the resources from a resource scan. The results can be filtered by resource identifier, resource type prefix, tag key, and tag value", + "privilege": "ListResourceScanResources", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags" - ], - "resource_type": "channel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an event data store", - "privilege": "CreateEventDataStore", + "access_level": "List", + "description": "Grants permission to list the resource scans from newest to oldest. By default it will return up to 10 resource scans", + "privilege": "ListResourceScans", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags", - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "kms:Decrypt", - "kms:GenerateDataKey", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "eventdatastore*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service", - "privilege": "CreateServiceLinkedChannel", + "access_level": "List", + "description": "Grants permission to return drift information for the resources that have been checked for drift in the specified stack instance", + "privilege": "ListStackInstanceResourceDrifts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket", - "privilege": "CreateTrail", + "access_level": "List", + "description": "Grants permission to return summary information about stack instances that are associated with the specified stack set", + "privilege": "ListStackInstances", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudtrail:AddTags", - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "trail*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel", - "privilege": "DeleteChannel", + "access_level": "List", + "description": "Grants permission to return descriptions of all resources of the specified stack", + "privilege": "ListStackResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an event data store", - "privilege": "DeleteEventDataStore", + "access_level": "List", + "description": "Grants permission to return summary information about StackSet Auto Deployment Targets", + "privilege": "ListStackSetAutoDeploymentTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a resource policy from the provided resource", - "privilege": "DeleteResourcePolicy", + "access_level": "List", + "description": "Grants permission to return summary information about the results of a stack set operation", + "privilege": "ListStackSetOperationResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a service-linked channel", - "privilege": "DeleteServiceLinkedChannel", + "access_level": "List", + "description": "Grants permission to return summary information about operations performed on a stack set", + "privilege": "ListStackSetOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "stackset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a trail", - "privilege": "DeleteTrail", + "access_level": "List", + "description": "Grants permission to return summary information about stack sets that are associated with the user", + "privilege": "ListStackSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister an AWS Organizations member account as a delegated administrator", - "privilege": "DeregisterOrganizationDelegatedAdmin", + "access_level": "List", + "description": "Grants permission to return the summary information for stacks whose status matches the specified StackStatusFilter. In combination with the DescribeStacks action, grants permission to list descriptions for stacks", + "privilege": "ListStacks", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DeregisterDelegatedAdministrator", - "organizations:ListAWSServiceAccessForOrganization" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list details for the query", - "privilege": "DescribeQuery", + "access_level": "List", + "description": "Grants permission to list CloudFormation type registration attempts", + "privilege": "ListTypeRegistrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the trails associated with the current region for your account", - "privilege": "DescribeTrails", + "access_level": "List", + "description": "Grants permission to list versions of a particular CloudFormation type", + "privilege": "ListTypeVersions", "resource_types": [ { "condition_keys": [], @@ -36100,45 +38679,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a specific channel", - "privilege": "GetChannel", + "access_level": "List", + "description": "Grants permission to list available CloudFormation types", + "privilege": "ListTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the event data store", - "privilege": "GetEventDataStore", + "access_level": "Write", + "description": "Grants permission to publish the specified extension to the CloudFormation registry as a public extension in this region", + "privilege": "PublishType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for event selectors configured for a trail", - "privilege": "GetEventSelectors", + "access_level": "Write", + "description": "Grants permission to record the handler progress", + "privilege": "RecordHandlerProgress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "stack*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a specific import", - "privilege": "GetImport", + "access_level": "Write", + "description": "Grants permission to register account as a publisher of public extensions in the CloudFormation registry", + "privilege": "RegisterPublisher", "resource_types": [ { "condition_keys": [], @@ -36148,84 +38727,95 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list CloudTrail Insights selectors that are configured for a trail", - "privilege": "GetInsightSelectors", + "access_level": "Write", + "description": "Grants permission to register a new CloudFormation type", + "privilege": "RegisterType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch results of a complete query", - "privilege": "GetQueryResults", + "access_level": "Write", + "description": "Grants permission to rollback the stack to the last stable state", + "privilege": "RollbackStack", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "kms:GenerateDataKey" + "dependent_actions": [], + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:RoleArn" ], - "resource_type": "eventdatastore*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the resource policy attached to the provided resource", - "privilege": "GetResourcePolicy", + "access_level": "Permissions management", + "description": "Grants permission to set a stack policy for a specified stack", + "privilege": "SetStackPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "stack*" + }, + { + "condition_keys": [ + "cloudformation:StackPolicyUrl" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the service-linked channel", - "privilege": "GetServiceLinkedChannel", + "access_level": "Write", + "description": "Grants permission to set the configuration data for a registered CloudFormation extension, in the given account and region", + "privilege": "SetTypeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list settings for the trail", - "privilege": "GetTrail", + "access_level": "Write", + "description": "Grants permission to set which version of a CloudFormation type applies to CloudFormation operations", + "privilege": "SetTypeDefaultVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a JSON-formatted list of information about the specified trail", - "privilege": "GetTrailStatus", + "access_level": "Write", + "description": "Grants permission to send a signal to the specified resource with a success or failure status", + "privilege": "SignalResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "stack*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the channels in the current account, and their source names", - "privilege": "ListChannels", + "access_level": "Write", + "description": "Grants permission to start a scan of the resources in this account in this Region", + "privilege": "StartResourceScan", "resource_types": [ { "condition_keys": [], @@ -36235,69 +38825,51 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list event data stores associated with the current region for your account", - "privilege": "ListEventDataStores", + "access_level": "Write", + "description": "Grants permission to stop an in-progress operation on a stack set and its associated stack instances", + "privilege": "StopStackSetOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stackset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list of failures for the specified import", - "privilege": "ListImportFailures", + "access_level": "Tagging", + "description": "Grants permission to tag cloudformation resources", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination", - "privilege": "ListImports", - "resource_types": [ + "resource_type": "changeset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range", - "privilege": "ListPublicKeys", - "resource_types": [ + "resource_type": "stack" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list queries associated with an event data store", - "privilege": "ListQueries", - "resource_types": [ + "resource_type": "stackset" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "eventdatastore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service-linked channels associated with the current region for a specified account", - "privilege": "ListServiceLinkedChannels", + "access_level": "Write", + "description": "Grants permission to test a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry", + "privilege": "TestType", "resource_types": [ { "condition_keys": [], @@ -36307,46 +38879,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for trails, event data stores, or channels in the current region", - "privilege": "ListTags", + "access_level": "Tagging", + "description": "Grants permission to untag cloudformation resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "changeset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "stack" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list trails associated with the current region for your account", - "privilege": "ListTrails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to look up API activity events captured by CloudTrail that create, update, or delete resources in your account", - "privilege": "LookupEvents", - "resource_types": [ + "resource_type": "stackset" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -36354,80 +38909,63 @@ }, { "access_level": "Write", - "description": "Grants permission to create and update event selectors for a trail", - "privilege": "PutEventSelectors", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trail*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create and update CloudTrail Insights selectors for a trail", - "privilege": "PutInsightSelectors", + "description": "Grants permission to update a generated template. This can be used to change the name, add and remove resources, refresh resources, and change the DeletionPolicy and UpdateReplacePolicy settings", + "privilege": "UpdateGeneratedTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a resource policy to the provided resource", - "privilege": "PutResourcePolicy", + "description": "Grants permission to update a stack as specified in the template", + "privilege": "UpdateStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to register an AWS Organizations member account as a delegated administrator", - "privilege": "RegisterOrganizationDelegatedAdmin", - "resource_types": [ + "resource_type": "stack*" + }, { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:RegisterDelegatedAdministrator" + "condition_keys": [ + "cloudformation:ResourceTypes", + "cloudformation:RoleArn", + "cloudformation:StackPolicyUrl", + "cloudformation:TemplateUrl", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a trail, event data store, or channel", - "privilege": "RemoveTags", + "access_level": "Write", + "description": "Grants permission to update the parameter values for stack instances for the specified accounts, within the specified regions", + "privilege": "UpdateStackInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "stackset*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore" + "resource_type": "stackset-target" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail" + "resource_type": "type" }, { "condition_keys": [ - "aws:TagKeys" + "cloudformation:TargetRegion" ], "dependent_actions": [], "resource_type": "" @@ -36436,86 +38974,32 @@ }, { "access_level": "Write", - "description": "Grants permission to restore an event data store", - "privilege": "RestoreEventDataStore", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start ingestion on an event data store", - "privilege": "StartEventDataStoreIngestion", + "description": "Grants permission to update a stackset as specified in the template", + "privilege": "UpdateStackSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventdatastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store", - "privilege": "StartImport", - "resource_types": [ + "resource_type": "stackset*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start the recording of AWS API calls and log file delivery for a trail", - "privilege": "StartLogging", - "resource_types": [ + "resource_type": "stackset-target" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trail*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a new query on a specified event data store", - "privilege": "StartQuery", - "resource_types": [ + "resource_type": "type" + }, { - "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "kms:GenerateDataKey" + "condition_keys": [ + "cloudformation:RoleArn", + "cloudformation:TemplateUrl", + "cloudformation:TargetRegion", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "eventdatastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop ingestion on an event data store", - "privilege": "StopEventDataStoreIngestion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "eventdatastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a specified import", - "privilege": "StopImport", - "resource_types": [ - { - "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -36523,270 +39007,176 @@ }, { "access_level": "Write", - "description": "Grants permission to stop the recording of AWS API calls and log file delivery for a trail", - "privilege": "StopLogging", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trail*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a channel", - "privilege": "UpdateChannel", + "description": "Grants permission to update termination protection for the specified stack", + "privilege": "UpdateTerminationProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "stack*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an event data store", - "privilege": "UpdateEventDataStore", + "access_level": "Read", + "description": "Grants permission to validate a specified template", + "privilege": "ValidateTemplate", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "kms:Decrypt", - "kms:GenerateDataKey", - "organizations:ListAWSServiceAccessForOrganization" + "condition_keys": [ + "cloudformation:TemplateUrl" ], - "resource_type": "eventdatastore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the settings that specify delivery of log files", - "privilege": "UpdateServiceLinkedChannel", - "resource_types": [ - { - "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the settings that specify delivery of log files", - "privilege": "UpdateTrail", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "organizations:ListAWSServiceAccessForOrganization" - ], - "resource_type": "trail*" + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}", - "condition_keys": [], - "resource": "trail" + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:changeSet/${ChangeSetName}/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "changeset" }, { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}", + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stack/${StackName}/${Id}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "eventdatastore" + "resource": "stack" }, { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset/${StackSetName}:${Id}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "channel" - } - ], - "service_name": "AWS CloudTrail" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" + "resource": "stackset" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:stackset-target/${StackSetTarget}", + "condition_keys": [], + "resource": "stackset-target" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "cloudtrail-data", - "privileges": [ + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:type/resource/${Type}", + "condition_keys": [], + "resource": "type" + }, { - "access_level": "Write", - "description": "Grants permission to ingest your application events into CloudTrail Lake", - "privilege": "PutAuditEvents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - } - ], - "resources": [ + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:generatedTemplate/${Id}", + "condition_keys": [], + "resource": "generatedtemplate" + }, { - "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" + "arn": "arn:${Partition}:cloudformation:${Region}:${Account}:resourceScan/${Id}", + "condition_keys": [], + "resource": "resourcescan" } ], - "service_name": "AWS CloudTrail Data" + "service_name": "AWS CloudFormation" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", - "type": "ArrayOfString" - }, - { - "condition": "cloudwatch:AlarmActions", - "description": "Filters actions based on defined alarm actions", - "type": "ArrayOfString" - }, - { - "condition": "cloudwatch:namespace", - "description": "Filters actions based on the presence of optional namespace values", - "type": "String" - }, - { - "condition": "cloudwatch:requestInsightRuleLogGroups", - "description": "Filters actions based on the Log Groups specified in an Insight Rule", - "type": "ArrayOfString" - }, - { - "condition": "cloudwatch:requestManagedResourceARNs", - "description": "Filters access by the Resource ARNs specified in a managed Insight Rule", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "cloudwatch", + "prefix": "cloudfront", "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a collection of alarms", - "privilege": "DeleteAlarms", + "description": "Grants permission to associate an alias to a CloudFront distribution", + "privilege": "AssociateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified anomaly detection model from your account", - "privilege": "DeleteAnomalyDetector", + "description": "Grants permission to copy an existing distribution and create a new web distribution", + "privilege": "CopyDistribution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "cloudfront:CopyDistribution", + "cloudfront:CreateDistribution", + "cloudfront:GetDistribution" + ], + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete all CloudWatch dashboards that you specify", - "privilege": "DeleteDashboards", + "description": "Grants permission to add a new cache policy to CloudFront", + "privilege": "CreateCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "cache-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a collection of insight rules", - "privilege": "DeleteInsightRules", + "description": "Grants permission to create a new CloudFront origin access identity", + "privilege": "CreateCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "origin-access-identity*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the CloudWatch metric stream that you specify", - "privilege": "DeleteMetricStream", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "metric-stream*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the history for the specified alarm", - "privilege": "DescribeAlarmHistory", + "description": "Grants permission to add a new continuous-deployment policy to CloudFront", + "privilege": "CreateContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "continuous-deployment-policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all alarms, currently owned by the user's account", - "privilege": "DescribeAlarms", + "access_level": "Write", + "description": "Grants permission to create a new web distribution", + "privilege": "CreateDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "distribution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all alarms configured on the specified metric, currently owned by the user's account", - "privilege": "DescribeAlarmsForMetric", + "access_level": "Write", + "description": "Grants permission to create a new field-level encryption configuration", + "privilege": "CreateFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], @@ -36796,9 +39186,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the anomaly detection models that you have created in your account", - "privilege": "DescribeAnomalyDetectors", + "access_level": "Write", + "description": "Grants permission to create a field-level encryption profile", + "privilege": "CreateFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], @@ -36808,93 +39198,93 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe all insight rules, currently owned by the user's account", - "privilege": "DescribeInsightRules", + "access_level": "Write", + "description": "Grants permission to create a CloudFront function", + "privilege": "CreateFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable actions for a collection of alarms", - "privilege": "DisableAlarmActions", + "description": "Grants permission to create a new invalidation batch request", + "privilege": "CreateInvalidation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable a collection of insight rules", - "privilege": "DisableInsightRules", + "description": "Grants permission to add a new key group to CloudFront", + "privilege": "CreateKeyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable actions for a collection of alarms", - "privilege": "EnableAlarmActions", + "description": "Grants permission to create a CloudFront KeyValueStore", + "privilege": "CreateKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "key-value-store*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable a collection of insight rules", - "privilege": "EnableInsightRules", + "description": "Grants permission to enable additional CloudWatch metrics for the specified CloudFront distribution. The additional metrics incur an additional cost", + "privilege": "CreateMonitoringSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to display the details of the CloudWatch dashboard you specify", - "privilege": "GetDashboard", + "access_level": "Write", + "description": "Grants permission to create a new origin access control", + "privilege": "CreateOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the top-N report of unique contributors over a time range for a given insight rule", - "privilege": "GetInsightRuleReport", + "access_level": "Write", + "description": "Grants permission to add a new origin request policy to CloudFront", + "privilege": "CreateOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" + "resource_type": "origin-request-policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data", - "privilege": "GetMetricData", + "access_level": "Write", + "description": "Grants permission to add a new public key to CloudFront", + "privilege": "CreatePublicKey", "resource_types": [ { "condition_keys": [], @@ -36904,33 +39294,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve statistics for the specified metric", - "privilege": "GetMetricStatistics", + "access_level": "Write", + "description": "Grants permission to create a real-time log configuration", + "privilege": "CreateRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the details of a CloudWatch metric stream", - "privilege": "GetMetricStream", + "access_level": "Write", + "description": "Grants permission to add a new response headers policy to CloudFront", + "privilege": "CreateResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve snapshots of metric widgets", - "privilege": "GetMetricWidgetImage", + "access_level": "Write", + "description": "Grants permission to create a new savings plan", + "privilege": "CreateSavingsPlan", "resource_types": [ { "condition_keys": [], @@ -36941,38 +39331,30 @@ }, { "access_level": "Write", - "description": "Grants permission to share CloudWatch resources with a monitoring account", - "privilege": "Link", + "description": "Grants permission to create a new RTMP distribution", + "privilege": "CreateStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "streaming-distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of all CloudWatch dashboards in your account", - "privilege": "ListDashboards", + "access_level": "Write", + "description": "Grants permission to create a new RTMP distribution with tags", + "privilege": "CreateStreamingDistributionWithTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list available managed Insight Rules for a given Resource ARN", - "privilege": "ListManagedInsightRules", - "resource_types": [ + "resource_type": "streaming-distribution*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:requestManagedResourceARNs" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -36980,123 +39362,96 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of all CloudWatch metric streams in your account", - "privilege": "ListMetricStreams", + "access_level": "Write", + "description": "Grants permission to delete a cache policy", + "privilege": "DeleteCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of valid metrics stored for the AWS account owner", - "privilege": "ListMetrics", + "access_level": "Write", + "description": "Grants permission to delete a CloudFront origin access identity", + "privilege": "DeleteCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for an Amazon CloudWatch resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a continuous-deployment policy", + "privilege": "DeleteContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "insight-rule" + "resource_type": "continuous-deployment-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an anomaly detection model for a CloudWatch metric", - "privilege": "PutAnomalyDetector", + "description": "Grants permission to delete a web distribution", + "privilege": "DeleteDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a composite alarm", - "privilege": "PutCompositeAlarm", + "description": "Grants permission to delete a field-level encryption configuration", + "privilege": "DeleteFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:AlarmActions" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-config*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a CloudWatch dashboard, or update an existing dashboard if it already exists", - "privilege": "PutDashboard", + "description": "Grants permission to delete a field-level encryption profile", + "privilege": "DeleteFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "field-level-encryption-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new insight rule or replace an existing insight rule", - "privilege": "PutInsightRule", + "description": "Grants permission to delete a CloudFront function", + "privilege": "DeleteFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "insight-rule*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:requestInsightRuleLogGroups" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to create managed Insight Rules", - "privilege": "PutManagedInsightRules", + "description": "Grants permission to delete a key group", + "privilege": "DeleteKeyGroup", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:requestManagedResourceARNs" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -37104,34 +39459,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an alarm and associates it with the specified Amazon CloudWatch metric", - "privilege": "PutMetricAlarm", + "description": "Grants permission to delete a CloudFront KeyValueStore", + "privilege": "DeleteKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "cloudwatch:AlarmActions" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "key-value-store*" } ] }, { "access_level": "Write", - "description": "Grants permission to publish metric data points to Amazon CloudWatch", - "privilege": "PutMetricData", + "description": "Grants permission to disable additional CloudWatch metrics for the specified CloudFront distribution", + "privilege": "DeleteMonitoringSubscription", "resource_types": [ { - "condition_keys": [ - "cloudwatch:namespace" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -37139,451 +39483,356 @@ }, { "access_level": "Write", - "description": "Grants permission to create a CloudWatch metric stream, or update an existing metric stream if it already exists", - "privilege": "PutMetricStream", + "description": "Grants permission to delete an origin access control", + "privilege": "DeleteOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-control*" } ] }, { "access_level": "Write", - "description": "Grants permission to temporarily set the state of an alarm for testing purposes", - "privilege": "SetAlarmState", + "description": "Grants permission to delete an origin request policy", + "privilege": "DeleteOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm*" + "resource_type": "origin-request-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to start all CloudWatch metric streams that you specify", - "privilege": "StartMetricStreams", + "description": "Grants permission to delete a public key from CloudFront", + "privilege": "DeletePublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop all CloudWatch metric streams that you specify", - "privilege": "StopMetricStreams", + "description": "Grants permission to delete a real-time log configuration", + "privilege": "DeleteRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-stream*" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to an Amazon CloudWatch resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a response headers policy", + "privilege": "DeleteResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "insight-rule" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from an Amazon CloudWatch resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete an RTMP distribution", + "privilege": "DeleteStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarm" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "insight-rule" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "streaming-distribution*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:alarm:${AlarmName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "alarm" - }, - { - "arn": "arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName}", - "condition_keys": [], - "resource": "dashboard" - }, - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:insight-rule/${InsightRuleName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "insight-rule" - }, - { - "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:metric-stream/${MetricStreamName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "metric-stream" - } - ], - "service_name": "Amazon CloudWatch" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codeartifact", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add an external connection to a repository", - "privilege": "AssociateExternalConnection", + "access_level": "Read", + "description": "Grants permission to get a CloudFront function summary", + "privilege": "DescribeFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an existing repository as an upstream repository to another repository", - "privilege": "AssociateWithDownstreamRepository", + "access_level": "Read", + "description": "Grants permission to get a CloudFront KeyValueStore summary", + "privilege": "DescribeKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "key-value-store*" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy package versions from one repository to another repository in the same domain", - "privilege": "CopyPackageVersions", + "access_level": "Read", + "description": "Grants permission to get the cache policy", + "privilege": "GetCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "cache-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new domain", - "privilege": "CreateDomain", + "access_level": "Read", + "description": "Grants permission to get the cache policy configuration", + "privilege": "GetCachePolicyConfig", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cache-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new repository", - "privilege": "CreateRepository", + "access_level": "Read", + "description": "Grants permission to get the information about a CloudFront origin access identity", + "privilege": "GetCloudFrontOriginAccessIdentity", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a domain", - "privilege": "DeleteDomain", + "access_level": "Read", + "description": "Grants permission to get the configuration information about a Cloudfront origin access identity", + "privilege": "GetCloudFrontOriginAccessIdentityConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource policy set on a domain", - "privilege": "DeleteDomainPermissionsPolicy", + "access_level": "Read", + "description": "Grants permission to get the continuous-deployment policy", + "privilege": "GetContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "continuous-deployment-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a package", - "privilege": "DeletePackage", + "access_level": "Read", + "description": "Grants permission to get the continuous-deployment policy configuration", + "privilege": "GetContinuousDeploymentPolicyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "continuous-deployment-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete package versions", - "privilege": "DeletePackageVersions", + "access_level": "Read", + "description": "Grants permission to get the information about a web distribution", + "privilege": "GetDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a repository", - "privilege": "DeleteRepository", + "access_level": "Read", + "description": "Grants permission to get the configuration information about a distribution", + "privilege": "GetDistributionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "distribution*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource policy set on a repository", - "privilege": "DeleteRepositoryPermissionsPolicy", + "access_level": "Read", + "description": "Grants permission to get the field-level encryption configuration information", + "privilege": "GetFieldLevelEncryption", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "field-level-encryption-config*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a domain", - "privilege": "DescribeDomain", + "description": "Grants permission to get the field-level encryption configuration information", + "privilege": "GetFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "field-level-encryption-config*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a package", - "privilege": "DescribePackage", + "description": "Grants permission to get the field-level encryption configuration information", + "privilege": "GetFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "field-level-encryption-profile*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a package version", - "privilege": "DescribePackageVersion", + "description": "Grants permission to get the field-level encryption profile configuration information", + "privilege": "GetFieldLevelEncryptionProfileConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "field-level-encryption-profile*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about a repository", - "privilege": "DescribeRepository", + "description": "Grants permission to get a CloudFront function's code", + "privilege": "GetFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate an external connection from a repository", - "privilege": "DisassociateExternalConnection", + "access_level": "Read", + "description": "Grants permission to get the information about an invalidation", + "privilege": "GetInvalidation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the status of package versions to Disposed and delete their assets", - "privilege": "DisposePackageVersions", + "access_level": "Read", + "description": "Grants permission to get a key group", + "privilege": "GetKeyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to generate a temporary authentication token for accessing repositories in a domain", - "privilege": "GetAuthorizationToken", + "description": "Grants permission to get a key group configuration", + "privilege": "GetKeyGroupConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return a domain's resource policy", - "privilege": "GetDomainPermissionsPolicy", + "description": "Grants permission to get information about whether additional CloudWatch metrics are enabled for the specified CloudFront distribution", + "privilege": "GetMonitoringSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return an asset (or file) that is part of a package version", - "privilege": "GetPackageVersionAsset", + "description": "Grants permission to get the origin access control", + "privilege": "GetOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "origin-access-control*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a package version's readme file", - "privilege": "GetPackageVersionReadme", + "description": "Grants permission to get the origin access control configuration", + "privilege": "GetOriginAccessControlConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "origin-access-control*" } ] }, { "access_level": "Read", - "description": "Grants permission to return an endpoint for a repository", - "privilege": "GetRepositoryEndpoint", + "description": "Grants permission to get the origin request policy", + "privilege": "GetOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "origin-request-policy*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a repository's resource policy", - "privilege": "GetRepositoryPermissionsPolicy", + "description": "Grants permission to get the origin request policy configuration", + "privilege": "GetOriginRequestPolicyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "origin-request-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the domains in the current user's AWS account", - "privilege": "ListDomains", + "access_level": "Read", + "description": "Grants permission to get the public key information", + "privilege": "GetPublicKey", "resource_types": [ { "condition_keys": [], @@ -37593,57 +39842,57 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list a package version's assets", - "privilege": "ListPackageVersionAssets", + "access_level": "Read", + "description": "Grants permission to get the public key configuration information", + "privilege": "GetPublicKeyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the direct dependencies of a package version", - "privilege": "ListPackageVersionDependencies", + "access_level": "Read", + "description": "Grants permission to get a real-time log configuration", + "privilege": "GetRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "List", - "description": "Grants permission to list a package's versions", - "privilege": "ListPackageVersions", + "access_level": "Read", + "description": "Grants permission to get the response headers policy", + "privilege": "GetResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the packages in a repository", - "privilege": "ListPackages", + "access_level": "Read", + "description": "Grants permission to get the response headers policy configuration", + "privilege": "GetResponseHeadersPolicyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the repositories administered by the calling account", - "privilege": "ListRepositories", + "access_level": "Read", + "description": "Grants permission to get a savings plan", + "privilege": "GetSavingsPlan", "resource_types": [ { "condition_keys": [], @@ -37653,399 +39902,309 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the repositories in a domain", - "privilege": "ListRepositoriesInDomain", + "access_level": "Read", + "description": "Grants permission to get the information about an RTMP distribution", + "privilege": "GetStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "streaming-distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for a CodeArtifact resource", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to get the configuration information about a streaming distribution", + "privilege": "GetStreamingDistributionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository" + "resource_type": "streaming-distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish assets and metadata to a repository endpoint", - "privilege": "PublishPackageVersion", + "access_level": "List", + "description": "Grants permission to list all cache policies that have been created in CloudFront for this account", + "privilege": "ListCachePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a resource policy to a domain", - "privilege": "PutDomainPermissionsPolicy", + "access_level": "List", + "description": "Grants permission to list your CloudFront origin access identities", + "privilege": "ListCloudFrontOriginAccessIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add, modify or remove package metadata using a repository endpoint", - "privilege": "PutPackageMetadata", + "access_level": "List", + "description": "Grants permission to list all aliases that conflict with the given alias in CloudFront", + "privilege": "ListConflictingAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set origin configuration for a package", - "privilege": "PutPackageOriginConfiguration", + "access_level": "List", + "description": "Grants permission to list all continuous-deployment policies in the account", + "privilege": "ListContinuousDeploymentPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a resource policy to a repository", - "privilege": "PutRepositoryPermissionsPolicy", + "access_level": "List", + "description": "Grants permission to list the distributions associated with your AWS account", + "privilege": "ListDistributions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return package assets and metadata from a repository endpoint", - "privilege": "ReadFromRepository", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified cache policy", + "privilege": "ListDistributionsByCachePolicyId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a CodeArtifact resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified key group", + "privilege": "ListDistributionsByKeyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from a CodeArtifact resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list the distributions associated a Lambda function", + "privilege": "ListDistributionsByLambdaFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the status of one or more versions of a package", - "privilege": "UpdatePackageVersionsStatus", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified origin request policy", + "privilege": "ListDistributionsByOriginRequestPolicyId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the properties of a repository", - "privilege": "UpdateRepository", + "access_level": "List", + "description": "Grants permission to get a list of distributions that have a cache behavior that\u2019s associated with the specified real-time log configuration", + "privilege": "ListDistributionsByRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:domain/${DomainName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domain" - }, - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:repository/${DomainName}/${RepositoryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "repository" - }, - { - "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package/${DomainName}/${RepositoryName}/${PackageFormat}/${PackageNamespace}/${PackageName}", - "condition_keys": [], - "resource": "package" - } - ], - "service_name": "AWS CodeArtifact" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codebuild", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to delete one or more builds", - "privilege": "BatchDeleteBuilds", + "access_level": "List", + "description": "Grants permission to list distribution IDs for distributions that have a cache behavior that's associated with the specified response headers policy", + "privilege": "ListDistributionsByResponseHeadersPolicyId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more build batches", - "privilege": "BatchGetBuildBatches", + "access_level": "List", + "description": "Grants permission to list the distributions associated with your AWS account with given AWS WAF web ACL", + "privilege": "ListDistributionsByWebACLId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more builds", - "privilege": "BatchGetBuilds", + "access_level": "List", + "description": "Grants permission to list all field-level encryption configurations that have been created in CloudFront for this account", + "privilege": "ListFieldLevelEncryptionConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more build projects", - "privilege": "BatchGetProjects", + "access_level": "List", + "description": "Grants permission to list all field-level encryption profiles that have been created in CloudFront for this account", + "privilege": "ListFieldLevelEncryptionProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of ReportGroup objects that are specified by the input reportGroupArns parameter", - "privilege": "BatchGetReportGroups", + "access_level": "List", + "description": "Grants permission to get a list of CloudFront functions", + "privilege": "ListFunctions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return an array of the Report objects specified by the input reportArns parameter", - "privilege": "BatchGetReports", + "access_level": "List", + "description": "Grants permission to list your invalidation batches", + "privilege": "ListInvalidations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "distribution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add or update information about a report", - "privilege": "BatchPutCodeCoverages", + "access_level": "List", + "description": "Grants permission to list all key groups that have been created in CloudFront for this account", + "privilege": "ListKeyGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add or update information about a report", - "privilege": "BatchPutTestCases", + "access_level": "List", + "description": "Grants permission to get a list of CloudFront KeyValueStores", + "privilege": "ListKeyValueStores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a build project", - "privilege": "CreateProject", + "access_level": "List", + "description": "Grants permission to list all origin access controls in the account", + "privilege": "ListOriginAccessControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a report. A report is created when tests specified in the buildspec file for a report groups run during the build of a project", - "privilege": "CreateReport", + "access_level": "List", + "description": "Grants permission to list all origin request policies that have been created in CloudFront for this account", + "privilege": "ListOriginRequestPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a report group", - "privilege": "CreateReportGroup", + "access_level": "List", + "description": "Grants permission to list all public keys that have been added to CloudFront for this account", + "privilege": "ListPublicKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository", - "privilege": "CreateWebhook", + "access_level": "List", + "description": "Grants permission to list CloudFront rate cards for the account", + "privilege": "ListRateCards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a build batch", - "privilege": "DeleteBuildBatch", + "access_level": "List", + "description": "Grants permission to get a list of real-time log configurations", + "privilege": "ListRealtimeLogConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", - "privilege": "DeleteOAuthToken", + "access_level": "List", + "description": "Grants permission to list all response headers policies that have been created in CloudFront for this account", + "privilege": "ListResponseHeadersPolicies", "resource_types": [ { "condition_keys": [], @@ -38055,142 +40214,121 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a build project", - "privilege": "DeleteProject", + "access_level": "List", + "description": "Grants permission to list savings plans in the account", + "privilege": "ListSavingsPlans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a report", - "privilege": "DeleteReport", + "access_level": "List", + "description": "Grants permission to list your RTMP distributions", + "privilege": "ListStreamingDistributions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a report group", - "privilege": "DeleteReportGroup", + "access_level": "Read", + "description": "Grants permission to list tags for a CloudFront resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "distribution" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a resource policy for the associated project or report group", - "privilege": "DeleteResourcePolicy", + "access_level": "List", + "description": "Grants permission to list CloudFront usage", + "privilege": "ListUsages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "report-group" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a set of GitHub, GitHub Enterprise, or Bitbucket source credentials", - "privilege": "DeleteSourceCredentials", + "description": "Grants permission to publish a CloudFront function", + "privilege": "PublishFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops AWS CodeBuild from rebuilding the source code every time a code change is pushed to the repository", - "privilege": "DeleteWebhook", + "access_level": "Tagging", + "description": "Grants permission to add tags to a CloudFront resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return an array of CodeCoverage objects", - "privilege": "DescribeCodeCoverages", - "resource_types": [ + "resource_type": "distribution" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return an array of TestCase objects", - "privilege": "DescribeTestCases", - "resource_types": [ + "resource_type": "streaming-distribution" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to analyze and accumulate test report values for the test reports in the specified report group", - "privilege": "GetReportGroupTrend", + "access_level": "Write", + "description": "Grants permission to test a CloudFront function", + "privilege": "TestFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "function*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a resource policy for the specified project or report group", - "privilege": "GetResourcePolicy", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a CloudFront resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "distribution" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to import the source repository credentials for an AWS CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository", - "privilege": "ImportSourceCredentials", - "resource_types": [ + "resource_type": "streaming-distribution" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -38198,92 +40336,92 @@ }, { "access_level": "Write", - "description": "Grants permission to reset the cache for a project", - "privilege": "InvalidateProjectCache", + "description": "Grants permission to update a cache policy", + "privilege": "UpdateCachePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "cache-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build batch IDs, with each build batch ID representing a single build batch", - "privilege": "ListBuildBatches", + "access_level": "Write", + "description": "Grants permission to set the configuration for a CloudFront origin access identity", + "privilege": "UpdateCloudFrontOriginAccessIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-identity*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build batch IDs for the specified build project, with each build batch ID representing a single build batch", - "privilege": "ListBuildBatchesForProject", + "access_level": "Write", + "description": "Grants permission to update a continuous-deployment policy", + "privilege": "UpdateContinuousDeploymentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "continuous-deployment-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build IDs, with each build ID representing a single build", - "privilege": "ListBuilds", + "access_level": "Write", + "description": "Grants permission to update the configuration for a web distribution", + "privilege": "UpdateDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "distribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build IDs for the specified build project, with each build ID representing a single build", - "privilege": "ListBuildsForProject", + "access_level": "Write", + "description": "Grants permission to update a field-level encryption configuration", + "privilege": "UpdateFieldLevelEncryptionConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list connected third-party OAuth providers. Only used in the AWS CodeBuild console", - "privilege": "ListConnectedOAuthAccounts", + "access_level": "Write", + "description": "Grants permission to update a field-level encryption profile", + "privilege": "UpdateFieldLevelEncryptionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "field-level-encryption-profile*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about Docker images that are managed by AWS CodeBuild", - "privilege": "ListCuratedEnvironmentImages", + "access_level": "Write", + "description": "Grants permission to update a CloudFront function", + "privilege": "UpdateFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of build project names, with each build project name representing a single build project", - "privilege": "ListProjects", + "access_level": "Write", + "description": "Grants permission to update a key group", + "privilege": "UpdateKeyGroup", "resource_types": [ { "condition_keys": [], @@ -38293,45 +40431,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of report group ARNs. Each report group ARN represents one report group", - "privilege": "ListReportGroups", + "access_level": "Write", + "description": "Grants permission to update a CloudFront KeyValueStore", + "privilege": "UpdateKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "key-value-store*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of report ARNs. Each report ARN representing one report", - "privilege": "ListReports", + "access_level": "Write", + "description": "Grants permission to update an origin access control", + "privilege": "UpdateOriginAccessControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin-access-control*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of report ARNs that belong to the specified report group. Each report ARN represents one report", - "privilege": "ListReportsForReportGroup", + "access_level": "Write", + "description": "Grants permission to update an origin request policy", + "privilege": "UpdateOriginRequestPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "origin-request-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", - "privilege": "ListRepositories", + "access_level": "Write", + "description": "Grants permission to update public key information", + "privilege": "UpdatePublicKey", "resource_types": [ { "condition_keys": [], @@ -38341,33 +40479,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of project ARNs that have been shared with the requester. Each project ARN represents one project", - "privilege": "ListSharedProjects", + "access_level": "Write", + "description": "Grants permission to update a real-time log configuration", + "privilege": "UpdateRealtimeLogConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "realtime-log-config*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of report group ARNs that have been shared with the requester. Each report group ARN represents one report group", - "privilege": "ListSharedReportGroups", + "access_level": "Write", + "description": "Grants permission to update a response headers policy", + "privilege": "UpdateResponseHeadersPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "response-headers-policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of SourceCredentialsInfo objects", - "privilege": "ListSourceCredentials", + "access_level": "Write", + "description": "Grants permission to update a savings plan", + "privilege": "UpdateSavingsPlan", "resource_types": [ { "condition_keys": [], @@ -38378,114 +40516,221 @@ }, { "access_level": "Write", - "description": "Grants permission to save an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", - "privilege": "PersistOAuthToken", + "description": "Grants permission to update the configuration for an RTMP distribution", + "privilege": "UpdateStreamingDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "streaming-distribution*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "distribution" }, { - "access_level": "Permissions management", - "description": "Grants permission to create a resource policy for the associated project or report group", - "privilege": "PutResourcePolicy", + "arn": "arn:${Partition}:cloudfront::${Account}:streaming-distribution/${DistributionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "streaming-distribution" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-identity/${Id}", + "condition_keys": [], + "resource": "origin-access-identity" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-config/${Id}", + "condition_keys": [], + "resource": "field-level-encryption-config" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:field-level-encryption-profile/${Id}", + "condition_keys": [], + "resource": "field-level-encryption-profile" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:cache-policy/${Id}", + "condition_keys": [], + "resource": "cache-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:origin-request-policy/${Id}", + "condition_keys": [], + "resource": "origin-request-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:realtime-log-config/${Name}", + "condition_keys": [], + "resource": "realtime-log-config" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:function/${Name}", + "condition_keys": [], + "resource": "function" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:key-value-store/${Name}", + "condition_keys": [], + "resource": "key-value-store" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:response-headers-policy/${Id}", + "condition_keys": [], + "resource": "response-headers-policy" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:origin-access-control/${Id}", + "condition_keys": [], + "resource": "origin-access-control" + }, + { + "arn": "arn:${Partition}:cloudfront::${Account}:continuous-deployment-policy/${Id}", + "condition_keys": [], + "resource": "continuous-deployment-policy" + } + ], + "service_name": "Amazon CloudFront" + }, + { + "conditions": [], + "prefix": "cloudfront-keyvaluestore", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to delete the key value pair specified by the key", + "privilege": "DeleteKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "report-group" + "resource_type": "key-value-store*" } ] }, { - "access_level": "Write", - "description": "Grants permission to retry a build", - "privilege": "RetryBuild", + "access_level": "Read", + "description": "Grants permission to return metadata information about Key Value Store", + "privilege": "DescribeKeyValueStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "key-value-store*" } ] }, { - "access_level": "Write", - "description": "Grants permission to retry a build batch", - "privilege": "RetryBuildBatch", + "access_level": "Read", + "description": "Grants permission to return a key value pair", + "privilege": "GetKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "key-value-store*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start running a build", - "privilege": "StartBuild", + "access_level": "List", + "description": "Grants permission to returns a list of key value pairs", + "privilege": "ListKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "key-value-store*" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a build batch", - "privilege": "StartBuildBatch", + "description": "Grants permission to create a new key value pair or replace the value of an existing key", + "privilege": "PutKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "key-value-store*" } ] }, { "access_level": "Write", - "description": "Grants permission to attempt to stop running a build", - "privilege": "StopBuild", + "description": "Grants permission to put or delete multiple key value pairs in a single, all-or-nothing operation", + "privilege": "UpdateKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "key-value-store*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudfront::${Account}:key-value-store/${ResourceId}", + "condition_keys": [], + "resource": "key-value-store" + } + ], + "service_name": "Amazon CloudFront KeyValueStore" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to attempt to stop running a build batch", - "privilege": "StopBuildBatch", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudhsm", + "privileges": [ + { + "access_level": "Tagging", + "description": "Adds or overwrites one or more tags for the specified AWS CloudHSM resource", + "privilege": "AddTagsToResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing build project", - "privilege": "UpdateProject", + "description": "Grants permission to create a copy of a backup in the specified region", + "privilege": "CopyBackupToRegion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" + "dependent_actions": [ + "cloudhsm:CopyBackupToRegion", + "cloudhsm:TagResource", + "cloudhsm:UntagResource" + ], + "resource_type": "backup*" }, { "condition_keys": [ @@ -38499,13 +40744,22 @@ }, { "access_level": "Write", - "description": "Grants permission to change the public visibility of a project and its builds", - "privilege": "UpdateProjectVisibility", + "description": "Grants permission to create a new AWS CloudHSM cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" + "dependent_actions": [ + "cloudhsm:TagResource", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:RevokeSecurityGroupEgress", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "backup" }, { "condition_keys": [ @@ -38519,218 +40773,131 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about a report", - "privilege": "UpdateReport", + "description": "Creates a high-availability partition group", + "privilege": "CreateHapg", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the settings of an existing report group", - "privilege": "UpdateReportGroup", + "description": "Grants permission to create a new hardware security module (HSM) in the specified AWS CloudHSM cluster", + "privilege": "CreateHsm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "report-group*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:RevokeSecurityGroupEgress" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the webhook associated with an AWS CodeBuild build project", - "privilege": "UpdateWebhook", + "description": "Creates an HSM client", + "privilege": "CreateLunaClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build/${BuildId}", - "condition_keys": [], - "resource": "build" - }, - { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build-batch/${BuildBatchId}", - "condition_keys": [], - "resource": "build-batch" - }, - { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:project/${ProjectName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "project" - }, - { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report-group/${ReportGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "report-group" - }, - { - "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report/${ReportGroupName}:${ReportId}", - "condition_keys": [], - "resource": "report" - } - ], - "service_name": "AWS CodeBuild" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "codecatalyst", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept a request to connect this account to an Amazon CodeCatalyst space", - "privilege": "AcceptConnection", + "description": "Grants permission to delete the specified CloudHSM backup", + "privilege": "DeleteBackup", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an IAM role to a connection", - "privilege": "AssociateIamRoleToConnection", + "description": "Grants permission to delete the specified AWS CloudHSM cluster", + "privilege": "DeleteCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", + "description": "Deletes a high-availability partition group", + "privilege": "DeleteHapg", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an IAM role from a connection", - "privilege": "DisassociateIamRoleFromConnection", + "description": "Grants permission to delete the specified HSM", + "privilege": "DeleteHsm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "dependent_actions": [ + "ec2:DeleteNetworkInterface" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the billing authorization for a connection", - "privilege": "GetBillingAuthorization", + "access_level": "Write", + "description": "Deletes a client", + "privilege": "DeleteLunaClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a connection", - "privilege": "GetConnection", + "description": "Grants permission to get information about backups of AWS CloudHSM clusters", + "privilege": "DescribeBackups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a pending request to connect this account to an Amazon CodeCatalyst space", - "privilege": "GetPendingConnection", + "description": "Grants permission to get information about AWS CloudHSM clusters", + "privilege": "DescribeClusters", "resource_types": [ { "condition_keys": [], @@ -38740,9 +40907,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list connections that are not pending", - "privilege": "ListConnections", + "access_level": "Read", + "description": "Retrieves information about a high-availability partition group", + "privilege": "DescribeHapg", "resource_types": [ { "condition_keys": [], @@ -38752,253 +40919,170 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list IAM roles associated with a connection", - "privilege": "ListIamRolesForConnection", + "access_level": "Read", + "description": "Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number", + "privilege": "DescribeHsm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for an Amazon CodeCatalyst resource", - "privilege": "ListTagsForResource", + "description": "Retrieves information about an HSM client", + "privilege": "DescribeLunaClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the billing authorization for a connection", - "privilege": "PutBillingAuthorization", + "access_level": "Read", + "description": "Gets the configuration files necessary to connect to all high availability partition groups the client is associated with", + "privilege": "GetConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reject a request to connect this account to an Amazon CodeCatalyst space", - "privilege": "RejectConnection", + "description": "Grants permission to claim an AWS CloudHSM cluster", + "privilege": "InitializeCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an Amazon CodeCatalyst resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Lists the Availability Zones that have available AWS CloudHSM capacity", + "privilege": "ListAvailableZones", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag an Amazon CodeCatalyst resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Lists the high-availability partition groups for the account", + "privilege": "ListHapgs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connections*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/connections/${ConnectionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connections" - } - ], - "service_name": "Amazon CodeCatalyst" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" }, { - "condition": "codecommit:References", - "description": "Filters access by Git reference to specified AWS CodeCommit actions", - "type": "String" - } - ], - "prefix": "codecommit", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate an approval rule template with a repository", - "privilege": "AssociateApprovalRuleTemplateWithRepository", + "access_level": "List", + "description": "Retrieves the identifiers of all of the HSMs provisioned for the current customer", + "privilege": "ListHsms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an approval rule template with multiple repositories in a single operation", - "privilege": "BatchAssociateApprovalRuleTemplateWithRepositories", + "access_level": "List", + "description": "Lists all of the clients", + "privilege": "ListLunaClients", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about multiple merge conflicts when attempting to merge two commits using either the three-way merge or the squash merge option", - "privilege": "BatchDescribeMergeConflicts", + "description": "Grants permission to get a list of tags for the specified AWS CloudHSM cluster", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the association between an approval rule template and multiple repositories in a single operation", - "privilege": "BatchDisassociateApprovalRuleTemplateFromRepositories", - "resource_types": [ + "resource_type": "backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "cluster" } ] }, { "access_level": "Read", - "description": "Grants permission to get return information about one or more commits in an AWS CodeCommit repository", - "privilege": "BatchGetCommits", + "description": "Returns a list of all tags for the specified AWS CloudHSM resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about one or more pull requests in an AWS CodeCommit repository", - "privilege": "BatchGetPullRequests", + "access_level": "Write", + "description": "Grants permission to modify attributes for an AWS CloudHSM backup", + "privilege": "ModifyBackupAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "backup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about multiple repositories", - "privilege": "BatchGetRepositories", + "access_level": "Write", + "description": "Grants permission to modify AWS CloudHSM cluster", + "privilege": "ModifyCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to cancel the uploading of an archive to a pipeline in AWS CodePipeline", - "privilege": "CancelUploadArchive", + "access_level": "Write", + "description": "Modifies an existing high-availability partition group", + "privilege": "ModifyHapg", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an approval rule template that will automatically create approval rules in pull requests that match the conditions defined in the template; does not grant permission to create approval rules for individual pull requests", - "privilege": "CreateApprovalRuleTemplate", + "description": "Modifies an HSM", + "privilege": "ModifyHsm", "resource_types": [ { "condition_keys": [], @@ -39009,75 +41093,54 @@ }, { "access_level": "Write", - "description": "Grants permission to create a branch in an AWS CodeCommit repository with this API; does not control Git create branch actions", - "privilege": "CreateBranch", + "description": "Modifies the certificate used by the client", + "privilege": "ModifyLunaClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add, copy, move or update single or multiple files in a branch in an AWS CodeCommit repository, and generate a commit for the changes in the specified branch", - "privilege": "CreateCommit", + "access_level": "Tagging", + "description": "Removes one or more tags from the specified AWS CloudHSM resource", + "privilege": "RemoveTagsFromResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a pull request in the specified repository", - "privilege": "CreatePullRequest", + "description": "Grants permission to restore the specified CloudHSM backup", + "privilege": "RestoreBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "backup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an approval rule specific to an individual pull request; does not grant permission to create approval rule templates", - "privilege": "CreatePullRequestApprovalRule", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for the specified AWS CloudHSM cluster", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS CodeCommit repository", - "privilege": "CreateRepository", - "resource_types": [ + "resource_type": "backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "cluster" }, { "condition_keys": [ @@ -39090,593 +41153,612 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an unreferenced commit that contains the result of merging two commits using either the three-way or the squash merge option; does not control Git merge actions", - "privilege": "CreateUnreferencedMergeCommit", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tag or tags from the specified AWS CloudHSM cluster", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "backup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" }, { "condition_keys": [ - "codecommit:References" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:backup/${CloudHsmBackupInstanceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "backup" }, { - "access_level": "Write", - "description": "Grants permission to delete an approval rule template", - "privilege": "DeleteApprovalRuleTemplate", + "arn": "arn:${Partition}:cloudhsm:${Region}:${Account}:cluster/${CloudHsmClusterInstanceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" + } + ], + "service_name": "AWS CloudHSM" + }, + { + "conditions": [], + "prefix": "cloudsearch", + "privileges": [ + { + "access_level": "Tagging", + "description": "Attaches resource tags to an Amazon CloudSearch domain", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a branch in an AWS CodeCommit repository with this API; does not control Git delete branch actions", - "privilege": "DeleteBranch", + "description": "Indexes the search suggestions", + "privilege": "BuildSuggesters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the content of a comment made on a change, file, or commit in a repository", - "privilege": "DeleteCommentContent", + "description": "Creates a new search domain", + "privilege": "CreateDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified file from a specified branch", - "privilege": "DeleteFile", + "description": "Configures an analysis scheme that can be applied to a text or text-array field to define language-specific text processing options", + "privilege": "DefineAnalysisScheme", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete approval rule created for a pull request if the rule was not created by an approval rule template", - "privilege": "DeletePullRequestApprovalRule", + "description": "Configures an Expression for the search domain", + "privilege": "DefineExpression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS CodeCommit repository", - "privilege": "DeleteRepository", + "description": "Configures an IndexField for the search domain", + "privilege": "DefineIndexField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about specific merge conflicts when attempting to merge two commits using either the three-way or the squash merge option", - "privilege": "DescribeMergeConflicts", + "access_level": "Write", + "description": "Configures a suggester for a domain", + "privilege": "DefineSuggester", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about one or more pull request events", - "privilege": "DescribePullRequestEvents", + "access_level": "Write", + "description": "Deletes an analysis scheme", + "privilege": "DeleteAnalysisScheme", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the association between an approval rule template and a repository", - "privilege": "DisassociateApprovalRuleTemplateFromRepository", + "description": "Permanently deletes a search domain and all of its data", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to evaluate whether a pull request is mergable based on its current approval state and approval rule requirements", - "privilege": "EvaluatePullRequestApprovalRules", + "access_level": "Write", + "description": "Removes an Expression from the search domain", + "privilege": "DeleteExpression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about an approval rule template", - "privilege": "GetApprovalRuleTemplate", + "access_level": "Write", + "description": "Removes an IndexField from the search domain", + "privilege": "DeleteIndexField", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the encoded content of an individual file in an AWS CodeCommit repository from the AWS CodeCommit console", - "privilege": "GetBlob", + "access_level": "Write", + "description": "Deletes a suggester", + "privilege": "DeleteSuggester", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a branch in an AWS CodeCommit repository with this API; does not control Git branch actions", - "privilege": "GetBranch", + "description": "Gets the analysis schemes configured for a domain", + "privilege": "DescribeAnalysisSchemes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the content of a comment made on a change, file, or commit in a repository", - "privilege": "GetComment", + "description": "Gets the availability options configured for a domain", + "privilege": "DescribeAvailabilityOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the reactions on a comment", - "privilege": "GetCommentReactions", + "description": "Gets the domain endpoint options configured for a domain", + "privilege": "DescribeDomainEndpointOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about comments made on the comparison between two commits", - "privilege": "GetCommentsForComparedCommit", + "access_level": "List", + "description": "Gets information about the search domains owned by this account", + "privilege": "DescribeDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get comments made on a pull request", - "privilege": "GetCommentsForPullRequest", + "description": "Gets the expressions configured for the search domain", + "privilege": "DescribeExpressions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about a commit, including commit message and committer information, with this API; does not control Git log actions", - "privilege": "GetCommit", + "description": "Gets information about the index fields configured for the search domain", + "privilege": "DescribeIndexFields", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about the history of commits in a repository", - "privilege": "GetCommitHistory", + "description": "Gets the scaling parameters configured for a domain", + "privilege": "DescribeScalingParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about the difference between commits in the context of a potential merge", - "privilege": "GetCommitsFromMergeBase", + "description": "Gets information about the access policies that control access to the domain's document and search endpoints", + "privilege": "DescribeServiceAccessPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about the differences between valid commit specifiers such as a branch, tag, HEAD, commit ID, or other fully qualified reference", - "privilege": "GetDifferences", + "description": "Gets the suggesters configured for a domain", + "privilege": "DescribeSuggesters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the base-64 encoded contents of a specified file and its metadata", - "privilege": "GetFile", + "access_level": "Write", + "description": "Tells the search domain to start indexing its documents using the latest indexing options", + "privilege": "IndexDocuments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the contents of a specified folder in a repository", - "privilege": "GetFolder", + "access_level": "List", + "description": "Lists all search domains owned by an account", + "privilege": "ListDomainNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a merge commit created by one of the merge options for pull requests that creates merge commits. Not all merge options create merge commits. This permission does not control Git merge actions", - "privilege": "GetMergeCommit", + "description": "Displays all of the resource tags for an Amazon CloudSearch domain", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about merge conflicts between the before and after commit IDs for a pull request in a repository", - "privilege": "GetMergeConflicts", + "access_level": "Tagging", + "description": "Removes the specified resource tags from an Amazon ES domain", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about merge options for pull requests that can be used to merge two commits; does not control Git merge actions", - "privilege": "GetMergeOptions", + "access_level": "Write", + "description": "Configures the availability options for a domain", + "privilege": "UpdateAvailabilityOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to resolve blobs, trees, and commits to their identifier", - "privilege": "GetObjectIdentifier", + "access_level": "Write", + "description": "Configures the domain endpoint options for a domain", + "privilege": "UpdateDomainEndpointOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a pull request in a specified repository", - "privilege": "GetPullRequest", + "access_level": "Write", + "description": "Configures scaling parameters for a domain", + "privilege": "UpdateScalingParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current approvals on an inputted pull request", - "privilege": "GetPullRequestApprovalStates", + "access_level": "Permissions management", + "description": "Configures the access rules that control access to the domain's document and search endpoints", + "privilege": "UpdateServiceAccessPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current override state of a given pull request", - "privilege": "GetPullRequestOverrideState", + "access_level": "Write", + "description": "Allows access to the document service operations", + "privilege": "document", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about references in an AWS CodeCommit repository; does not control Git reference actions", - "privilege": "GetReferences", + "description": "Allows access to the search operations", + "privilege": "search", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about an AWS CodeCommit repository", - "privilege": "GetRepository", + "description": "Allows access to the suggest operations", + "privilege": "suggest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain" } ] - }, + } + ], + "resources": [ { - "access_level": "Read", - "description": "Grants permission to get information about triggers configured for a repository", - "privilege": "GetRepositoryTriggers", + "arn": "arn:${Partition}:cloudsearch:${Region}:${Account}:domain/${DomainName}", + "condition_keys": [], + "resource": "domain" + } + ], + "service_name": "Amazon CloudSearch" + }, + { + "conditions": [], + "prefix": "cloudshell", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permissions to create a CloudShell environment", + "privilege": "CreateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the contents of a specified tree in an AWS CodeCommit repository from the AWS CodeCommit console", - "privilege": "GetTree", + "access_level": "Write", + "description": "Grants permissions to connect to a CloudShell environment from the AWS Management Console", + "privilege": "CreateSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "Environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get status information about an archive upload to a pipeline in AWS CodePipeline", - "privilege": "GetUploadArchiveStatus", + "access_level": "Write", + "description": "Grants permission to delete a CloudShell environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "Environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to pull information from an AWS CodeCommit repository to a local repo", - "privilege": "GitPull", + "description": "Grants permission to read a CloudShell environment status", + "privilege": "GetEnvironmentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "Environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to push information from a local repo to an AWS CodeCommit repository", - "privilege": "GitPush", + "description": "Grants permissions to download files from a CloudShell environment", + "privilege": "GetFileDownloadUrls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all approval rule templates in an AWS Region for the AWS account", - "privilege": "ListApprovalRuleTemplates", + "access_level": "Write", + "description": "Grants permissions to upload files to a CloudShell environment", + "privilege": "GetFileUploadUrls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list approval rule templates that are associated with a repository", - "privilege": "ListAssociatedApprovalRuleTemplatesForRepository", + "access_level": "Write", + "description": "Grants permissions to forward console credentials to the environment", + "privilege": "PutCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "Environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list branches for an AWS CodeCommit repository with this API; does not control Git branch actions", - "privilege": "ListBranches", + "access_level": "Write", + "description": "Grants permission to start a stopped CloudShell environment", + "privilege": "StartEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "Environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list pull requests for a specified repository", - "privilege": "ListPullRequests", + "access_level": "Write", + "description": "Grants permission to stop a running CloudShell environment", + "privilege": "StopEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "Environment*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudshell:${Region}:${Account}:environment/${EnvironmentId}", + "condition_keys": [], + "resource": "Environment" + } + ], + "service_name": "AWS CloudShell" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list information about AWS CodeCommit repositories in the current Region for your AWS account", - "privilege": "ListRepositories", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list repositories that are associated with an approval rule template", - "privilege": "ListRepositoriesForApprovalRuleTemplate", + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudtrail", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a trail, event data store, or channel, up to a limit of 50", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the resource attached to a CodeCommit resource ARN", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to merge two commits into the specified destination branch using the fast-forward merge option", - "privilege": "MergeBranchesByFastForward", - "resource_types": [ + "resource_type": "eventdatastore" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail" }, { "condition_keys": [ - "codecommit:References" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -39685,36 +41767,37 @@ }, { "access_level": "Write", - "description": "Grants permission to merge two commits into the specified destination branch using the squash merge option", - "privilege": "MergeBranchesBySquash", + "description": "Grants permission to cancel a running query", + "privilege": "CancelQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to merge two commits into the specified destination branch using the three-way merge option", - "privilege": "MergeBranchesByThreeWay", + "description": "Grants permission to create a channel", + "privilege": "CreateChannel", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudtrail:AddTags" + ], + "resource_type": "channel*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore*" }, { "condition_keys": [ - "codecommit:References" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -39723,17 +41806,25 @@ }, { "access_level": "Write", - "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the fast-forward merge option", - "privilege": "MergePullRequestByFastForward", + "description": "Grants permission to create an event data store", + "privilege": "CreateEventDataStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "dependent_actions": [ + "cloudtrail:AddTags", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "eventdatastore*" }, { "condition_keys": [ - "codecommit:References" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -39742,36 +41833,35 @@ }, { "access_level": "Write", - "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the squash merge option", - "privilege": "MergePullRequestBySquash", + "description": "Grants permission to create a service-linked channel that specifies the settings for delivery of log data to an AWS service", + "privilege": "CreateServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the three-way merge option", - "privilege": "MergePullRequestByThreeWay", + "description": "Grants permission to create a trail that specifies the settings for delivery of log data to an Amazon S3 bucket", + "privilege": "CreateTrail", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "dependent_actions": [ + "cloudtrail:AddTags", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "trail*" }, { "condition_keys": [ - "codecommit:References" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -39780,513 +41870,493 @@ }, { "access_level": "Write", - "description": "Grants permission to override all approval rules for a pull request, including approval rules created by a template", - "privilege": "OverridePullRequestApprovalRules", + "description": "Grants permission to delete a channel", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to post a comment on the comparison between two commits", - "privilege": "PostCommentForComparedCommit", + "description": "Grants permission to delete an event data store", + "privilege": "DeleteEventDataStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to post a comment on a pull request", - "privilege": "PostCommentForPullRequest", + "description": "Grants permission to delete a resource policy from the provided resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to post a comment in reply to a comment on a comparison between commits or a pull request", - "privilege": "PostCommentReply", + "description": "Grants permission to delete a service-linked channel", + "privilege": "DeleteServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to post a reaction on a comment", - "privilege": "PutCommentReaction", + "description": "Grants permission to delete a trail", + "privilege": "DeleteTrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update a file in a branch in an AWS CodeCommit repository, and generate a commit for the addition in the specified branch", - "privilege": "PutFile", + "description": "Grants permission to deregister an AWS Organizations member account as a delegated administrator", + "privilege": "DeregisterOrganizationDelegatedAdmin", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "codecommit:References" + "dependent_actions": [ + "organizations:DeregisterDelegatedAdministrator", + "organizations:ListAWSServiceAccessForOrganization" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create, update, or delete triggers for a repository", - "privilege": "PutRepositoryTriggers", + "access_level": "Read", + "description": "Grants permission to list details for the query", + "privilege": "DescribeQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to a CodeCommit resource ARN", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list settings for the trails associated with the current region for your account", + "privilege": "DescribeTrails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to test the functionality of repository triggers by sending information to the trigger target", - "privilege": "TestRepositoryTriggers", + "description": "Grants permission to disable federation of event data store data by using the AWS Glue Data Catalog", + "privilege": "DisableFederation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "dependent_actions": [ + "glue:DeleteDatabase", + "glue:DeleteTable", + "glue:PassConnection", + "lakeformation:DeregisterResource", + "lakeformation:RegisterResource" + ], + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate resource tags from a CodeCommit resource ARN", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to enable federation of event data store data by using the AWS Glue Data Catalog", + "privilege": "EnableFederation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "dependent_actions": [ + "glue:CreateDatabase", + "glue:CreateTable", + "iam:GetRole", + "iam:PassRole", + "lakeformation:DeregisterResource", + "lakeformation:RegisterResource" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the content of approval rule templates; does not grant permission to update content of approval rules created specifically for pull requests", - "privilege": "UpdateApprovalRuleTemplateContent", + "access_level": "Read", + "description": "Grants permission to return information about a specific channel", + "privilege": "GetChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the description of approval rule templates", - "privilege": "UpdateApprovalRuleTemplateDescription", + "access_level": "Read", + "description": "Grants permission to list settings for the event data store", + "privilege": "GetEventDataStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the name of approval rule templates", - "privilege": "UpdateApprovalRuleTemplateName", + "access_level": "Read", + "description": "Grants permission to get data from an event data store by using the AWS Glue Data Catalog", + "privilege": "GetEventDataStoreData", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the contents of a comment if the identity matches the identity used to create the comment", - "privilege": "UpdateComment", + "access_level": "Read", + "description": "Grants permission to list settings for event selectors configured for a trail", + "privilege": "GetEventSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the default branch in an AWS CodeCommit repository", - "privilege": "UpdateDefaultBranch", + "access_level": "Read", + "description": "Grants permission to return information about a specific import", + "privilege": "GetImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the content for approval rules created for a specific pull requests; does not grant permission to update approval rule content for rules created with an approval rule template", - "privilege": "UpdatePullRequestApprovalRuleContent", + "access_level": "Read", + "description": "Grants permission to list CloudTrail Insights selectors that are configured for a trail or event data store", + "privilege": "GetInsightSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the approval state for pull requests", - "privilege": "UpdatePullRequestApprovalState", + "access_level": "Read", + "description": "Grants permission to fetch results of a complete query", + "privilege": "GetQueryResults", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the description of a pull request", - "privilege": "UpdatePullRequestDescription", + "access_level": "Read", + "description": "Grants permission to get the resource policy attached to the provided resource", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of a pull request", - "privilege": "UpdatePullRequestStatus", + "access_level": "Read", + "description": "Grants permission to list settings for the service-linked channel", + "privilege": "GetServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the title of a pull request", - "privilege": "UpdatePullRequestTitle", + "access_level": "Read", + "description": "Grants permission to list settings for the trail", + "privilege": "GetTrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the description of an AWS CodeCommit repository", - "privilege": "UpdateRepositoryDescription", + "access_level": "Read", + "description": "Grants permission to retrieve a JSON-formatted list of information about the specified trail", + "privilege": "GetTrailStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "trail*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the name of an AWS CodeCommit repository", - "privilege": "UpdateRepositoryName", + "access_level": "List", + "description": "Grants permission to list the channels in the current account, and their source names", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to the service role for AWS CodePipeline to upload repository changes into a pipeline", - "privilege": "UploadArchive", + "access_level": "List", + "description": "Grants permission to list event data stores associated with the current region for your account", + "privilege": "ListEventDataStores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "repository" - } - ], - "service_name": "AWS CodeCommit" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codedeploy", - "privileges": [ - { - "access_level": "Tagging", - "description": "Grants permission to add tags to one or more on-premises instances", - "privilege": "AddTagsToOnPremisesInstances", + "access_level": "Read", + "description": "Grants permission to return a list of failures for the specified import", + "privilege": "ListImportFailures", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more application revisions", - "privilege": "BatchGetApplicationRevisions", + "access_level": "List", + "description": "Grants permission to return information on all imports, or a select set of imports by ImportStatus or Destination", + "privilege": "ListImports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about multiple applications associated with the IAM user", - "privilege": "BatchGetApplications", + "description": "Grants permission to list the public keys whose private keys were used to sign trail digest files within a specified time range", + "privilege": "ListPublicKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more deployment groups", - "privilege": "BatchGetDeploymentGroups", + "access_level": "List", + "description": "Grants permission to list queries associated with an event data store", + "privilege": "ListQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more instance that are part of a deployment group", - "privilege": "BatchGetDeploymentInstances", + "access_level": "List", + "description": "Grants permission to list service-linked channels associated with the current region for a specified account", + "privilege": "ListServiceLinkedChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return an array of one or more targets associated with a deployment. This method works with all compute types and should be used instead of the deprecated BatchGetDeploymentInstances. The maximum number of targets that can be returned is 25", - "privilege": "BatchGetDeploymentTargets", + "description": "Grants permission to list the tags for trails, event data stores, or channels in the current region", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about multiple deployments associated with the IAM user", - "privilege": "BatchGetDeployments", + "access_level": "List", + "description": "Grants permission to list trails associated with the current region for your account", + "privilege": "ListTrails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about one or more on-premises instances", - "privilege": "BatchGetOnPremisesInstances", + "description": "Grants permission to look up and retrieve metric data for API activity events captured by CloudTrail that create, update, or delete resources in your account", + "privilege": "LookupEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start the process of rerouting traffic from instances in the original environment to instances in thereplacement environment without waiting for a specified wait time to elapse", - "privilege": "ContinueDeployment", + "description": "Grants permission to create and update event selectors for a trail", + "privilege": "PutEventSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trail*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an application associated with the IAM user", - "privilege": "CreateApplication", + "description": "Grants permission to create and update CloudTrail Insights selectors for a trail or event data store", + "privilege": "PutInsightSelectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "eventdatastore" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trail" } ] }, { "access_level": "Write", - "description": "Grants permission to create CloudFormation deployment to cooperate ochestration for a CloudFormation stack update", - "privilege": "CreateCloudFormationDeployment", + "description": "Grants permission to attach a resource policy to the provided resource", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a deployment for an application associated with the IAM user", - "privilege": "CreateDeployment", + "description": "Grants permission to register an AWS Organizations member account as a delegated administrator", + "privilege": "RegisterOrganizationDelegatedAdmin", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "deploymentgroup*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:RegisterDelegatedAdministrator" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a custom deployment configuration associated with the IAM user", - "privilege": "CreateDeploymentConfig", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a trail, event data store, or channel", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentconfig*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a deployment group for an application associated with the IAM user", - "privilege": "CreateDeploymentGroup", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "eventdatastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "trail" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -40296,301 +42366,420 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an application associated with the IAM user", - "privilege": "DeleteApplication", + "description": "Grants permission to restore an event data store", + "privilege": "RestoreEventDataStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a custom deployment configuration associated with the IAM user", - "privilege": "DeleteDeploymentConfig", + "description": "Grants permission to start ingestion on an event data store", + "privilege": "StartEventDataStoreIngestion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentconfig*" + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a deployment group for an application associated with the IAM user", - "privilege": "DeleteDeploymentGroup", + "description": "Grants permission to start an import of logged trail events from a source S3 bucket to a destination event data store", + "privilege": "StartImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a GitHub account connection", - "privilege": "DeleteGitHubAccountToken", + "description": "Grants permission to start the recording of AWS API calls and log file delivery for a trail", + "privilege": "StartLogging", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trail*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete resources associated with the given external Id", - "privilege": "DeleteResourcesByExternalId", + "description": "Grants permission to start a new query on a specified event data store", + "privilege": "StartQuery", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "resource_type": "eventdatastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an on-premises instance", - "privilege": "DeregisterOnPremisesInstance", + "description": "Grants permission to stop ingestion on an event data store", + "privilege": "StopEventDataStoreIngestion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "eventdatastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single application associated with the IAM user", - "privilege": "GetApplication", + "access_level": "Write", + "description": "Grants permission to stop a specified import", + "privilege": "StopImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single application revision for an application associated with the IAM user", - "privilege": "GetApplicationRevision", + "access_level": "Write", + "description": "Grants permission to stop the recording of AWS API calls and log file delivery for a trail", + "privilege": "StopLogging", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "trail*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single deployment to a deployment group for an application associated with the IAM user", - "privilege": "GetDeployment", + "access_level": "Write", + "description": "Grants permission to update a channel", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single deployment configuration associated with the IAM user", - "privilege": "GetDeploymentConfig", + "access_level": "Write", + "description": "Grants permission to update an event data store", + "privilege": "UpdateEventDataStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "deploymentconfig*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "kms:Decrypt", + "kms:GenerateDataKey", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "eventdatastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single deployment group for an application associated with the IAM user", - "privilege": "GetDeploymentGroup", + "access_level": "Write", + "description": "Grants permission to update the settings that specify delivery of log files", + "privilege": "UpdateServiceLinkedChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a single instance in a deployment associated with the IAM user", - "privilege": "GetDeploymentInstance", + "access_level": "Write", + "description": "Grants permission to update the settings that specify delivery of log files", + "privilege": "UpdateTrail", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "deploymentgroup*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "organizations:ListAWSServiceAccessForOrganization" + ], + "resource_type": "trail*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}", + "condition_keys": [], + "resource": "trail" }, { - "access_level": "Read", - "description": "Grants permission to return information about a deployment target", - "privilege": "GetDeploymentTarget", + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:eventdatastore/${EventDataStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "eventdatastore" + }, + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" + } + ], + "service_name": "AWS CloudTrail" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "cloudtrail-data", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to ingest your application events into CloudTrail Lake", + "privilege": "PutAuditEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cloudtrail:${Region}:${Account}:channel/${ChannelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" + } + ], + "service_name": "AWS CloudTrail Data" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the allowed set of values for each of the tags", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to get information about a single on-premises instance", - "privilege": "GetOnPremisesInstance", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "cloudwatch:AlarmActions", + "description": "Filters actions based on defined alarm actions", + "type": "ArrayOfString" + }, + { + "condition": "cloudwatch:namespace", + "description": "Filters actions based on the presence of optional namespace values", + "type": "String" + }, + { + "condition": "cloudwatch:requestInsightRuleLogGroups", + "description": "Filters actions based on the Log Groups specified in an Insight Rule", + "type": "ArrayOfString" + }, + { + "condition": "cloudwatch:requestManagedResourceARNs", + "description": "Filters access by the Resource ARNs specified in a managed Insight Rule", + "type": "ArrayOfARN" + } + ], + "prefix": "cloudwatch", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to batch get service level indicator report", + "privilege": "BatchGetServiceLevelIndicatorReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all application revisions for an application associated with the IAM user", - "privilege": "ListApplicationRevisions", + "access_level": "Read", + "description": "Grants permission to batch retrieve a service level objective budget report", + "privilege": "BatchGetServiceLevelObjectiveBudgetReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "slo*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all applications associated with the IAM user", - "privilege": "ListApplications", + "access_level": "Write", + "description": "Grants permission to create a service level objective", + "privilege": "CreateServiceLevelObjective", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all deployment configurations associated with the IAM user", - "privilege": "ListDeploymentConfigs", + "access_level": "Write", + "description": "Grants permission to delete a collection of alarms", + "privilege": "DeleteAlarms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarm*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all deployment groups for an application associated with the IAM user", - "privilege": "ListDeploymentGroups", + "access_level": "Write", + "description": "Grants permission to delete the specified anomaly detection model from your account", + "privilege": "DeleteAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all instances in a deployment associated with the IAM user", - "privilege": "ListDeploymentInstances", + "access_level": "Write", + "description": "Grants permission to delete all CloudWatch dashboards that you specify", + "privilege": "DeleteDashboards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "dashboard*" } ] }, { - "access_level": "List", - "description": "Grants permission to return an array of target IDs that are associated a deployment", - "privilege": "ListDeploymentTargets", + "access_level": "Write", + "description": "Grants permission to delete a collection of insight rules", + "privilege": "DeleteInsightRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "insight-rule*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about all deployments to a deployment group associated with the IAM user, or to get all deployments associated with the IAM user", - "privilege": "ListDeployments", + "access_level": "Write", + "description": "Grants permission to delete the CloudWatch metric stream that you specify", + "privilege": "DeleteMetricStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "metric-stream*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of stored connections to GitHub accounts", - "privilege": "ListGitHubAccountTokenNames", + "access_level": "Write", + "description": "Grants permission to delete a service level objective", + "privilege": "DeleteServiceLevelObjective", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "slo*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of one or more on-premises instance names", - "privilege": "ListOnPremisesInstances", + "access_level": "Read", + "description": "Grants permission to retrieve the history for the specified alarm", + "privilege": "DescribeAlarmHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarm*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tags for the resource identified by a specified ARN. Tags are used to organize and categorize your CodeDeploy resources", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to describe all alarms, currently owned by the user's account", + "privilege": "DescribeAlarms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, + "resource_type": "alarm*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all alarms configured on the specified metric, currently owned by the user's account", + "privilege": "DescribeAlarmsForMetric", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to notify a lifecycle event hook execution status for associated deployment with the IAM user", - "privilege": "PutLifecycleEventHookExecutionStatus", + "access_level": "Read", + "description": "Grants permission to list the anomaly detection models that you have created in your account", + "privilege": "DescribeAnomalyDetectors", "resource_types": [ { "condition_keys": [], @@ -40600,171 +42789,153 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to register information about an application revision for an application associated with the IAM user", - "privilege": "RegisterApplicationRevision", + "access_level": "Read", + "description": "Grants permission to describe all insight rules, currently owned by the user's account", + "privilege": "DescribeInsightRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register an on-premises instance", - "privilege": "RegisterOnPremisesInstance", + "description": "Grants permission to disable actions for a collection of alarms", + "privilege": "DisableAlarmActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "alarm*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from one or more on-premises instances", - "privilege": "RemoveTagsFromOnPremisesInstances", + "access_level": "Write", + "description": "Grants permission to disable a collection of insight rules", + "privilege": "DisableInsightRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "insight-rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to override any specified wait time and starts terminating instances immediately after the traffic routing is complete. This action applies to blue-green deployments only", - "privilege": "SkipWaitTimeForInstanceTermination", + "description": "Grants permission to enable actions for a collection of alarms", + "privilege": "EnableAlarmActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarm*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a deployment", - "privilege": "StopDeployment", + "description": "Grants permission to enable a collection of insight rules", + "privilege": "EnableInsightRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "insight-rule*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate the list of tags in the input Tags parameter with the resource identified by the ResourceArn input parameter", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to enable a CloudWatch topology discovery", + "privilege": "EnableTopologyDiscovery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to generate a Metrics Insights or Logs Insights query string from a natural language prompt", + "privilege": "GenerateQuery", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate a resource from a list of tags. The resource is identified by the ResourceArn input parameter. The tags are identfied by the list of keys in the TagKeys input parameter", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to display the details of the CloudWatch dashboard you specify", + "privilege": "GetDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, + "resource_type": "dashboard*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the top-N report of unique contributors over a time range for a given insight rule", + "privilege": "GetInsightRuleReport", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup" - }, + "resource_type": "insight-rule*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved data", + "privilege": "GetMetricData", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an application", - "privilege": "UpdateApplication", + "access_level": "Read", + "description": "Grants permission to retrieve statistics for the specified metric", + "privilege": "GetMetricStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to change information about a single deployment group for an application associated with the IAM user", - "privilege": "UpdateDeploymentGroup", + "access_level": "Read", + "description": "Grants permission to return the details of a CloudWatch metric stream", + "privilege": "GetMetricStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deploymentgroup*" + "resource_type": "metric-stream*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:application:${ApplicationName}", - "condition_keys": [], - "resource": "application" - }, - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentconfig:${DeploymentConfigurationName}", - "condition_keys": [], - "resource": "deploymentconfig" - }, - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentgroup:${ApplicationName}/${DeploymentGroupName}", - "condition_keys": [], - "resource": "deploymentgroup" }, - { - "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:instance:${InstanceName}", - "condition_keys": [], - "resource": "instance" - } - ], - "service_name": "AWS CodeDeploy" - }, - { - "conditions": [], - "prefix": "codedeploy-commands-secure", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to get deployment specification", - "privilege": "GetDeploymentSpecification", + "description": "Grants permission to retrieve snapshots of metric widgets", + "privilege": "GetMetricWidgetImage", "resource_types": [ { "condition_keys": [], @@ -40775,52 +42946,44 @@ }, { "access_level": "Read", - "description": "Grants permission to request host agent commands", - "privilege": "PollHostCommand", + "description": "Grants permission to retrieve information about a service", + "privilege": "GetService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service*" } ] }, { - "access_level": "Write", - "description": "Grants permission to mark host agent commands acknowledged", - "privilege": "PutHostCommandAcknowledgement", + "access_level": "Read", + "description": "Grants permission to retrieve service data", + "privilege": "GetServiceData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service*" } ] }, { - "access_level": "Write", - "description": "Grants permission to mark host agent commands completed", - "privilege": "PutHostCommandComplete", + "access_level": "Read", + "description": "Grants permission to retrieve information about service level objective", + "privilege": "GetServiceLevelObjective", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "slo*" } ] - } - ], - "resources": [], - "service_name": "AWS CodeDeploy secure host commands service" - }, - { - "conditions": [], - "prefix": "codeguru", - "privileges": [ + }, { "access_level": "Read", - "description": "Grants permission to get free trial summary for the CodeGuru service which includes expiration date", - "privilege": "GetCodeGuruFreeTrialSummary", + "description": "Grants permission to retrieve a CloudWatch topology discovery status", + "privilege": "GetTopologyDiscoveryStatus", "resource_types": [ { "condition_keys": [], @@ -40828,76 +42991,53 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon CodeGuru" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codeguru-profiler", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add up to 2 topic ARNs of existing AWS SNS topics to publish notifications", - "privilege": "AddNotificationChannels", + "access_level": "Read", + "description": "Grants permission to retrieve a CloudWatch topology map", + "privilege": "GetTopologyMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get the frame metric data for a Profiling Group", - "privilege": "BatchGetFrameMetricData", + "access_level": "Write", + "description": "Grants permission to share CloudWatch resources with a monitoring account", + "privilege": "Link", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to register with the orchestration service and retrieve profiling configuration information, used by agents", - "privilege": "ConfigureAgent", + "access_level": "List", + "description": "Grants permission to return a list of all CloudWatch dashboards in your account", + "privilege": "ListDashboards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a profiling group", - "privilege": "CreateProfilingGroup", + "access_level": "Read", + "description": "Grants permission to list available managed Insight Rules for a given Resource ARN", + "privilege": "ListManagedInsightRules", "resource_types": [ { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "cloudwatch:requestManagedResourceARNs" ], "dependent_actions": [], "resource_type": "" @@ -40905,33 +43045,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a profiling group", - "privilege": "DeleteProfilingGroup", + "access_level": "List", + "description": "Grants permission to return a list of all CloudWatch metric streams in your account", + "privilege": "ListMetricStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a profiling group", - "privilege": "DescribeProfilingGroup", + "access_level": "List", + "description": "Grants permission to retrieve a list of valid metrics stored for the AWS account owner", + "privilege": "ListMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a summary of recent recommendations for each profiling group in the account", - "privilege": "GetFindingsReportAccountSummary", + "access_level": "List", + "description": "Grants permission to list service level objectives", + "privilege": "ListServiceLevelObjectives", "resource_types": [ { "condition_keys": [], @@ -40941,170 +43081,231 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the notification configuration", - "privilege": "GetNotificationConfiguration", + "access_level": "List", + "description": "Grants permission to list services", + "privilege": "ListServices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the resource policy associated with the specified Profiling Group", - "privilege": "GetPolicy", + "access_level": "List", + "description": "Grants permission to list tags for an Amazon CloudWatch resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "alarm" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "insight-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo" } ] }, { - "access_level": "Read", - "description": "Grants permission to get aggregated profiles for a specific profiling group", - "privilege": "GetProfile", + "access_level": "Write", + "description": "Grants permission to create or update an anomaly detection model for a CloudWatch metric", + "privilege": "PutAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get recommendations", - "privilege": "GetRecommendations", + "access_level": "Write", + "description": "Grants permission to create or update a composite alarm", + "privilege": "PutCompositeAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "alarm*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:AlarmActions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the available recommendations reports for a specific profiling group", - "privilege": "ListFindingsReports", + "access_level": "Write", + "description": "Grants permission to create a CloudWatch dashboard, or update an existing dashboard if it already exists", + "privilege": "PutDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "dashboard*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the start times of the available aggregated profiles for a specific profiling group", - "privilege": "ListProfileTimes", + "access_level": "Write", + "description": "Grants permission to create a new insight rule or replace an existing insight rule", + "privilege": "PutInsightRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "insight-rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:requestInsightRuleLogGroups" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list profiling groups in the account", - "privilege": "ListProfilingGroups", + "access_level": "Write", + "description": "Grants permission to create managed Insight Rules", + "privilege": "PutManagedInsightRules", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:requestManagedResourceARNs" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for a Profiling Group", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create or update an alarm and associates it with the specified Amazon CloudWatch metric", + "privilege": "PutMetricAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "alarm*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "cloudwatch:AlarmActions" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to submit a profile collected by an agent belonging to a specific profiling group for aggregation", - "privilege": "PostAgentProfile", + "description": "Grants permission to publish metric data points to Amazon CloudWatch", + "privilege": "PutMetricData", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "cloudwatch:namespace" + ], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update the list of principals allowed for an action group in the resource policy associated with the specified Profiling Group", - "privilege": "PutPermission", + "access_level": "Write", + "description": "Grants permission to create a CloudWatch metric stream, or update an existing metric stream if it already exists", + "privilege": "PutMetricStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "metric-stream*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an already configured SNStopic arn from the notification configuration", - "privilege": "RemoveNotificationChannel", + "description": "Grants permission to temporarily set the state of an alarm for testing purposes", + "privilege": "SetAlarmState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "alarm*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the permission of specified Action Group from the resource policy associated with the specified Profiling Group", - "privilege": "RemovePermission", + "access_level": "Write", + "description": "Grants permission to start all CloudWatch metric streams that you specify", + "privilege": "StartMetricStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "metric-stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to submit user feedback for useful or non useful anomaly", - "privilege": "SubmitFeedback", + "description": "Grants permission to stop all CloudWatch metric streams that you specify", + "privilege": "StopMetricStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "metric-stream*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add or overwrite tags to a Profiling Group", + "description": "Grants permission to add tags to an Amazon CloudWatch resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "alarm" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "insight-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo" }, { "condition_keys": [ @@ -41118,18 +43319,27 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a Profiling Group", + "description": "Grants permission to remove a tag from an Amazon CloudWatch resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "alarm" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "insight-rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "slo" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -41138,121 +43348,131 @@ }, { "access_level": "Write", - "description": "Grants permission to update a specific profiling group", - "privilege": "UpdateProfilingGroup", + "description": "Grants permission to update a service level objective", + "privilege": "UpdateServiceLevelObjective", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ProfilingGroup*" + "resource_type": "slo*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:codeguru-profiler:${Region}:${Account}:profilingGroup/${ProfilingGroupName}", + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:alarm:${AlarmName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ProfilingGroup" + "resource": "alarm" + }, + { + "arn": "arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName}", + "condition_keys": [], + "resource": "dashboard" + }, + { + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:insight-rule/${InsightRuleName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "insight-rule" + }, + { + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:metric-stream/${MetricStreamName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "metric-stream" + }, + { + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:slo/${SloName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "slo" + }, + { + "arn": "arn:${Partition}:cloudwatch:${Region}:${Account}:service/${ServiceName}-${UniqueAttributesHex}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service" } ], - "service_name": "Amazon CodeGuru Profiler" + "service_name": "Amazon CloudWatch" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "codeguru-reviewer", + "prefix": "codeartifact", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associates a repository with Amazon CodeGuru Reviewer", - "privilege": "AssociateRepository", + "description": "Grants permission to add an external connection to a repository", + "privilege": "AssociateExternalConnection", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "codecommit:GetRepository", - "codecommit:ListRepositories", - "codecommit:TagResource", - "codestar-connections:PassConnection", - "events:PutRule", - "events:PutTargets", - "iam:CreateServiceLinkedRole", - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutBucketPolicy", - "s3:PutLifecycleConfiguration" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a code review", - "privilege": "CreateCodeReview", + "description": "Grants permission to associate an existing repository as an upstream repository to another repository", + "privilege": "AssociateWithDownstreamRepository", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject" - ], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to perform webbased oauth handshake for 3rd party providers", - "privilege": "CreateConnectionToken", + "access_level": "Write", + "description": "Grants permission to copy package versions from one repository to another repository in the same domain", + "privilege": "CopyPackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a code review", - "privilege": "DescribeCodeReview", + "access_level": "Write", + "description": "Grants permission to create a new domain", + "privilege": "CreateDomain", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "association*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -41260,18 +43480,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a recommendation feedback on a code review", - "privilege": "DescribeRecommendationFeedback", + "access_level": "Write", + "description": "Grants permission to create a package group", + "privilege": "CreatePackageGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "association*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -41279,18 +43495,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe a repository association", - "privilege": "DescribeRepositoryAssociation", + "access_level": "Write", + "description": "Grants permission to create a new repository", + "privilege": "CreateRepository", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "association*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -41299,491 +43511,356 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate a repository with Amazon CodeGuru Reviewer", - "privilege": "DisassociateRepository", + "description": "Grants permission to delete a domain", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codecommit:UntagResource", - "events:DeleteRule", - "events:RemoveTargets" - ], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view pull request metrics in console", - "privilege": "GetMetricsData", + "access_level": "Permissions management", + "description": "Grants permission to delete the resource policy set on a domain", + "privilege": "DeleteDomainPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of code reviews", - "privilege": "ListCodeReviews", + "access_level": "Write", + "description": "Grants permission to delete a package", + "privilege": "DeletePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of recommendation feedback on a code review", - "privilege": "ListRecommendationFeedback", + "access_level": "Write", + "description": "Grants permission to delete a package group", + "privilege": "DeletePackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of recommendations on a code review", - "privilege": "ListRecommendations", + "access_level": "Write", + "description": "Grants permission to delete package versions", + "privilege": "DeletePackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary of repository associations", - "privilege": "ListRepositoryAssociations", + "access_level": "Write", + "description": "Grants permission to delete a repository", + "privilege": "DeleteRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource attached to a associated repository ARN", - "privilege": "ListTagsForResource", + "access_level": "Permissions management", + "description": "Grants permission to delete the resource policy set on a repository", + "privilege": "DeleteRepositoryPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to list 3rd party providers repositories in console", - "privilege": "ListThirdPartyRepositories", + "description": "Grants permission to return information about a domain", + "privilege": "DescribeDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put feedback for a recommendation on a code review", - "privilege": "PutRecommendationFeedback", + "access_level": "Read", + "description": "Grants permission to retrieve information about a package", + "privilege": "DescribePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to an associated repository ARN", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to return detailed information about a package group", + "privilege": "DescribePackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to disassociate resource tags from an associated repository ARN", - "privilege": "UnTagResource", + "access_level": "Read", + "description": "Grants permission to return information about a package version", + "privilege": "DescribePackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}", - "condition_keys": [], - "resource": "association" - }, - { - "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}", - "condition_keys": [], - "resource": "codereview" - } - ], - "service_name": "Amazon CodeGuru Reviewer" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codeguru-security", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to batch retrieve specific findings generated by CodeGuru Security", - "privilege": "BatchGetFindings", + "description": "Grants permission to return detailed information about a repository", + "privilege": "DescribeRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a CodeGuru Security scan", - "privilege": "CreateScan", + "description": "Grants permission to disassociate an external connection from a repository", + "privilege": "DisassociateExternalConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to generate a presigned url for uploading code archives", - "privilege": "CreateUploadUrl", + "description": "Grants permission to set the status of package versions to Disposed and delete their assets", + "privilege": "DisposePackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete all the scans and related findings from CodeGuru Security by given category", - "privilege": "DeleteScansByCategory", + "access_level": "Read", + "description": "Grants permission to return a package's associated package group", + "privilege": "GetAssociatedPackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the account level configurations", - "privilege": "GetAccountConfiguration", + "description": "Grants permission to generate a temporary authentication token for accessing repositories in a domain", + "privilege": "GetAuthorizationToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve findings for a scan generated by CodeGuru Security", - "privilege": "GetFindings", + "access_level": "Read", + "description": "Grants permission to return a domain's resource policy", + "privilege": "GetDomainPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve AWS accout level metrics summary generated by CodeGuru Security", - "privilege": "GetMetricsSummary", + "description": "Grants permission to return an asset (or file) that is part of a package version", + "privilege": "GetPackageVersionAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve CodeGuru Security scan metadata", - "privilege": "GetScan", + "description": "Grants permission to return a package version's readme file", + "privilege": "GetPackageVersionReadme", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" - }, + "resource_type": "package*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return an endpoint for a repository", + "privilege": "GetRepositoryEndpoint", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve findings generated by CodeGuru Security", - "privilege": "ListFindings", + "access_level": "Read", + "description": "Grants permission to return a repository's resource policy", + "privilege": "GetRepositoryPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of account level findings metrics within a date range", - "privilege": "ListFindingsMetrics", + "description": "Grants permission to list the allowed repositories for a package group", + "privilege": "ListAllowedRepositoriesForGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve list of CodeGuru Security scan metadata", - "privilege": "ListScans", + "description": "Grants permission to list the packages associated to a package group", + "privilege": "ListAssociatedPackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of tags for a scan name ARN", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list the domains in the current user's AWS account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a scan name ARN", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list the package groups in a domain", + "privilege": "ListPackageGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a scan name ARN", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list a package version's assets", + "privilege": "ListPackageVersionAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ScanName*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the account level configurations", - "privilege": "UpdateAccountConfiguration", + "access_level": "List", + "description": "Grants permission to list the direct dependencies of a package version", + "privilege": "ListPackageVersionDependencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codeguru-security:${Region}:${Account}:scans/${ScanName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ScanName" - } - ], - "service_name": "Amazon CodeGuru Security" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" + "access_level": "List", + "description": "Grants permission to list a package's versions", + "privilege": "ListPackageVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package*" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codepipeline", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to view information about a specified job and whether that job has been received by the job worker", - "privilege": "AcknowledgeJob", + "access_level": "List", + "description": "Grants permission to list the packages in a repository", + "privilege": "ListPackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to confirm that a job worker has received the specified job (partner actions only)", - "privilege": "AcknowledgeThirdPartyJob", + "access_level": "List", + "description": "Grants permission to list the repositories administered by the calling account", + "privilege": "ListRepositories", "resource_types": [ { "condition_keys": [], @@ -41793,494 +43870,646 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a custom action that you can use in the pipelines associated with your AWS account", - "privilege": "CreateCustomActionType", + "access_level": "List", + "description": "Grants permission to list the repositories in a domain", + "privilege": "ListRepositoriesInDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the sub package groups for a parent package group", + "privilege": "ListSubPackageGroups", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a uniquely named pipeline", - "privilege": "CreatePipeline", + "access_level": "List", + "description": "Grants permission to list tags for a CodeArtifact resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "domain" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a custom action", - "privilege": "DeleteCustomActionType", + "description": "Grants permission to publish assets and metadata to a repository endpoint", + "privilege": "PublishPackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified pipeline", - "privilege": "DeletePipeline", + "description": "Grants permission to attach a resource policy to a domain", + "privilege": "PutDomainPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified webhook", - "privilege": "DeleteWebhook", + "description": "Grants permission to add, modify or remove package metadata using a repository endpoint", + "privilege": "PutPackageMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the registration of a webhook with the third party specified in its configuration", - "privilege": "DeregisterWebhookWithThirdParty", + "description": "Grants permission to set origin configuration for a package", + "privilege": "PutPackageOriginConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to prevent revisions from transitioning to the next stage in a pipeline", - "privilege": "DisableStageTransition", + "description": "Grants permission to attach a resource policy to a repository", + "privilege": "PutRepositoryPermissionsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to allow revisions to transition to the next stage in a pipeline", - "privilege": "EnableStageTransition", + "access_level": "Read", + "description": "Grants permission to return package assets and metadata from a repository endpoint", + "privilege": "ReadFromRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about an action type", - "privilege": "GetActionType", + "access_level": "Tagging", + "description": "Grants permission to tag a CodeArtifact resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about a job (custom actions only)", - "privilege": "GetJobDetails", + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a CodeArtifact resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a pipeline structure", - "privilege": "GetPipeline", + "access_level": "Write", + "description": "Grants permission to modify the properties of a package group", + "privilege": "UpdatePackageGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "package-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about an execution of a pipeline, including details about artifacts, the pipeline execution ID, and the name, version, and status of the pipeline", - "privilege": "GetPipelineExecution", + "access_level": "Write", + "description": "Grants permission to modify the package origin configuration of a package group", + "privilege": "UpdatePackageGroupOriginConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "package-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about the current state of the stages and actions of a pipeline", - "privilege": "GetPipelineState", + "access_level": "Write", + "description": "Grants permission to modify the status of one or more versions of a package", + "privilege": "UpdatePackageVersionsStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "package*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of a job for a third-party action (partner actions only)", - "privilege": "GetThirdPartyJobDetails", + "access_level": "Write", + "description": "Grants permission to modify the properties of a repository", + "privilege": "UpdateRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:domain/${DomainName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain" }, { - "access_level": "Read", - "description": "Grants permission to list the action executions that have occurred in a pipeline", - "privilege": "ListActionExecutions", + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:repository/${DomainName}/${RepositoryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "repository" + }, + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package-group/${DomainName}${EncodedPackageGroupPattern}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "package-group" + }, + { + "arn": "arn:${Partition}:codeartifact:${Region}:${Account}:package/${DomainName}/${RepositoryName}/${PackageFormat}/${PackageNamespace}/${PackageName}", + "condition_keys": [], + "resource": "package" + } + ], + "service_name": "AWS CodeArtifact" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codebuild", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to delete one or more builds", + "privilege": "BatchDeleteBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to list a summary of all the action types available for pipelines in your account", - "privilege": "ListActionTypes", + "description": "Grants permission to get information about one or more build batches", + "privilege": "BatchGetBuildBatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "List", - "description": "Grants permission to list a summary of the most recent executions for a pipeline", - "privilege": "ListPipelineExecutions", + "access_level": "Read", + "description": "Grants permission to get information about one or more builds", + "privilege": "BatchGetBuilds", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "project*" } ] }, { - "access_level": "List", - "description": "Grants permission to list a summary of all the pipelines associated with your AWS account", - "privilege": "ListPipelines", + "access_level": "Read", + "description": "Grants permission to return an array of the Fleet objects specified by the input parameter", + "privilege": "BatchGetFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for a CodePipeline resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get information about one or more build projects", + "privilege": "BatchGetProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return an array of ReportGroup objects that are specified by the input reportGroupArns parameter", + "privilege": "BatchGetReportGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline" - }, + "resource_type": "report-group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return an array of the Report objects specified by the input reportArns parameter", + "privilege": "BatchGetReports", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook" + "resource_type": "report-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the webhooks associated with your AWS account", - "privilege": "ListWebhooks", + "access_level": "Write", + "description": "Grants permission to add or update information about a report", + "privilege": "BatchPutCodeCoverages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "report-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to view information about any jobs for CodePipeline to act on", - "privilege": "PollForJobs", + "description": "Grants permission to add or update information about a report", + "privilege": "BatchPutTestCases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" + "resource_type": "report-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to determine whether there are any third-party jobs for a job worker to act on (partner actions only)", - "privilege": "PollForThirdPartyJobs", + "description": "Grants permission to create a compute fleet", + "privilege": "CreateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to edit actions in a pipeline", - "privilege": "PutActionRevision", + "description": "Grants permission to create a build project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to provide a response (Approved or Rejected) to a manual approval request in CodePipeline", - "privilege": "PutApprovalResult", + "description": "Grants permission to create a report. A report is created when tests specified in the buildspec file for a report groups run during the build of a project", + "privilege": "CreateReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "report-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to represent the failure of a job as returned to the pipeline by a job worker (custom actions only)", - "privilege": "PutJobFailureResult", + "description": "Grants permission to create a report group", + "privilege": "CreateReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "report-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to represent the success of a job as returned to the pipeline by a job worker (custom actions only)", - "privilege": "PutJobSuccessResult", + "description": "Grants permission to create webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository", + "privilege": "CreateWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to represent the failure of a third-party job as returned to the pipeline by a job worker (partner actions only)", - "privilege": "PutThirdPartyJobFailureResult", + "description": "Grants permission to delete a build batch", + "privilege": "DeleteBuildBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to represent the success of a third-party job as returned to the pipeline by a job worker (partner actions only)", - "privilege": "PutThirdPartyJobSuccessResult", + "description": "Grants permission to delete a compute fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a webhook", - "privilege": "PutWebhook", + "description": "Grants permission to delete an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", + "privilege": "DeleteOAuthToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webhook*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register a webhook with the third party specified in its configuration", - "privilege": "RegisterWebhookWithThirdParty", + "description": "Grants permission to delete a build project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to resume the pipeline execution by retrying the last failed actions in a stage", - "privilege": "RetryStageExecution", + "description": "Grants permission to delete a report", + "privilege": "DeleteReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "report-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to run the most recent revision through the pipeline", - "privilege": "StartPipelineExecution", + "description": "Grants permission to delete a report group", + "privilege": "DeleteReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "report-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an in-progress pipeline execution", - "privilege": "StopPipelineExecution", + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy for the associated project or report group", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-group" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a CodePipeline resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a set of GitHub, GitHub Enterprise, or Bitbucket source credentials", + "privilege": "DeleteSourceCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete webhook. For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops AWS CodeBuild from rebuilding the source code every time a code change is pushed to the repository", + "privilege": "DeleteWebhook", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return an array of CodeCoverage objects", + "privilege": "DescribeCodeCoverages", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook" - }, + "resource_type": "report-group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return an array of TestCase objects", + "privilege": "DescribeTestCases", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "report-group*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from a CodePipeline resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to analyze and accumulate test report values for the test reports in the specified report group", + "privilege": "GetReportGroupTrend", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype" - }, + "resource_type": "report-group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a resource policy for the specified project or report group", + "privilege": "GetResourcePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline" + "resource_type": "project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "webhook" - }, + "resource_type": "report-group" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import the source repository credentials for an AWS CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository", + "privilege": "ImportSourceCredentials", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -42288,184 +44517,188 @@ }, { "access_level": "Write", - "description": "Grants permission to update an action type", - "privilege": "UpdateActionType", + "description": "Grants permission to reset the cache for a project", + "privilege": "InvalidateProjectCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "actiontype*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a pipeline with changes to the structure of the pipeline", - "privilege": "UpdatePipeline", + "access_level": "List", + "description": "Grants permission to get a list of build batch IDs, with each build batch ID representing a single build batch", + "privilege": "ListBuildBatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}/${ActionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "action" }, { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${Owner}/${Category}/${Provider}/${Version}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "actiontype" + "access_level": "List", + "description": "Grants permission to get a list of build batch IDs for the specified build project, with each build batch ID representing a single build batch", + "privilege": "ListBuildBatchesForProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] }, { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pipeline" + "access_level": "List", + "description": "Grants permission to get a list of build IDs, with each build ID representing a single build", + "privilege": "ListBuilds", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stage" + "access_level": "List", + "description": "Grants permission to get a list of build IDs for the specified build project, with each build ID representing a single build", + "privilege": "ListBuildsForProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] }, { - "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:webhook:${WebhookName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "webhook" - } - ], - "service_name": "AWS CodePipeline" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by requests based on the allowed set of values for each of the tags", - "type": "String" + "access_level": "List", + "description": "Grants permission to list connected third-party OAuth providers. Only used in the AWS CodeBuild console", + "privilege": "ListConnectedOAuthAccounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag-value associated with the resource", - "type": "String" + "access_level": "List", + "description": "Grants permission to get information about Docker images that are managed by AWS CodeBuild", + "privilege": "ListCuratedEnvironmentImages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by requests based on the presence of mandatory tags in the request", - "type": "ArrayOfString" + "access_level": "List", + "description": "Grants permission to get a list of compute fleet ARNs, with each compute fleet ARN representing a single fleet", + "privilege": "ListFleets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "iam:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag-value associated with the resource", - "type": "String" - } - ], - "prefix": "codestar", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to add a user to the team for an AWS CodeStar project", - "privilege": "AssociateTeamMember", + "access_level": "List", + "description": "Grants permission to get a list of build project names, with each build project name representing a single build project", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a project with minimal structure, customer policies, and no resources", - "privilege": "CreateProject", + "access_level": "List", + "description": "Grants permission to return a list of report group ARNs. Each report group ARN represents one report group", + "privilege": "ListReportGroups", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a profile for a user that includes user preferences, display name, and email", - "privilege": "CreateUserProfile", + "access_level": "List", + "description": "Grants permission to return a list of report ARNs. Each report ARN representing one report", + "privilege": "ListReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to extended delete APIs", - "privilege": "DeleteExtendedAccess", + "access_level": "List", + "description": "Grants permission to return a list of report ARNs that belong to the specified report group. Each report ARN represents one report", + "privilege": "ListReportsForReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "report-group*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a project, including project resources. Does not delete users associated with the project, but does delete the IAM roles that allowed access to the project", - "privilege": "DeleteProject", + "access_level": "List", + "description": "Grants permission to list source code repositories from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", + "privilege": "ListRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user profile in AWS CodeStar, including all personal preference data associated with that profile, such as display name and email address. It does not delete the history of that user, for example the history of commits made by that user", - "privilege": "DeleteUserProfile", + "access_level": "List", + "description": "Grants permission to return a list of project ARNs that have been shared with the requester. Each project ARN represents one project", + "privilege": "ListSharedProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a project and its resources", - "privilege": "DescribeProject", + "access_level": "List", + "description": "Grants permission to return a list of report group ARNs that have been shared with the requester. Each report group ARN represents one report group", + "privilege": "ListSharedReportGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a user in AWS CodeStar and the user attributes across all projects", - "privilege": "DescribeUserProfile", + "access_level": "List", + "description": "Grants permission to return a list of SourceCredentialsInfo objects", + "privilege": "ListSourceCredentials", "resource_types": [ { "condition_keys": [], @@ -42475,45 +44708,50 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove a user from a project. Removing a user from a project also removes the IAM policies from that user that allowed access to the project and its resources", - "privilege": "DisassociateTeamMember", + "access_level": "Write", + "description": "Grants permission to save an OAuth token from a connected third-party OAuth provider. Only used in the AWS CodeBuild console", + "privilege": "PersistOAuthToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to extended read APIs", - "privilege": "GetExtendedAccess", + "access_level": "Permissions management", + "description": "Grants permission to create a resource policy for the associated project or report group", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "report-group" } ] }, { - "access_level": "List", - "description": "Grants permission to list all projects in CodeStar associated with your AWS account", - "privilege": "ListProjects", + "access_level": "Write", + "description": "Grants permission to retry a build", + "privilege": "RetryBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all resources associated with a project in CodeStar", - "privilege": "ListResources", + "access_level": "Write", + "description": "Grants permission to retry a build batch", + "privilege": "RetryBuildBatch", "resource_types": [ { "condition_keys": [], @@ -42523,9 +44761,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the tags associated with a project in CodeStar", - "privilege": "ListTagsForProject", + "access_level": "Write", + "description": "Grants permission to start running a build", + "privilege": "StartBuild", "resource_types": [ { "condition_keys": [], @@ -42535,9 +44773,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all team members associated with a project", - "privilege": "ListTeamMembers", + "access_level": "Write", + "description": "Grants permission to start running a build batch", + "privilege": "StartBuildBatch", "resource_types": [ { "condition_keys": [], @@ -42547,21 +44785,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list user profiles in AWS CodeStar", - "privilege": "ListUserProfiles", + "access_level": "Write", + "description": "Grants permission to attempt to stop running a build", + "privilege": "StopBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to extended write APIs", - "privilege": "PutExtendedAccess", + "description": "Grants permission to attempt to stop running a build batch", + "privilege": "StopBuildBatch", "resource_types": [ { "condition_keys": [], @@ -42571,14 +44809,14 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a project in CodeStar", - "privilege": "TagProject", + "access_level": "Write", + "description": "Grants permission to change the settings of an existing compute fleet", + "privilege": "UpdateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "fleet*" }, { "condition_keys": [ @@ -42591,9 +44829,9 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a project in CodeStar", - "privilege": "UntagProject", + "access_level": "Write", + "description": "Grants permission to change the settings of an existing build project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], @@ -42602,6 +44840,7 @@ }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -42611,156 +44850,136 @@ }, { "access_level": "Write", - "description": "Grants permission to update a project in CodeStar", - "privilege": "UpdateProject", + "description": "Grants permission to change the public visibility of a project and its builds", + "privilege": "UpdateProjectVisibility", "resource_types": [ { "condition_keys": [], "dependent_actions": [], "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update team member attributes within a CodeStar project", - "privilege": "UpdateTeamMember", + "access_level": "Write", + "description": "Grants permission to update information about a report", + "privilege": "UpdateReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "report-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a profile for a user that includes user preferences, display name, and email", - "privilege": "UpdateUserProfile", + "description": "Grants permission to change the settings of an existing report group", + "privilege": "UpdateReportGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "report-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to verify whether the AWS CodeStar service role exists in the customer's account", - "privilege": "VerifyServiceRole", + "access_level": "Write", + "description": "Grants permission to update the webhook associated with an AWS CodeBuild build project", + "privilege": "UpdateWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:codestar:${Region}:${Account}:project/${ProjectId}", + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build/${BuildId}", + "condition_keys": [], + "resource": "build" + }, + { + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:build-batch/${BuildBatchId}", + "condition_keys": [], + "resource": "build-batch" + }, + { + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:project/${ProjectName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], "resource": "project" }, { - "arn": "arn:${Partition}:iam::${Account}:user/${AwsUserName}", + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report-group/${ReportGroupName}", "condition_keys": [ - "iam:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "user" + "resource": "report-group" + }, + { + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:report/${ReportGroupName}:${ReportId}", + "condition_keys": [], + "resource": "report" + }, + { + "arn": "arn:${Partition}:codebuild:${Region}:${Account}:fleet/${FleetName}:${FleetId}", + "condition_keys": [], + "resource": "fleet" } ], - "service_name": "AWS CodeStar" + "service_name": "AWS CodeBuild" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by a tag's key and value in a request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by the tag keys in a request", "type": "ArrayOfString" - }, - { - "condition": "codestar-connections:BranchName", - "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", - "type": "String" - }, - { - "condition": "codestar-connections:FullRepositoryId", - "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", - "type": "String" - }, - { - "condition": "codestar-connections:HostArn", - "description": "Filters access by the host resource associated with the connection used in the request", - "type": "String" - }, - { - "condition": "codestar-connections:InstallationId", - "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeStar Connections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", - "type": "String" - }, - { - "condition": "codestar-connections:OwnerId", - "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", - "type": "String" - }, - { - "condition": "codestar-connections:PassedToService", - "description": "Filters access by the service to which the principal is allowed to pass a Connection", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderAction", - "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderPermissionsRequired", - "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderType", - "description": "Filters access by the type of third-party provider passed in the request", - "type": "String" - }, - { - "condition": "codestar-connections:ProviderTypeFilter", - "description": "Filters access by the type of third-party provider used to filter results", - "type": "String" - }, - { - "condition": "codestar-connections:RepositoryName", - "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for creating new repositories", - "type": "String" } ], - "prefix": "codestar-connections", + "prefix": "codecatalyst", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a Connection resource", - "privilege": "CreateConnection", + "description": "Grants permission to accept a request to connect this account to an Amazon CodeCatalyst space", + "privilege": "AcceptConnection", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-connections:ProviderType" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -42769,14 +44988,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create a host resource", - "privilege": "CreateHost", + "description": "Grants permission to associate an IAM role to a connection", + "privilege": "AssociateIamRoleToConnection", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "connections*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-connections:ProviderType" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -42785,76 +45009,104 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Connection resource", - "privilege": "DeleteConnection", + "description": "Grants permission to associate an IAM Identity Center application with an Amazon CodeCatalyst space", + "privilege": "AssociateIdentityCenterApplicationToSpace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a host resource", - "privilege": "DeleteHost", + "description": "Grants permission to associate an identity with an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "AssociateIdentityToIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Host*" + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Connection resource", - "privilege": "GetConnection", + "access_level": "Write", + "description": "Grants permission to associate multiple identities with an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "BatchAssociateIdentitiesToIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a host resource", - "privilege": "GetHost", + "access_level": "Write", + "description": "Grants permission to disassociate multiple identities from an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "BatchDisassociateIdentitiesFromIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Host*" + "resource_type": "identity-center-applications*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "GetIndividualAccessToken", + "access_level": "Write", + "description": "Grants permission to create an IAM Identity Center application", + "privilege": "CreateIdentityCenterApplication", "resource_types": [ { "condition_keys": [ - "codestar-connections:ProviderType" - ], - "dependent_actions": [ - "codestar-connections:StartOAuthHandshake" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "GetInstallationUrl", + "access_level": "Write", + "description": "Grants permission to create an Amazon CodeCatalyst space", + "privilege": "CreateSpace", "resource_types": [ { "condition_keys": [ - "codestar-connections:ProviderType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -42862,87 +45114,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Connection resources", - "privilege": "ListConnections", - "resource_types": [ - { - "condition_keys": [ - "codestar-connections:ProviderTypeFilter" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list host resources", - "privilege": "ListHosts", - "resource_types": [ - { - "condition_keys": [ - "codestar-connections:ProviderTypeFilter" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "ListInstallationTargets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "codestar-connections:GetIndividualAccessToken", - "codestar-connections:StartOAuthHandshake" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Gets the set of key-value pairs that are used to manage the resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Connection*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", - "privilege": "PassConnection", + "access_level": "Write", + "description": "Grants permission to create an administrator role assignment for a given Amazon CodeCatalyst space and IAM Identity Center application", + "privilege": "CreateSpaceAdminRoleAssignment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codestar-connections:PassedToService" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", - "privilege": "RegisterAppCode", - "resource_types": [ - { - "condition_keys": [ - "codestar-connections:HostArn" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -42950,27 +45133,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", - "privilege": "StartAppRegistrationHandshake", + "access_level": "Write", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", "resource_types": [ { - "condition_keys": [ - "codestar-connections:HostArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", - "privilege": "StartOAuthHandshake", - "resource_types": [ + "resource_type": "connections*" + }, { "condition_keys": [ - "codestar-connections:ProviderType" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -42978,19 +45152,18 @@ ] }, { - "access_level": "Tagging", - "description": "Adds to or modifies the tags of the given resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete an IAM Identity Center application", + "privilege": "DeleteIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -42998,19 +45171,18 @@ ] }, { - "access_level": "Tagging", - "description": "Removes tags from an AWS resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to disassociate an IAM role from a connection", + "privilege": "DisassociateIamRoleFromConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "connections*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43019,22 +45191,17 @@ }, { "access_level": "Write", - "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", - "privilege": "UpdateConnectionInstallation", + "description": "Grants permission to disassociate an IAM Identity Center application from an Amazon CodeCatalyst space", + "privilege": "DisassociateIdentityCenterApplicationFromSpace", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codestar-connections:GetIndividualAccessToken", - "codestar-connections:GetInstallationUrl", - "codestar-connections:ListInstallationTargets", - "codestar-connections:StartOAuthHandshake" - ], - "resource_type": "Connection*" + "dependent_actions": [], + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codestar-connections:InstallationId" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43043,92 +45210,36 @@ }, { "access_level": "Write", - "description": "Grants permission to update a host resource", - "privilege": "UpdateHost", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Host*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to use a Connection resource to call provider actions", - "privilege": "UseConnection", + "description": "Grants permission to disassociate an identity from an IAM Identity Center application for an Amazon CodeCatalyst space", + "privilege": "DisassociateIdentityFromIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Connection*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "codestar-connections:FullRepositoryId", - "codestar-connections:ProviderAction", - "codestar-connections:ProviderPermissionsRequired" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:connection/${ConnectionId}", - "condition_keys": [], - "resource": "Connection" - }, - { - "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:host/${HostId}", - "condition_keys": [], - "resource": "Host" - } - ], - "service_name": "AWS CodeStar Connections" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", - "type": "ArrayOfString" }, { - "condition": "codestar-notifications:NotificationsForResource", - "description": "Filters access based on the ARN of the resource for which notifications are configured", - "type": "ARN" - } - ], - "prefix": "codestar-notifications", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a notification rule for a resource", - "privilege": "CreateNotificationRule", + "access_level": "Read", + "description": "Grants permission to describe the billing authorization for a connection", + "privilege": "GetBillingAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "connections*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43136,36 +45247,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a notification rule for a resource", - "privilege": "DeleteNotificationRule", + "access_level": "Read", + "description": "Grants permission to get a connection", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "connections*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a target for a notification rule", - "privilege": "DeleteTarget", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43174,20 +45267,17 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a notification rule", - "privilege": "DescribeNotificationRule", + "description": "Grants permission to get information about an IAM Identity Center application", + "privilege": "GetIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43195,9 +45285,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list notifications event types", - "privilege": "ListEventTypes", + "access_level": "Read", + "description": "Grants permission to get a pending request to connect this account to an Amazon CodeCatalyst space", + "privilege": "GetPendingConnection", "resource_types": [ { "condition_keys": [], @@ -43208,8 +45298,8 @@ }, { "access_level": "List", - "description": "Grants permission to list notification rules in an AWS account", - "privilege": "ListNotificationRules", + "description": "Grants permission to list connections that are not pending", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], @@ -43220,18 +45310,17 @@ }, { "access_level": "List", - "description": "Grants permission to list the tags attached to a notification rule resource ARN", - "privilege": "ListTagsForResource", + "description": "Grants permission to list IAM roles associated with a connection", + "privilege": "ListIamRolesForConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "connections*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43240,56 +45329,41 @@ }, { "access_level": "List", - "description": "Grants permission to list the notification rule targets for an AWS account", - "privilege": "ListTargets", + "description": "Grants permission to view a list of all IAM Identity Center applications in the account", + "privilege": "ListIdentityCenterApplications", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an association between a notification rule and an Amazon SNS topic", - "privilege": "Subscribe", + "access_level": "List", + "description": "Grants permission to view a list of IAM Identity Center applications by Amazon CodeCatalyst space", + "privilege": "ListIdentityCenterApplicationsForSpace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to a notification rule resource ARN", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to view a list of Amazon CodeCatalyst spaces by IAM Identity Center application", + "privilege": "ListSpacesForIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43297,41 +45371,23 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove an association between a notification rule and an Amazon SNS topic", - "privilege": "Unsubscribe", + "access_level": "Read", + "description": "Grants permission to list tags for an Amazon CodeCatalyst resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "connections" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to disassociate resource tags from a notification rule resource ARN", - "privilege": "UntagResource", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "identity-center-applications" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43340,87 +45396,44 @@ }, { "access_level": "Write", - "description": "Grants permission to change a notification rule for a resource", - "privilege": "UpdateNotificationRule", + "description": "Grants permission to create or update the billing authorization for a connection", + "privilege": "PutBillingAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notificationrule*" + "resource_type": "connections*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "codestar-notifications:NotificationsForResource" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:codestar-notifications:${Region}:${Account}:notificationrule/${NotificationRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "notificationrule" - } - ], - "service_name": "AWS CodeStar Notifications" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with CodeWhisperer resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "codewhisperer", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to invoke CreateProfile on CodeWhisperer", - "privilege": "CreateProfile", + "description": "Grants permission to reject a request to connect this account to an Amazon CodeCatalyst space", + "privilege": "RejectConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke DeleteProfile on CodeWhisperer", - "privilege": "DeleteProfile", + "description": "Grants permission to synchronize an IAM Identity Center application with the backing identity store", + "privilege": "SynchronizeIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ @@ -43432,41 +45445,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to invoke GenerateRecommendations on CodeWhisperer", - "privilege": "GenerateRecommendations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to invoke ListProfiles on CodeWhisperer", - "privilege": "ListProfiles", + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon CodeCatalyst resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to invoke ListTagsForResource on CodeWhisperer", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "connections" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" + "resource_type": "identity-center-applications" }, { "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -43476,40 +45472,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to invoke TagResource on CodeWhisperer", - "privilege": "TagResource", + "description": "Grants permission to untag an Amazon CodeCatalyst resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" + "resource_type": "connections" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to invoke UntagResource on CodeWhisperer", - "privilege": "UntagResource", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" + "resource_type": "identity-center-applications" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -43518,13 +45497,13 @@ }, { "access_level": "Write", - "description": "Grants permission to invoke UpdateProfile on CodeWhisperer", - "privilege": "UpdateProfile", + "description": "Grants permission to update an IAM Identity Center application", + "privilege": "UpdateIdentityCenterApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "profile*" + "resource_type": "identity-center-applications*" }, { "condition_keys": [ @@ -43538,138 +45517,157 @@ ], "resources": [ { - "arn": "arn:${Partition}:codewhisperer::${Account}:profile/${Identifier}", + "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/connections/${ConnectionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "profile" + "resource": "connections" + }, + { + "arn": "arn:${Partition}:codecatalyst:${Region}:${Account}:/identity-center-applications/${IdentityCenterApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "identity-center-applications" + }, + { + "arn": "arn:${Partition}:codecatalyst:::space/${SpaceId}", + "condition_keys": [], + "resource": "space" + }, + { + "arn": "arn:${Partition}:codecatalyst:::space/${SpaceId}/project/${ProjectId}", + "condition_keys": [], + "resource": "project" } ], - "service_name": "Amazon CodeWhisperer" + "service_name": "Amazon CodeCatalyst" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by a key that is present in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "codecommit:References", + "description": "Filters access by Git reference to specified AWS CodeCommit actions", + "type": "String" } ], - "prefix": "cognito-identity", + "prefix": "codecommit", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new identity pool", - "privilege": "CreateIdentityPool", + "description": "Grants permission to associate an approval rule template with a repository", + "privilege": "AssociateApprovalRuleTemplateWithRepository", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete identities from an identity pool. You can specify a list of 1-60 identities that you want to delete", - "privilege": "DeleteIdentities", + "description": "Grants permission to associate an approval rule template with multiple repositories in a single operation", + "privilege": "BatchAssociateApprovalRuleTemplateWithRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user pool. Once a pool is deleted, users will not be able to authenticate with the pool", - "privilege": "DeleteIdentityPool", + "access_level": "Read", + "description": "Grants permission to get information about multiple merge conflicts when attempting to merge two commits using either the three-way merge or the squash merge option", + "privilege": "BatchDescribeMergeConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return metadata related to the given identity, including when the identity was created and any associated linked logins", - "privilege": "DescribeIdentity", + "access_level": "Write", + "description": "Grants permission to remove the association between an approval rule template and multiple repositories in a single operation", + "privilege": "BatchDisassociateApprovalRuleTemplateFromRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a particular identity pool, including the pool name, ID description, creation date, and current number of users", - "privilege": "DescribeIdentityPool", + "description": "Grants permission to return information about one or more commits in an AWS CodeCommit repository", + "privilege": "BatchGetCommits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to return credentials for the provided identity ID", - "privilege": "GetCredentialsForIdentity", + "description": "Grants permission to return information about one or more pull requests in an AWS CodeCommit repository", + "privilege": "BatchGetPullRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to generate (or retrieve) a Cognito ID. Supplying multiple logins will create an implicit linked account", - "privilege": "GetId", + "access_level": "Read", + "description": "Grants permission to get information about multiple repositories", + "privilege": "BatchGetRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the roles for an identity pool", - "privilege": "GetIdentityPoolRoles", + "description": "Grants permission to cancel the uploading of an archive to a pipeline in AWS CodePipeline", + "privilege": "CancelUploadArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an OpenID token, using a known Cognito ID", - "privilege": "GetOpenIdToken", + "access_level": "Write", + "description": "Grants permission to create an approval rule template that will automatically create approval rules in pull requests that match the conditions defined in the template; does not grant permission to create approval rules for individual pull requests", + "privilege": "CreateApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], @@ -43679,105 +45677,110 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to register (or retrieve) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process", - "privilege": "GetOpenIdTokenForDeveloperIdentity", + "access_level": "Write", + "description": "Grants permission to create a branch in an AWS CodeCommit repository with this API; does not control Git create branch actions", + "privilege": "CreateBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the principal tags for an identity pool and provider", - "privilege": "GetPrincipalTagAttributeMap", - "resource_types": [ + "resource_type": "repository*" + }, { - "condition_keys": [], + "condition_keys": [ + "codecommit:References" + ], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the identities in an identity pool", - "privilege": "ListIdentities", + "access_level": "Write", + "description": "Grants permission to add, copy, move or update single or multiple files in a branch in an AWS CodeCommit repository, and generate a commit for the changes in the specified branch", + "privilege": "CreateCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the Cognito identity pools registered for your account", - "privilege": "ListIdentityPools", - "resource_types": [ + "resource_type": "repository*" + }, { - "condition_keys": [], + "condition_keys": [ + "codecommit:References" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags that are assigned to an Amazon Cognito identity pool", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a pull request in the specified repository", + "privilege": "CreatePullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the IdentityId associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifiers associated with an IdentityId for an existing identity", - "privilege": "LookupDeveloperIdentity", + "access_level": "Write", + "description": "Grants permission to create an approval rule specific to an individual pull request; does not grant permission to create approval rule templates", + "privilege": "CreatePullRequestApprovalRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to merge two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider", - "privilege": "MergeDeveloperIdentities", + "description": "Grants permission to create an AWS CodeCommit repository", + "privilege": "CreateRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action", - "privilege": "SetIdentityPoolRoles", + "description": "Grants permission to create an unreferenced commit that contains the result of merging two commits using either the three-way or the squash merge option; does not control Git merge actions", + "privilege": "CreateUnreferencedMergeCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the principal tags for an identity pool and provider. These tags are used when making calls to GetOpenIdToken action", - "privilege": "SetPrincipalTagAttributeMap", + "description": "Grants permission to delete an approval rule template", + "privilege": "DeleteApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], @@ -43787,19 +45790,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign a set of tags to an Amazon Cognito identity pool", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a branch in an AWS CodeCommit repository with this API; does not control Git delete branch actions", + "privilege": "DeleteBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool" + "resource_type": "repository*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "codecommit:References" ], "dependent_actions": [], "resource_type": "" @@ -43808,41 +45810,29 @@ }, { "access_level": "Write", - "description": "Grants permission to unlink a DeveloperUserIdentifier from an existing identity", - "privilege": "UnlinkDeveloperIdentity", + "description": "Grants permission to delete the content of a comment made on a change, file, or commit in a repository", + "privilege": "DeleteCommentContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to unlink a federated identity from an existing account", - "privilege": "UnlinkIdentity", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from an Amazon Cognito identity pool", - "privilege": "UntagResource", + "description": "Grants permission to delete a specified file from a specified branch", + "privilege": "DeleteFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool" + "resource_type": "repository*" }, { "condition_keys": [ - "aws:TagKeys" + "codecommit:References" ], "dependent_actions": [], "resource_type": "" @@ -43851,441 +45841,418 @@ }, { "access_level": "Write", - "description": "Grants permission to update an identity pool", - "privilege": "UpdateIdentityPool", + "description": "Grants permission to delete approval rule created for a pull request if the rule was not created by an approval rule template", + "privilege": "DeletePullRequestApprovalRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "repository*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cognito-identity:${Region}:${Account}:identitypool/${IdentityPoolId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "identitypool" - } - ], - "service_name": "Amazon Cognito Identity" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a key that is present in the request", - "type": "ArrayOfString" - } - ], - "prefix": "cognito-idp", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to add user attributes to the user pool schema", - "privilege": "AddCustomAttributes", + "description": "Grants permission to delete an AWS CodeCommit repository", + "privilege": "DeleteRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add any user to any group", - "privilege": "AdminAddUserToGroup", + "access_level": "Read", + "description": "Grants permission to get information about specific merge conflicts when attempting to merge two commits using either the three-way or the squash merge option", + "privilege": "DescribeMergeConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to confirm any user's registration without a confirmation code", - "privilege": "AdminConfirmSignUp", + "access_level": "Read", + "description": "Grants permission to return information about one or more pull request events", + "privilege": "DescribePullRequestEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to create new users and send welcome messages via email or SMS", - "privilege": "AdminCreateUser", + "description": "Grants permission to remove the association between an approval rule template and a repository", + "privilege": "DisassociateApprovalRuleTemplateFromRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete any user", - "privilege": "AdminDeleteUser", + "access_level": "Read", + "description": "Grants permission to evaluate whether a pull request is mergable based on its current approval state and approval rule requirements", + "privilege": "EvaluatePullRequestApprovalRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete attributes from any user", - "privilege": "AdminDeleteUserAttributes", + "access_level": "Read", + "description": "Grants permission to return information about an approval rule template", + "privilege": "GetApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to unlink any user pool user from a third-party identity provider (IdP) user", - "privilege": "AdminDisableProviderForUser", + "access_level": "Read", + "description": "Grants permission to view the encoded content of an individual file in an AWS CodeCommit repository from the AWS CodeCommit console", + "privilege": "GetBlob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deactivate any user", - "privilege": "AdminDisableUser", + "access_level": "Read", + "description": "Grants permission to get details about a branch in an AWS CodeCommit repository with this API; does not control Git branch actions", + "privilege": "GetBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate any user", - "privilege": "AdminEnableUser", + "access_level": "Read", + "description": "Grants permission to get the content of a comment made on a change, file, or commit in a repository", + "privilege": "GetComment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister any user's devices", - "privilege": "AdminForgetDevice", + "access_level": "Read", + "description": "Grants permission to get the reactions on a comment", + "privilege": "GetCommentReactions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about any user's devices", - "privilege": "AdminGetDevice", + "description": "Grants permission to get information about comments made on the comparison between two commits", + "privilege": "GetCommentsForComparedCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to look up any user by user name", - "privilege": "AdminGetUser", + "description": "Grants permission to get comments made on a pull request", + "privilege": "GetCommentsForPullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to authenticate any user", - "privilege": "AdminInitiateAuth", + "access_level": "Read", + "description": "Grants permission to return information about a commit, including commit message and committer information, with this API; does not control Git log actions", + "privilege": "GetCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to link any user pool user to a third-party IdP user", - "privilege": "AdminLinkProviderForUser", + "access_level": "Read", + "description": "Grants permission to get information about the history of commits in a repository", + "privilege": "GetCommitHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list any user's remembered devices", - "privilege": "AdminListDevices", + "access_level": "Read", + "description": "Grants permission to get information about the difference between commits in the context of a potential merge", + "privilege": "GetCommitsFromMergeBase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the groups that any user belongs to", - "privilege": "AdminListGroupsForUser", + "access_level": "Read", + "description": "Grants permission to view information about the differences between valid commit specifiers such as a branch, tag, HEAD, commit ID, or other fully qualified reference", + "privilege": "GetDifferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { "access_level": "Read", - "description": "Grants permission to lists sign-in events for any user", - "privilege": "AdminListUserAuthEvents", + "description": "Grants permission to return the base-64 encoded contents of a specified file and its metadata", + "privilege": "GetFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove any user from any group", - "privilege": "AdminRemoveUserFromGroup", + "access_level": "Read", + "description": "Grants permission to return the contents of a specified folder in a repository", + "privilege": "GetFolder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset any user's password", - "privilege": "AdminResetUserPassword", + "access_level": "Read", + "description": "Grants permission to get information about a merge commit created by one of the merge options for pull requests that creates merge commits. Not all merge options create merge commits. This permission does not control Git merge actions", + "privilege": "GetMergeCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to respond to an authentication challenge during the authentication of any user", - "privilege": "AdminRespondToAuthChallenge", + "access_level": "Read", + "description": "Grants permission to get information about merge conflicts between the before and after commit IDs for a pull request in a repository", + "privilege": "GetMergeConflicts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set any user's preferred MFA method", - "privilege": "AdminSetUserMFAPreference", + "access_level": "Read", + "description": "Grants permission to get information about merge options for pull requests that can be used to merge two commits; does not control Git merge actions", + "privilege": "GetMergeOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set any user's password", - "privilege": "AdminSetUserPassword", + "access_level": "Read", + "description": "Grants permission to resolve blobs, trees, and commits to their identifier", + "privilege": "GetObjectIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set user settings for any user", - "privilege": "AdminSetUserSettings", + "access_level": "Read", + "description": "Grants permission to get information about a pull request in a specified repository", + "privilege": "GetPullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update advanced security feedback for any user's authentication event", - "privilege": "AdminUpdateAuthEventFeedback", + "access_level": "Read", + "description": "Grants permission to retrieve the current approvals on an inputted pull request", + "privilege": "GetPullRequestApprovalStates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of any user's remembered devices", - "privilege": "AdminUpdateDeviceStatus", + "access_level": "Read", + "description": "Grants permission to retrieve the current override state of a given pull request", + "privilege": "GetPullRequestOverrideState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to updates any user's standard or custom attributes", - "privilege": "AdminUpdateUserAttributes", + "access_level": "Read", + "description": "Grants permission to get details about references in an AWS CodeCommit repository; does not control Git reference actions", + "privilege": "GetReferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to sign out any user from all sessions", - "privilege": "AdminUserGlobalSignOut", + "access_level": "Read", + "description": "Grants permission to get information about an AWS CodeCommit repository", + "privilege": "GetRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Returns a unique generated shared secret key code for the user account", - "privilege": "AssociateSoftwareToken", + "access_level": "Read", + "description": "Grants permission to get information about triggers configured for a repository", + "privilege": "GetRepositoryTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate the user pool with an AWS WAF web ACL", - "privilege": "AssociateWebACL", + "access_level": "Read", + "description": "Grants permission to view the contents of a specified tree in an AWS CodeCommit repository from the AWS CodeCommit console", + "privilege": "GetTree", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "webacl*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Changes the password for a specified user in a user pool", - "privilege": "ChangePassword", + "access_level": "Read", + "description": "Grants permission to get status information about an archive upload to a pipeline in AWS CodePipeline", + "privilege": "GetUploadArchiveStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Confirms tracking of the device. This API call is the call that begins device tracking", - "privilege": "ConfirmDevice", + "access_level": "Read", + "description": "Grants permission to pull information from an AWS CodeCommit repository to a local repo", + "privilege": "GitPull", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Allows a user to enter a confirmation code to reset a forgotten password", - "privilege": "ConfirmForgotPassword", + "description": "Grants permission to push information from a local repo to an AWS CodeCommit repository", + "privilege": "GitPush", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Confirms registration of a user and handles the existing alias from a previous user", - "privilege": "ConfirmSignUp", + "access_level": "List", + "description": "Grants permission to list all approval rule templates in an AWS Region for the AWS account", + "privilege": "ListApprovalRuleTemplates", "resource_types": [ { "condition_keys": [], @@ -44295,289 +46262,363 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create new user pool groups", - "privilege": "CreateGroup", + "access_level": "List", + "description": "Grants permission to list approval rule templates that are associated with a repository", + "privilege": "ListAssociatedApprovalRuleTemplatesForRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add identity providers to user pools", - "privilege": "CreateIdentityProvider", + "access_level": "List", + "description": "Grants permission to list branches for an AWS CodeCommit repository with this API; does not control Git branch actions", + "privilege": "ListBranches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and configure scopes for OAuth 2.0 resource servers", - "privilege": "CreateResourceServer", + "access_level": "List", + "description": "Grants permission to list commits and changes to a specified file", + "privilege": "ListFileCommitHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create user CSV import jobs", - "privilege": "CreateUserImportJob", + "access_level": "List", + "description": "Grants permission to list pull requests for a specified repository", + "privilege": "ListPullRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and set password policy for user pools", - "privilege": "CreateUserPool", + "access_level": "List", + "description": "Grants permission to list information about AWS CodeCommit repositories in the current Region for your AWS account", + "privilege": "ListRepositories", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create user pool app clients", - "privilege": "CreateUserPoolClient", + "access_level": "List", + "description": "Grants permission to list repositories that are associated with an approval rule template", + "privilege": "ListRepositoriesForApprovalRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add user pool domains", - "privilege": "CreateUserPoolDomain", + "access_level": "List", + "description": "Grants permission to list the resource attached to a CodeCommit resource ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any empty user pool group", - "privilege": "DeleteGroup", + "description": "Grants permission to merge two commits into the specified destination branch using the fast-forward merge option", + "privilege": "MergeBranchesByFastForward", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any identity provider from user pools", - "privilege": "DeleteIdentityProvider", + "description": "Grants permission to merge two commits into the specified destination branch using the squash merge option", + "privilege": "MergeBranchesBySquash", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - } - ] + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { "access_level": "Write", - "description": "Grants permission to delete any OAuth 2.0 resource server from user pools", - "privilege": "DeleteResourceServer", + "description": "Grants permission to merge two commits into the specified destination branch using the three-way merge option", + "privilege": "MergeBranchesByThreeWay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Allows a user to delete one's self", - "privilege": "DeleteUser", + "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the fast-forward merge option", + "privilege": "MergePullRequestByFastForward", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Deletes the attributes for a user", - "privilege": "DeleteUserAttributes", + "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the squash merge option", + "privilege": "MergePullRequestBySquash", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete user pools", - "privilege": "DeleteUserPool", + "description": "Grants permission to close a pull request and attempt to merge it into the specified destination branch for that pull request at the specified commit using the three-way merge option", + "privilege": "MergePullRequestByThreeWay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any user pool app client", - "privilege": "DeleteUserPoolClient", + "description": "Grants permission to override all approval rules for a pull request, including approval rules created by a template", + "privilege": "OverridePullRequestApprovalRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete any user pool domain", - "privilege": "DeleteUserPoolDomain", + "description": "Grants permission to post a comment on the comparison between two commits", + "privilege": "PostCommentForComparedCommit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe any user pool identity provider", - "privilege": "DescribeIdentityProvider", + "access_level": "Write", + "description": "Grants permission to post a comment on a pull request", + "privilege": "PostCommentForPullRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe any OAuth 2.0 resource server", - "privilege": "DescribeResourceServer", + "access_level": "Write", + "description": "Grants permission to post a comment in reply to a comment on a comparison between commits or a pull request", + "privilege": "PostCommentReply", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the risk configuration settings of user pools and app clients", - "privilege": "DescribeRiskConfiguration", + "access_level": "Write", + "description": "Grants permission to post a reaction on a comment", + "privilege": "PutCommentReaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe any user import job", - "privilege": "DescribeUserImportJob", + "access_level": "Write", + "description": "Grants permission to add or update a file in a branch in an AWS CodeCommit repository, and generate a commit for the addition in the specified branch", + "privilege": "PutFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" + }, + { + "condition_keys": [ + "codecommit:References" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe user pools", - "privilege": "DescribeUserPool", + "access_level": "Write", + "description": "Grants permission to create, update, or delete triggers for a repository", + "privilege": "PutRepositoryTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe any user pool app client", - "privilege": "DescribeUserPoolClient", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to a CodeCommit resource ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe any user pool domain", - "privilege": "DescribeUserPoolDomain", + "access_level": "Write", + "description": "Grants permission to test the functionality of repository triggers by sending information to the trigger target", + "privilege": "TestRepositoryTriggers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to disassociate resource tags from a CodeCommit resource ARN", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "repository" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the user pool with an AWS WAF web ACL", - "privilege": "DisassociateWebACL", + "description": "Grants permission to update the content of approval rule templates; does not grant permission to update content of approval rules created specifically for pull requests", + "privilege": "UpdateApprovalRuleTemplateContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Forgets the specified device", - "privilege": "ForgetDevice", + "description": "Grants permission to update the description of approval rule templates", + "privilege": "UpdateApprovalRuleTemplateDescription", "resource_types": [ { "condition_keys": [], @@ -44588,8 +46629,8 @@ }, { "access_level": "Write", - "description": "Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password", - "privilege": "ForgotPassword", + "description": "Grants permission to update the name of approval rule templates", + "privilege": "UpdateApprovalRuleTemplateName", "resource_types": [ { "condition_keys": [], @@ -44599,297 +46640,443 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to generate headers for a user import .csv file", - "privilege": "GetCSVHeader", + "access_level": "Write", + "description": "Grants permission to update the contents of a comment if the identity matches the identity used to create the comment", + "privilege": "UpdateComment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Gets the device", - "privilege": "GetDevice", + "access_level": "Write", + "description": "Grants permission to change the default branch in an AWS CodeCommit repository", + "privilege": "UpdateDefaultBranch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a user pool group", - "privilege": "GetGroup", + "access_level": "Write", + "description": "Grants permission to update the content for approval rules created for a specific pull requests; does not grant permission to update approval rule content for rules created with an approval rule template", + "privilege": "UpdatePullRequestApprovalRuleContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to correlate a user pool IdP identifier to the IdP Name", - "privilege": "GetIdentityProviderByIdentifier", + "access_level": "Write", + "description": "Grants permission to update the approval state for pull requests", + "privilege": "UpdatePullRequestApprovalState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to look up signing certificates for user pools", - "privilege": "GetSigningCertificate", + "access_level": "Write", + "description": "Grants permission to update the description of a pull request", + "privilege": "UpdatePullRequestDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get UI customization information for the hosted UI of any app client", - "privilege": "GetUICustomization", + "access_level": "Write", + "description": "Grants permission to update the status of a pull request", + "privilege": "UpdatePullRequestStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Gets the user attributes and metadata for a user", - "privilege": "GetUser", + "access_level": "Write", + "description": "Grants permission to update the title of a pull request", + "privilege": "UpdatePullRequestTitle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Gets the user attribute verification code for the specified attribute name", - "privilege": "GetUserAttributeVerificationCode", + "access_level": "Write", + "description": "Grants permission to change the description of an AWS CodeCommit repository", + "privilege": "UpdateRepositoryDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to look up the MFA configuration of user pools", - "privilege": "GetUserPoolMfaConfig", + "access_level": "Write", + "description": "Grants permission to change the AWS KMS encryption key used to encrypt and decrypt an AWS CodeCommit repository", + "privilege": "UpdateRepositoryEncryptionKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool", - "privilege": "GetWebACLForResource", + "access_level": "Write", + "description": "Grants permission to change the name of an AWS CodeCommit repository", + "privilege": "UpdateRepositoryName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Signs out users from all devices", - "privilege": "GlobalSignOut", + "description": "Grants permission to the service role for AWS CodePipeline to upload repository changes into a pipeline", + "privilege": "UploadArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "repository*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codecommit:${Region}:${Account}:${RepositoryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "repository" + } + ], + "service_name": "AWS CodeCommit" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "codeconnections:Branch", + "description": "Filters access by the branch name that is passed in the request", + "type": "String" + }, + { + "condition": "codeconnections:BranchName", + "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", + "type": "String" + }, + { + "condition": "codeconnections:FullRepositoryId", + "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", + "type": "String" + }, + { + "condition": "codeconnections:HostArn", + "description": "Filters access by the host resource associated with the connection used in the request", + "type": "ARN" + }, + { + "condition": "codeconnections:InstallationId", + "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeConnections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", + "type": "String" + }, + { + "condition": "codeconnections:OwnerId", + "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + }, + { + "condition": "codeconnections:PassedToService", + "description": "Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink", + "type": "String" + }, + { + "condition": "codeconnections:ProviderAction", + "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", + "type": "ArrayOfString" + }, + { + "condition": "codeconnections:ProviderPermissionsRequired", + "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", + "type": "String" + }, + { + "condition": "codeconnections:ProviderType", + "description": "Filters access by the type of third-party provider passed in the request", + "type": "String" + }, + { + "condition": "codeconnections:ProviderTypeFilter", + "description": "Filters access by the type of third-party provider used to filter results", + "type": "String" }, + { + "condition": "codeconnections:RepositoryName", + "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + } + ], + "prefix": "codeconnections", + "privileges": [ { "access_level": "Write", - "description": "Initiates the authentication flow", - "privilege": "InitiateAuth", + "description": "Grants permission to create a Connection resource", + "privilege": "CreateConnection", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codeconnections:ProviderType" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Lists the devices", - "privilege": "ListDevices", + "access_level": "Write", + "description": "Grants permission to create a host resource", + "privilege": "CreateHost", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codeconnections:ProviderType" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all groups in user pools", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to create a repository link", + "privilege": "CreateRepositoryLink", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeconnections:PassConnection", + "codeconnections:UseConnection" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all identity providers in user pools", - "privilege": "ListIdentityProviders", + "access_level": "Write", + "description": "Grants permission to create a template sync config", + "privilege": "CreateSyncConfiguration", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codeconnections:PassRepository", + "iam:PassRole" + ], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codeconnections:Branch" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all resource servers in user pools", - "privilege": "ListResourceServers", + "access_level": "Write", + "description": "Grants permission to delete a Connection resource", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the user pools that are associated with an AWS WAF web ACL", - "privilege": "ListResourcesForWebACL", + "access_level": "Write", + "description": "Grants permission to delete a host resource", + "privilege": "DeleteHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "webacl*" + "resource_type": "Host*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are assigned to an Amazon Cognito user pool", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a repository link", + "privilege": "DeleteRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all user import jobs", - "privilege": "ListUserImportJobs", + "access_level": "Write", + "description": "Grants permission to delete a sync configuration", + "privilege": "DeleteSyncConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all app clients in user pools", - "privilege": "ListUserPoolClients", + "access_level": "Read", + "description": "Grants permission to get details about a Connection resource", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all user pools", - "privilege": "ListUserPools", + "access_level": "Read", + "description": "Grants permission to get details about a host resource", + "privilege": "GetHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Host*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetIndividualAccessToken", + "resource_types": [ + { + "condition_keys": [ + "codeconnections:ProviderType" + ], + "dependent_actions": [ + "codeconnections:StartOAuthHandshake" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all user pool users", - "privilege": "ListUsers", + "access_level": "Read", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetInstallationUrl", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:ProviderType" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the users in any group", - "privilege": "ListUsersInGroup", + "access_level": "Read", + "description": "Grants permission to describe a repository link", + "privilege": "GetRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "Write", - "description": "Resends the confirmation (for confirmation of registration) to a specific user in the user pool", - "privilege": "ResendConfirmationCode", + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a repository", + "privilege": "GetRepositorySyncStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codeconnections:Branch" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Responds to the authentication challenge", - "privilege": "RespondToAuthChallenge", + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a resource (cfn stack or other resources)", + "privilege": "GetResourceSyncStatus", "resource_types": [ { "condition_keys": [], @@ -44899,9 +47086,9 @@ ] }, { - "access_level": "Write", - "description": "Revokes all of the access tokens generated by the specified refresh token", - "privilege": "RevokeToken", + "access_level": "Read", + "description": "Grants permission to describe service sync blockers on a resource (cfn stack or other resources)", + "privilege": "GetSyncBlockerSummary", "resource_types": [ { "condition_keys": [], @@ -44911,57 +47098,69 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to set risk configuration for user pools and app clients", - "privilege": "SetRiskConfiguration", + "access_level": "Read", + "description": "Grants permission to describe a sync configuration", + "privilege": "GetSyncConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to customize the hosted UI for any app client", - "privilege": "SetUICustomization", + "access_level": "List", + "description": "Grants permission to list Connection resources", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codeconnections:ProviderTypeFilter" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Sets MFA preference for the user in the userpool", - "privilege": "SetUserMFAPreference", + "access_level": "List", + "description": "Grants permission to list host resources", + "privilege": "ListHosts", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:ProviderTypeFilter" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to set user pool MFA configuration", - "privilege": "SetUserPoolMfaConfig", + "access_level": "List", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "ListInstallationTargets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "userpool*" + "dependent_actions": [ + "codeconnections:GetIndividualAccessToken", + "codeconnections:StartOAuthHandshake" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Sets the user settings like multi-factor authentication (MFA)", - "privilege": "SetUserSettings", + "access_level": "List", + "description": "Grants permission to list repository links", + "privilege": "ListRepositoryLinks", "resource_types": [ { "condition_keys": [], @@ -44971,9 +47170,9 @@ ] }, { - "access_level": "Write", - "description": "Registers the user in the specified user pool and creates a user name, password, and user attributes", - "privilege": "SignUp", + "access_level": "List", + "description": "Grants permission to list repository sync definitions", + "privilege": "ListRepositorySyncDefinitions", "resource_types": [ { "condition_keys": [], @@ -44983,43 +47182,52 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start any user import job", - "privilege": "StartUserImportJob", + "access_level": "List", + "description": "Grants permission to list sync configurations for a repository link", + "privilege": "ListSyncConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop any user import job", - "privilege": "StopUserImportJob", + "access_level": "List", + "description": "Grants permission to the set of key-value pairs that are used to manage the resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a user pool", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", + "privilege": "PassConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool" + "resource_type": "Connection*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "codeconnections:PassedToService" ], "dependent_actions": [], "resource_type": "" @@ -45027,18 +47235,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a user pool", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codeconnections:CreateSyncConfiguration", + "privilege": "PassRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool" + "resource_type": "RepositoryLink*" }, { "condition_keys": [ - "aws:TagKeys" + "codeconnections:PassedToService" ], "dependent_actions": [], "resource_type": "" @@ -45046,91 +47254,124 @@ ] }, { - "access_level": "Write", - "description": "Updates the feedback for the user authentication event", - "privilege": "UpdateAuthEventFeedback", + "access_level": "Read", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "RegisterAppCode", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:HostArn" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Updates the device status", - "privilege": "UpdateDeviceStatus", + "access_level": "Read", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "StartAppRegistrationHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:HostArn" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of any group", - "privilege": "UpdateGroup", + "access_level": "Read", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "StartOAuthHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codeconnections:ProviderType" + ], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of any user pool IdP", - "privilege": "UpdateIdentityProvider", + "access_level": "Tagging", + "description": "Grants permission to add or modify the tags of the given resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the configuration of any OAuth 2.0 resource server", - "privilege": "UpdateResourceServer", - "resource_types": [ + "resource_type": "Connection" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Allows a user to update a specific attribute (one at a time)", - "privilege": "UpdateUserAttributes", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an AWS resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to updates the configuration of user pools", - "privilege": "UpdateUserPool", + "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", + "privilege": "UpdateConnectionInstallation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "userpool*" + "dependent_actions": [ + "codeconnections:GetIndividualAccessToken", + "codeconnections:GetInstallationUrl", + "codeconnections:ListInstallationTargets", + "codeconnections:StartOAuthHandshake" + ], + "resource_type": "Connection*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "codeconnections:InstallationId" ], "dependent_actions": [], "resource_type": "" @@ -45139,32 +47380,32 @@ }, { "access_level": "Write", - "description": "Grants permission to update any user pool client", - "privilege": "UpdateUserPoolClient", + "description": "Grants permission to update a host resource", + "privilege": "UpdateHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "Host*" } ] }, { "access_level": "Write", - "description": "Grants permission to replace the certificate for any custom domain", - "privilege": "UpdateUserPoolDomain", + "description": "Grants permission to update a repository link", + "privilege": "UpdateRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "userpool*" + "resource_type": "RepositoryLink*" } ] }, { "access_level": "Write", - "description": "Registers a user's entered TOTP code and mark the user's software token MFA status as verified if successful", - "privilege": "VerifySoftwareToken", + "description": "Grants permission to update a sync blocker for a resource (cfn stack or other resources)", + "privilege": "UpdateSyncBlocker", "resource_types": [ { "condition_keys": [], @@ -45175,12 +47416,38 @@ }, { "access_level": "Write", - "description": "Verifies a user attribute using a one time verification code", - "privilege": "VerifyUserAttribute", + "description": "Grants permission to update a sync configuration", + "privilege": "UpdateSyncConfiguration", + "resource_types": [ + { + "condition_keys": [ + "codeconnections:Branch" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to use a Connection resource to call provider actions", + "privilege": "UseConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codeconnections:BranchName", + "codeconnections:FullRepositoryId", + "codeconnections:OwnerId", + "codeconnections:ProviderAction", + "codeconnections:ProviderPermissionsRequired", + "codeconnections:RepositoryName" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -45188,415 +47455,381 @@ ], "resources": [ { - "arn": "arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}", + "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:connection/${ConnectionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "userpool" + "resource": "Connection" }, { - "arn": "arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}", - "condition_keys": [], - "resource": "webacl" + "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:host/${HostId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Host" + }, + { + "arn": "arn:${Partition}:codeconnections:${Region}:${Account}:repository-link/${RepositoryLinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RepositoryLink" } ], - "service_name": "Amazon Cognito User Pools" + "service_name": "AWS CodeConnections" }, { - "conditions": [], - "prefix": "cognito-sync", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codedeploy", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to initiate a bulk publish of all existing datasets for an Identity Pool to the configured stream", - "privilege": "BulkPublish", + "access_level": "Tagging", + "description": "Grants permission to add tags to one or more on-premises instances", + "privilege": "AddTagsToOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specific dataset", - "privilege": "DeleteDataset", + "access_level": "Read", + "description": "Grants permission to get information about one or more application revisions", + "privilege": "BatchGetApplicationRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get metadata about a dataset by identity and dataset name", - "privilege": "DescribeDataset", + "description": "Grants permission to get information about multiple applications associated with the IAM user", + "privilege": "BatchGetApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get usage details (for example, data storage) about a particular identity pool", - "privilege": "DescribeIdentityPoolUsage", + "description": "Grants permission to get information about one or more deployment groups", + "privilege": "BatchGetDeploymentGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to get usage information for an identity, including number of datasets and data usage", - "privilege": "DescribeIdentityUsage", + "description": "Grants permission to get information about one or more instance that are part of a deployment group", + "privilege": "BatchGetDeploymentInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the status of the last BulkPublish operation for an identity pool", - "privilege": "GetBulkPublishDetails", + "description": "Grants permission to return an array of one or more targets associated with a deployment. This method works with all compute types and should be used instead of the deprecated BatchGetDeploymentInstances. The maximum number of targets that can be returned is 25", + "privilege": "BatchGetDeploymentTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the events and the corresponding Lambda functions associated with an identity pool", - "privilege": "GetCognitoEvents", + "description": "Grants permission to get information about multiple deployments associated with the IAM user", + "privilege": "BatchGetDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the configuration settings of an identity pool", - "privilege": "GetIdentityPoolConfiguration", + "description": "Grants permission to get information about one or more on-premises instances", + "privilege": "BatchGetOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list datasets for an identity", - "privilege": "ListDatasets", + "access_level": "Write", + "description": "Grants permission to start the process of rerouting traffic from instances in the original environment to instances in thereplacement environment without waiting for a specified wait time to elapse", + "privilege": "ContinueDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of identity pools registered with Cognito", - "privilege": "ListIdentityPoolUsage", + "access_level": "Write", + "description": "Grants permission to create an application associated with the IAM user", + "privilege": "CreateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get paginated records, optionally changed after a particular sync count for a dataset and identity", - "privilege": "ListRecords", + "access_level": "Write", + "description": "Grants permission to create CloudFormation deployment to cooperate ochestration for a CloudFormation stack update", + "privilege": "CreateCloudFormationDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to query records", - "privilege": "QueryRecords", + "access_level": "Write", + "description": "Grants permission to create a deployment for an application associated with the IAM user", + "privilege": "CreateDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to register a device to receive push sync notifications", - "privilege": "RegisterDevice", + "description": "Grants permission to create a custom deployment configuration associated with the IAM user", + "privilege": "CreateDeploymentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identity*" + "resource_type": "deploymentconfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the AWS Lambda function for a given event type for an identity pool", - "privilege": "SetCognitoEvents", + "description": "Grants permission to create a deployment group for an application associated with the IAM user", + "privilege": "CreateDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "deploymentgroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to configure datasets", - "privilege": "SetDatasetConfiguration", + "description": "Grants permission to delete an application associated with the IAM user", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the necessary configuration for push sync", - "privilege": "SetIdentityPoolConfiguration", + "description": "Grants permission to delete a custom deployment configuration associated with the IAM user", + "privilege": "DeleteDeploymentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identitypool*" + "resource_type": "deploymentconfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to subscribe to receive notifications when a dataset is modified by another device", - "privilege": "SubscribeToDataset", + "description": "Grants permission to delete a deployment group for an application associated with the IAM user", + "privilege": "DeleteDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to unsubscribe from receiving notifications when a dataset is modified by another device", - "privilege": "UnsubscribeFromDataset", + "description": "Grants permission to delete a GitHub account connection", + "privilege": "DeleteGitHubAccountToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to post updates to records and add and delete records for a dataset and user", - "privilege": "UpdateRecords", + "description": "Grants permission to delete resources associated with the given external Id", + "privilege": "DeleteResourcesByExternalId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}/dataset/${DatasetName}", - "condition_keys": [], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}", - "condition_keys": [], - "resource": "identity" - }, - { - "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}", - "condition_keys": [], - "resource": "identitypool" - } - ], - "service_name": "Amazon Cognito Sync" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by requiring tag values present in a resource creation request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by requiring tag value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by requiring the presence of mandatory tags in the request", - "type": "ArrayOfString" - }, - { - "condition": "comprehend:DataLakeKmsKey", - "description": "Filters access by the DataLake Kms Key associated with the flywheel resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:FlywheelIterationId", - "description": "Filters access by particular Iteration Id for a flywheel", - "type": "String" - }, - { - "condition": "comprehend:ModelKmsKey", - "description": "Filters access by the model KMS key associated with the resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:OutputKmsKey", - "description": "Filters access by the output KMS key associated with the resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:VolumeKmsKey", - "description": "Filters access by the volume KMS key associated with the resource in the request", - "type": "ARN" - }, - { - "condition": "comprehend:VpcSecurityGroupIds", - "description": "Filters access by the list of all VPC security group ids associated with the resource in the request", - "type": "ArrayOfString" }, { - "condition": "comprehend:VpcSubnets", - "description": "Filters access by the list of all VPC subnets associated with the resource in the request", - "type": "ArrayOfString" - } - ], - "prefix": "comprehend", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to detect the language or languages present in the list of text documents", - "privilege": "BatchDetectDominantLanguage", + "access_level": "Write", + "description": "Grants permission to deregister an on-premises instance", + "privilege": "DeregisterOnPremisesInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given list of text documents", - "privilege": "BatchDetectEntities", + "access_level": "List", + "description": "Grants permission to get information about a single application associated with the IAM user", + "privilege": "GetApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the phrases in the list of text documents that are most indicative of the content", - "privilege": "BatchDetectKeyPhrases", + "access_level": "List", + "description": "Grants permission to get information about a single application revision for an application associated with the IAM user", + "privilege": "GetApplicationRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the sentiment of a text in the list of documents (Positive, Negative, Neutral, or Mixed)", - "privilege": "BatchDetectSentiment", + "access_level": "List", + "description": "Grants permission to get information about a single deployment to a deployment group for an application associated with the IAM user", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a list of text documents", - "privilege": "BatchDetectSyntax", + "access_level": "List", + "description": "Grants permission to get information about a single deployment configuration associated with the IAM user", + "privilege": "GetDeploymentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentconfig*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) within the given list of text documents", - "privilege": "BatchDetectTargetedSentiment", + "access_level": "List", + "description": "Grants permission to get information about a single deployment group for an application associated with the IAM user", + "privilege": "GetDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to create a new document classification request to analyze a single document in real-time, using a previously created and trained custom model and an endpoint", - "privilege": "ClassifyDocument", + "access_level": "List", + "description": "Grants permission to get information about a single instance in a deployment associated with the IAM user", + "privilege": "GetDeploymentInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" + "resource_type": "deploymentgroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to classify the personally identifiable information within given documents in real-time", - "privilege": "ContainsPiiEntities", + "description": "Grants permission to return information about a deployment target", + "privilege": "GetDeploymentTarget", "resource_types": [ { "condition_keys": [], @@ -45606,456 +47839,487 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new dataset within a flywheel", - "privilege": "CreateDataset", + "access_level": "List", + "description": "Grants permission to get information about a single on-premises instance", + "privilege": "GetOnPremisesInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new document classifier that you can use to categorize documents", - "privilege": "CreateDocumentClassifier", + "access_level": "List", + "description": "Grants permission to get information about all application revisions for an application associated with the IAM user", + "privilege": "ListApplicationRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about all applications associated with the IAM user", + "privilege": "ListApplications", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a model-specific endpoint for synchronous inference for a previously trained custom model", - "privilege": "CreateEndpoint", + "access_level": "List", + "description": "Grants permission to get information about all deployment configurations associated with the IAM user", + "privilege": "ListDeploymentConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about all deployment groups for an application associated with the IAM user", + "privilege": "ListDeploymentGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about all instances in a deployment associated with the IAM user", + "privilege": "ListDeploymentInstances", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "deploymentgroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an entity recognizer using submitted files", - "privilege": "CreateEntityRecognizer", + "access_level": "List", + "description": "Grants permission to return an array of target IDs that are associated a deployment", + "privilege": "ListDeploymentTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new flywheel that you can use to train model versions", - "privilege": "CreateFlywheel", + "access_level": "List", + "description": "Grants permission to get information about all deployments to a deployment group associated with the IAM user, or to get all deployments associated with the IAM user", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, + "resource_type": "deploymentgroup*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the names of stored connections to GitHub accounts", + "privilege": "ListGitHubAccountTokenNames", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:DataLakeKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a previously created document classifier", - "privilege": "DeleteDocumentClassifier", + "access_level": "List", + "description": "Grants permission to get a list of one or more on-premises instance names", + "privilege": "ListOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a model-specific endpoint for a previously-trained custom model. All endpoints must be deleted in order for the model to be deleted", - "privilege": "DeleteEndpoint", + "access_level": "List", + "description": "Grants permission to return a list of tags for the resource identified by a specified ARN. Tags are used to organize and categorize your CodeDeploy resources", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" + "resource_type": "application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" + "resource_type": "deploymentgroup" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a submitted entity recognizer", - "privilege": "DeleteEntityRecognizer", + "description": "Grants permission to notify a lifecycle event hook execution status for associated deployment with the IAM user", + "privilege": "PutLifecycleEventHookExecutionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to Delete a flywheel", - "privilege": "DeleteFlywheel", + "description": "Grants permission to register information about an application revision for an application associated with the IAM user", + "privilege": "RegisterApplicationRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove policy on resource", - "privilege": "DeleteResourcePolicy", + "description": "Grants permission to register an on-premises instance", + "privilege": "RegisterOnPremisesInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a dataset", - "privilege": "DescribeDataset", + "access_level": "Tagging", + "description": "Grants permission to remove tags from one or more on-premises instances", + "privilege": "RemoveTagsFromOnPremisesInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel-dataset*" + "resource_type": "instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a document classification job", - "privilege": "DescribeDocumentClassificationJob", + "access_level": "Write", + "description": "Grants permission to override any specified wait time and starts terminating instances immediately after the traffic routing is complete. This action applies to blue-green deployments only", + "privilege": "SkipWaitTimeForInstanceTermination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a document classifier", - "privilege": "DescribeDocumentClassifier", + "access_level": "Write", + "description": "Grants permission to stop a deployment", + "privilege": "StopDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a dominant language detection job", - "privilege": "DescribeDominantLanguageDetectionJob", + "access_level": "Tagging", + "description": "Grants permission to associate the list of tags in the input Tags parameter with the resource identified by the ResourceArn input parameter", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deploymentgroup" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a specific endpoint. Use this operation to get the status of an endpoint", - "privilege": "DescribeEndpoint", + "access_level": "Tagging", + "description": "Grants permission to disassociate a resource from a list of tags. The resource is identified by the ResourceArn input parameter. The tags are identfied by the list of keys in the TagKeys input parameter", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" + "resource_type": "application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" + "resource_type": "deploymentgroup" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with an entities detection job", - "privilege": "DescribeEntitiesDetectionJob", + "access_level": "Write", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide details about an entity recognizer including status, S3 buckets containing training data, recognizer metadata, metrics, and so on", - "privilege": "DescribeEntityRecognizer", + "access_level": "Write", + "description": "Grants permission to change information about a single deployment group for an application associated with the IAM user", + "privilege": "UpdateDeploymentGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "deploymentgroup*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:application:${ApplicationName}", + "condition_keys": [], + "resource": "application" + }, + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentconfig:${DeploymentConfigurationName}", + "condition_keys": [], + "resource": "deploymentconfig" + }, + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:deploymentgroup:${ApplicationName}/${DeploymentGroupName}", + "condition_keys": [], + "resource": "deploymentgroup" }, + { + "arn": "arn:${Partition}:codedeploy:${Region}:${Account}:instance:${InstanceName}", + "condition_keys": [], + "resource": "instance" + } + ], + "service_name": "AWS CodeDeploy" + }, + { + "conditions": [], + "prefix": "codedeploy-commands-secure", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get the properties associated with an Events detection job", - "privilege": "DescribeEventsDetectionJob", + "description": "Grants permission to get deployment specification", + "privilege": "GetDeploymentSpecification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the properties associated with a flywheel", - "privilege": "DescribeFlywheel", + "description": "Grants permission to request host agent commands", + "privilege": "PollHostCommand", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a flywheel iteration for a flywheel", - "privilege": "DescribeFlywheelIteration", + "access_level": "Write", + "description": "Grants permission to mark host agent commands acknowledged", + "privilege": "PutHostCommandAcknowledgement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [ - "comprehend:FlywheelIterationId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a key phrases detection job", - "privilege": "DescribeKeyPhrasesDetectionJob", + "access_level": "Write", + "description": "Grants permission to mark host agent commands completed", + "privilege": "PutHostCommandComplete", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS CodeDeploy secure host commands service" + }, + { + "conditions": [], + "prefix": "codeguru", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get the properties associated with a PII entities detection job", - "privilege": "DescribePiiEntitiesDetectionJob", + "description": "Grants permission to get free trial summary for the CodeGuru service which includes expiration date", + "privilege": "GetCodeGuruFreeTrialSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "Amazon CodeGuru" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to read attached policy on resource", - "privilege": "DescribeResourcePolicy", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codeguru-profiler", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add up to 2 topic ARNs of existing AWS SNS topics to publish notifications", + "privilege": "AddNotificationChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a sentiment detection job", - "privilege": "DescribeSentimentDetectionJob", + "access_level": "List", + "description": "Grants permission to get the frame metric data for a Profiling Group", + "privilege": "BatchGetFrameMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job*" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a targeted sentiment detection job", - "privilege": "DescribeTargetedSentimentDetectionJob", + "access_level": "Write", + "description": "Grants permission to register with the orchestration service and retrieve profiling configuration information, used by agents", + "privilege": "ConfigureAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job*" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with a topic detection job", - "privilege": "DescribeTopicsDetectionJob", + "access_level": "Write", + "description": "Grants permission to create a profiling group", + "privilege": "CreateProfilingGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "topics-detection-job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the language or languages present in the text", - "privilege": "DetectDominantLanguage", + "access_level": "Write", + "description": "Grants permission to delete a profiling group", + "privilege": "DeleteProfilingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given text document", - "privilege": "DetectEntities", + "description": "Grants permission to describe a profiling group", + "privilege": "DescribeProfilingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the phrases in the text that are most indicative of the content", - "privilege": "DetectKeyPhrases", + "description": "Grants permission to get a summary of recent recommendations for each profiling group in the account", + "privilege": "GetFindingsReportAccountSummary", "resource_types": [ { "condition_keys": [], @@ -46066,94 +48330,80 @@ }, { "access_level": "Read", - "description": "Grants permission to detect the personally identifiable information entities (\"Name\", \"SSN\", \"PIN\", etc) within the given text document", - "privilege": "DetectPiiEntities", + "description": "Grants permission to get the notification configuration", + "privilege": "GetNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the sentiment of a text in a document (Positive, Negative, Neutral, or Mixed)", - "privilege": "DetectSentiment", + "description": "Grants permission to get the resource policy associated with the specified Profiling Group", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a text document", - "privilege": "DetectSyntax", + "description": "Grants permission to get aggregated profiles for a specific profiling group", + "privilege": "GetProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) in a document", - "privilege": "DetectTargetedSentiment", + "description": "Grants permission to get recommendations", + "privilege": "GetRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to import a trained Comprehend model", - "privilege": "ImportModel", + "access_level": "List", + "description": "Grants permission to list the available recommendations reports for a specific profiling group", + "privilege": "ListFindingsReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:ModelKmsKey" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the Datasets associated with a flywheel", - "privilege": "ListDatasets", + "access_level": "List", + "description": "Grants permission to list the start times of the available aggregated profiles for a specific profiling group", + "privilege": "ListProfileTimes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the document classification jobs that you have submitted", - "privilege": "ListDocumentClassificationJobs", + "access_level": "List", + "description": "Grants permission to list profiling groups in the account", + "privilege": "ListProfilingGroups", "resource_types": [ { "condition_keys": [], @@ -46163,132 +48413,203 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of summaries of the document classifiers that you have created", - "privilege": "ListDocumentClassifierSummaries", + "access_level": "List", + "description": "Grants permission to list tags for a Profiling Group", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the document classifiers that you have created", - "privilege": "ListDocumentClassifiers", + "access_level": "Write", + "description": "Grants permission to submit a profile collected by an agent belonging to a specific profiling group for aggregation", + "privilege": "PostAgentProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the dominant language detection jobs that you have submitted", - "privilege": "ListDominantLanguageDetectionJobs", + "access_level": "Permissions management", + "description": "Grants permission to update the list of principals allowed for an action group in the resource policy associated with the specified Profiling Group", + "privilege": "PutPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of all existing endpoints that you've created", - "privilege": "ListEndpoints", + "access_level": "Write", + "description": "Grants permission to delete an already configured SNStopic arn from the notification configuration", + "privilege": "RemoveNotificationChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the entity detection jobs that you have submitted", - "privilege": "ListEntitiesDetectionJobs", + "access_level": "Permissions management", + "description": "Grants permission to remove the permission of specified Action Group from the resource policy associated with the specified Profiling Group", + "privilege": "RemovePermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of summaries for the entity recognizers that you have created", - "privilege": "ListEntityRecognizerSummaries", + "access_level": "Write", + "description": "Grants permission to submit user feedback for useful or non useful anomaly", + "privilege": "SubmitFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProfilingGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of the properties of all entity recognizers that you created, including recognizers currently in training", - "privilege": "ListEntityRecognizers", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite tags to a Profiling Group", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ProfilingGroup*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of Events detection jobs that you have submitted", - "privilege": "ListEventsDetectionJobs", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a Profiling Group", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ProfilingGroup*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of iterations associated for a flywheel", - "privilege": "ListFlywheelIterationHistory", + "access_level": "Write", + "description": "Grants permission to update a specific profiling group", + "privilege": "UpdateProfilingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "ProfilingGroup*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeguru-profiler:${Region}:${Account}:profilingGroup/${ProfilingGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ProfilingGroup" + } + ], + "service_name": "Amazon CodeGuru Profiler" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to get a list of the flywheels that you have created", - "privilege": "ListFlywheels", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codeguru-reviewer", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associates a repository with Amazon CodeGuru Reviewer", + "privilege": "AssociateRepository", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "codecommit:GetRepository", + "codecommit:ListRepositories", + "codecommit:TagResource", + "codestar-connections:PassConnection", + "events:PutRule", + "events:PutTargets", + "iam:CreateServiceLinkedRole", + "s3:CreateBucket", + "s3:ListBucket", + "s3:PutBucketPolicy", + "s3:PutLifecycleConfiguration" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of key phrase detection jobs that you have submitted", - "privilege": "ListKeyPhrasesDetectionJobs", + "access_level": "Write", + "description": "Grants permission to create a code review", + "privilege": "CreateCodeReview", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -46296,8 +48617,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get a list of PII entities detection jobs that you have submitted", - "privilege": "ListPiiEntitiesDetectionJobs", + "description": "Grants permission to perform webbased oauth handshake for 3rd party providers", + "privilege": "CreateConnectionToken", "resource_types": [ { "condition_keys": [], @@ -46308,105 +48629,79 @@ }, { "access_level": "Read", - "description": "Grants permission to get a list of sentiment detection jobs that you have submitted", - "privilege": "ListSentimentDetectionJobs", + "description": "Grants permission to describe a code review", + "privilege": "DescribeCodeReview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe a recommendation feedback on a code review", + "privilege": "DescribeRecommendationFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dominant-language-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "events-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel-dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key-phrases-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pii-entities-detection-job" + "resource_type": "association*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "sentiment-detection-job" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a repository association", + "privilege": "DescribeRepositoryAssociation", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job" + "resource_type": "association*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "topics-detection-job" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of targeted sentiment detection jobs that you have submitted", - "privilege": "ListTargetedSentimentDetectionJobs", + "access_level": "Write", + "description": "Grants permission to disassociate a repository with Amazon CodeGuru Reviewer", + "privilege": "DisassociateRepository", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codecommit:UntagResource", + "events:DeleteRule", + "events:RemoveTargets" + ], + "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -46414,8 +48709,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get a list of the topic detection jobs that you have submitted", - "privilege": "ListTopicsDetectionJobs", + "description": "Grants permission to view pull request metrics in console", + "privilege": "GetMetricsData", "resource_types": [ { "condition_keys": [], @@ -46425,50 +48720,30 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to attach policy to resource", - "privilege": "PutResourcePolicy", + "access_level": "List", + "description": "Grants permission to list summary of code reviews", + "privilege": "ListCodeReviews", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous document classification job", - "privilege": "StartDocumentClassificationJob", + "access_level": "List", + "description": "Grants permission to list summary of recommendation feedback on a code review", + "privilege": "ListRecommendationFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -46476,23 +48751,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous dominant language detection job for a collection of documents", - "privilege": "StartDominantLanguageDetectionJob", + "access_level": "List", + "description": "Grants permission to list summary of recommendations on a code review", + "privilege": "ListRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -46500,54 +48770,30 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous entity detection job for a collection of documents", - "privilege": "StartEntitiesDetectionJob", + "access_level": "List", + "description": "Grants permission to list summary of repository associations", + "privilege": "ListRepositoryAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous Events detection job for a collection of documents", - "privilege": "StartEventsDetectionJob", + "access_level": "List", + "description": "Grants permission to list the resource attached to a associated repository ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:OutputKmsKey" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -46555,35 +48801,30 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a flywheel iteration for a flywheel", - "privilege": "StartFlywheelIteration", + "access_level": "Read", + "description": "Grants permission to list 3rd party providers repositories in console", + "privilege": "ListThirdPartyRepositories", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous key phrase detection job for a collection of documents", - "privilege": "StartKeyPhrasesDetectionJob", + "description": "Grants permission to put feedback for a recommendation on a code review", + "privilege": "PutRecommendationFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -46591,20 +48832,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous PII entities detection job for a collection of documents", - "privilege": "StartPiiEntitiesDetectionJob", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to an associated repository ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job*" + "resource_type": "association*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:OutputKmsKey" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -46612,71 +48852,87 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous sentiment detection job for a collection of documents", - "privilege": "StartSentimentDetectionJob", + "access_level": "Tagging", + "description": "Grants permission to disassociate resource tags from an associated repository ARN", + "privilege": "UnTagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job*" + "resource_type": "association*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "association" }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous targeted sentiment detection job for a collection of documents", - "privilege": "StartTargetedSentimentDetectionJob", + "arn": "arn:${Partition}:codeguru-reviewer:${Region}:${Account}:association:${ResourceId}:codereview:${CodeReviewId}", + "condition_keys": [], + "resource": "codereview" + } + ], + "service_name": "Amazon CodeGuru Reviewer" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codeguru-security", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to batch retrieve specific findings generated by CodeGuru Security", + "privilege": "BatchGetFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ScanName*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous job to detect the most common topics in the collection of documents and the phrases associated with each topic", - "privilege": "StartTopicsDetectionJob", + "description": "Grants permission to create a CodeGuru Security scan", + "privilege": "CreateScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topics-detection-job*" + "resource_type": "ScanName*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys", - "comprehend:VolumeKmsKey", - "comprehend:OutputKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -46685,197 +48941,153 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a dominant language detection job", - "privilege": "StopDominantLanguageDetectionJob", + "description": "Grants permission to generate a presigned url for uploading code archives", + "privilege": "CreateUploadUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dominant-language-detection-job*" + "resource_type": "ScanName*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an entity detection job", - "privilege": "StopEntitiesDetectionJob", + "description": "Grants permission to delete all the scans and related findings from CodeGuru Security by given category", + "privilege": "DeleteScansByCategory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entities-detection-job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an Events detection job", - "privilege": "StopEventsDetectionJob", + "access_level": "Read", + "description": "Grants permission to retrieve the account level configurations", + "privilege": "GetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events-detection-job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a key phrase detection job", - "privilege": "StopKeyPhrasesDetectionJob", + "access_level": "List", + "description": "Grants permission to retrieve findings for a scan generated by CodeGuru Security", + "privilege": "GetFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key-phrases-detection-job*" + "resource_type": "ScanName*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a PII entities detection job", - "privilege": "StopPiiEntitiesDetectionJob", + "access_level": "Read", + "description": "Grants permission to retrieve AWS accout level metrics summary generated by CodeGuru Security", + "privilege": "GetMetricsSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pii-entities-detection-job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a sentiment detection job", - "privilege": "StopSentimentDetectionJob", + "access_level": "Read", + "description": "Grants permission to retrieve CodeGuru Security scan metadata", + "privilege": "GetScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sentiment-detection-job*" + "resource_type": "ScanName*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a targeted sentiment detection job", - "privilege": "StopTargetedSentimentDetectionJob", + "access_level": "List", + "description": "Grants permission to retrieve findings generated by CodeGuru Security", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a previously created document classifier training job", - "privilege": "StopTrainingDocumentClassifier", + "access_level": "List", + "description": "Grants permission to retrieve a list of account level findings metrics within a date range", + "privilege": "ListFindingsMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a previously created entity recognizer training job", - "privilege": "StopTrainingEntityRecognizer", + "access_level": "List", + "description": "Grants permission to retrieve list of CodeGuru Security scan metadata", + "privilege": "ListScans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-recognizer*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource with given key value pairs", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve a list of tags for a scan name ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job" + "resource_type": "ScanName*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "document-classifier" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to a scan name ARN", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classifier-endpoint" + "resource_type": "ScanName*" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dominant-language-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "events-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel-dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key-phrases-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pii-entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sentiment-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "topics-detection-job" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -46883,83 +49095,13 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource with given key", + "description": "Grants permission to remove tags from a scan name ARN", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "document-classification-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dominant-language-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "events-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel-dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key-phrases-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pii-entities-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sentiment-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "targeted-sentiment-detection-job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "topics-detection-job" + "resource_type": "ScanName*" }, { "condition_keys": [ @@ -46972,54 +49114,12 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about the specified endpoint", - "privilege": "UpdateEndpoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer-endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "flywheel" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to Update a flywheel's configuration", - "privilege": "UpdateFlywheel", + "description": "Grants permission to update the account level configurations", + "privilege": "UpdateAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "flywheel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "document-classifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-recognizer" - }, - { - "condition_keys": [ - "comprehend:VolumeKmsKey", - "comprehend:ModelKmsKey", - "comprehend:VpcSecurityGroupIds", - "comprehend:VpcSubnets" - ], - "dependent_actions": [], "resource_type": "" } ] @@ -47027,127 +49127,39 @@ ], "resources": [ { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:targeted-sentiment-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "targeted-sentiment-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier/${DocumentClassifierName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "document-classifier" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier-endpoint/${DocumentClassifierEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "document-classifier-endpoint" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer/${EntityRecognizerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity-recognizer" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer-endpoint/${EntityRecognizerEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity-recognizer-endpoint" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:dominant-language-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dominant-language-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entities-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entities-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:pii-entities-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pii-entities-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:events-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "events-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:key-phrases-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "key-phrases-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:sentiment-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "sentiment-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:topics-detection-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "topics-detection-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classification-job/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "document-classification-job" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "flywheel" - }, - { - "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}/dataset/${DatasetName}", + "arn": "arn:${Partition}:codeguru-security:${Region}:${Account}:scans/${ScanName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "flywheel-dataset" + "resource": "ScanName" } ], - "service_name": "Amazon Comprehend" + "service_name": "Amazon CodeGuru Security" }, { "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters actions based on the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "comprehendmedical", + "prefix": "codepipeline", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to describe the properties of a medical entity detection job that you have submitted", - "privilege": "DescribeEntitiesDetectionV2Job", + "access_level": "Write", + "description": "Grants permission to view information about a specified job and whether that job has been received by the job worker", + "privilege": "AcknowledgeJob", "resource_types": [ { "condition_keys": [], @@ -47157,9 +49169,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe the properties of an ICD-10-CM linking job that you have submitted", - "privilege": "DescribeICD10CMInferenceJob", + "access_level": "Write", + "description": "Grants permission to confirm that a job worker has received the specified job (partner actions only)", + "privilege": "AcknowledgeThirdPartyJob", "resource_types": [ { "condition_keys": [], @@ -47169,105 +49181,121 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe the properties of a PHI entity detection job that you have submitted", - "privilege": "DescribePHIDetectionJob", + "access_level": "Write", + "description": "Grants permission to create a custom action that you can use in the pipelines associated with your AWS account", + "privilege": "CreateCustomActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "actiontype*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the properties of an RxNorm linking job that you have submitted", - "privilege": "DescribeRxNormInferenceJob", + "access_level": "Write", + "description": "Grants permission to create a uniquely named pipeline", + "privilege": "CreatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the properties of a SNOMED-CT linking job that you have submitted", - "privilege": "DescribeSNOMEDCTInferenceJob", + "access_level": "Write", + "description": "Grants permission to delete a custom action", + "privilege": "DeleteCustomActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "actiontype*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the named medical entities, and their relationships and traits within the given text document", - "privilege": "DetectEntitiesV2", + "access_level": "Write", + "description": "Grants permission to delete a specified pipeline", + "privilege": "DeletePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the protected health information (PHI) entities within the given text document", - "privilege": "DetectPHI", + "access_level": "Write", + "description": "Grants permission to delete a specified webhook", + "privilege": "DeleteWebhook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webhook*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the medical condition entities within the given text document and link them to ICD-10-CM codes", - "privilege": "InferICD10CM", + "access_level": "Write", + "description": "Grants permission to remove the registration of a webhook with the third party specified in its configuration", + "privilege": "DeregisterWebhookWithThirdParty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webhook*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the medication entities within the given text document and link them to RxCUI concept identifiers from the National Library of Medicine RxNorm database", - "privilege": "InferRxNorm", + "access_level": "Write", + "description": "Grants permission to prevent revisions from transitioning to the next stage in a pipeline", + "privilege": "DisableStageTransition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stage*" } ] }, { - "access_level": "Read", - "description": "Grants permission to detect the medical condition, anatomy, and test, treatment, and procedure entities within the given text document and link them to SNOMED-CT codes", - "privilege": "InferSNOMEDCT", + "access_level": "Write", + "description": "Grants permission to allow revisions to transition to the next stage in a pipeline", + "privilege": "EnableStageTransition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stage*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the medical entity detection jobs that you have submitted", - "privilege": "ListEntitiesDetectionV2Jobs", + "description": "Grants permission to view information about an action type", + "privilege": "GetActionType", "resource_types": [ { "condition_keys": [], @@ -47278,8 +49306,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list the ICD-10-CM linking jobs that you have submitted", - "privilege": "ListICD10CMInferenceJobs", + "description": "Grants permission to view information about a job (custom actions only)", + "privilege": "GetJobDetails", "resource_types": [ { "condition_keys": [], @@ -47290,44 +49318,44 @@ }, { "access_level": "Read", - "description": "Grants permission to list the PHI entity detection jobs that you have submitted", - "privilege": "ListPHIDetectionJobs", + "description": "Grants permission to retrieve information about a pipeline structure", + "privilege": "GetPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the RxNorm linking jobs that you have submitted", - "privilege": "ListRxNormInferenceJobs", + "description": "Grants permission to view information about an execution of a pipeline, including details about artifacts, the pipeline execution ID, and the name, version, and status of the pipeline", + "privilege": "GetPipelineExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the SNOMED-CT linking jobs that you have submitted", - "privilege": "ListSNOMEDCTInferenceJobs", + "description": "Grants permission to view information about the current state of the stages and actions of a pipeline", + "privilege": "GetPipelineState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous medical entity detection job for a collection of documents", - "privilege": "StartEntitiesDetectionV2Job", + "access_level": "Read", + "description": "Grants permission to view the details of a job for a third-party action (partner actions only)", + "privilege": "GetThirdPartyJobDetails", "resource_types": [ { "condition_keys": [], @@ -47337,21 +49365,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous ICD-10-CM linking job for a collection of documents", - "privilege": "StartICD10CMInferenceJob", + "access_level": "Read", + "description": "Grants permission to list the action executions that have occurred in a pipeline", + "privilege": "ListActionExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous PHI entity detection job for a collection of documents", - "privilege": "StartPHIDetectionJob", + "access_level": "Read", + "description": "Grants permission to list a summary of all the action types available for pipelines in your account", + "privilege": "ListActionTypes", "resource_types": [ { "condition_keys": [], @@ -47361,21 +49389,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous RxNorm linking job for a collection of documents", - "privilege": "StartRxNormInferenceJob", + "access_level": "List", + "description": "Grants permission to list a summary of the most recent executions for a pipeline", + "privilege": "ListPipelineExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an asynchronous SNOMED-CT linking job for a collection of documents", - "privilege": "StartSNOMEDCTInferenceJob", + "access_level": "List", + "description": "Grants permission to list a summary of all the pipelines associated with your AWS account", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], @@ -47385,45 +49413,55 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a medical entity detection job", - "privilege": "StopEntitiesDetectionV2Job", + "access_level": "Read", + "description": "Grants permission to list tags for a CodePipeline resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "actiontype" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhook" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an ICD-10-CM linking job", - "privilege": "StopICD10CMInferenceJob", + "access_level": "List", + "description": "Grants permission to list all of the webhooks associated with your AWS account", + "privilege": "ListWebhooks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webhook*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a PHI entity detection job", - "privilege": "StopPHIDetectionJob", + "description": "Grants permission to view information about any jobs for CodePipeline to act on", + "privilege": "PollForJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "actiontype*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an RxNorm linking job", - "privilege": "StopRxNormInferenceJob", + "description": "Grants permission to determine whether there are any third-party jobs for a job worker to act on (partner actions only)", + "privilege": "PollForThirdPartyJobs", "resource_types": [ { "condition_keys": [], @@ -47434,51 +49472,32 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a SNOMED-CT linking job", - "privilege": "StopSNOMEDCTInferenceJob", + "description": "Grants permission to edit actions in a pipeline", + "privilege": "PutActionRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "action*" } ] - } - ], - "resources": [], - "service_name": "Amazon Comprehend Medical" - }, - { - "conditions": [ - { - "condition": "compute-optimizer:ResourceType", - "description": "Filters access by the resource type", - "type": "String" - } - ], - "prefix": "compute-optimizer", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to delete recommendation preferences", - "privilege": "DeleteRecommendationPreferences", + "description": "Grants permission to provide a response (Approved or Rejected) to a manual approval request in CodePipeline", + "privilege": "PutApprovalResult", "resource_types": [ { - "condition_keys": [ - "compute-optimizer:ResourceType" - ], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "ec2:DescribeInstances" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "action*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the status of recommendation export jobs", - "privilege": "DescribeRecommendationExportJobs", + "access_level": "Write", + "description": "Grants permission to represent the failure of a job as returned to the pipeline by a job worker (custom actions only)", + "privilege": "PutJobFailureResult", "resource_types": [ { "condition_keys": [], @@ -47489,229 +49508,166 @@ }, { "access_level": "Write", - "description": "Grants permission to export AutoScaling group recommendations to S3 for the provided accounts", - "privilege": "ExportAutoScalingGroupRecommendations", + "description": "Grants permission to represent the success of a job as returned to the pipeline by a job worker (custom actions only)", + "privilege": "PutJobSuccessResult", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "compute-optimizer:GetAutoScalingGroupRecommendations" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export EBS volume recommendations to S3 for the provided accounts", - "privilege": "ExportEBSVolumeRecommendations", + "description": "Grants permission to represent the failure of a third-party job as returned to the pipeline by a job worker (partner actions only)", + "privilege": "PutThirdPartyJobFailureResult", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetEBSVolumeRecommendations", - "ec2:DescribeVolumes" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export EC2 instance recommendations to S3 for the provided accounts", - "privilege": "ExportEC2InstanceRecommendations", + "description": "Grants permission to represent the success of a third-party job as returned to the pipeline by a job worker (partner actions only)", + "privilege": "PutThirdPartyJobSuccessResult", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetEC2InstanceRecommendations", - "ec2:DescribeInstances" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export ECS service recommendations to S3 for the provided accounts", - "privilege": "ExportECSServiceRecommendations", + "description": "Grants permission to create or update a webhook", + "privilege": "PutWebhook", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetECSServiceRecommendations", - "ecs:ListClusters", - "ecs:ListServices" + "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "webhook*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export Lambda function recommendations to S3 for the provided accounts", - "privilege": "ExportLambdaFunctionRecommendations", + "description": "Grants permission to register a webhook with the third party specified in its configuration", + "privilege": "RegisterWebhookWithThirdParty", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "compute-optimizer:GetLambdaFunctionRecommendations", - "lambda:ListFunctions", - "lambda:ListProvisionedConcurrencyConfigs" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "webhook*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided AutoScaling groups", - "privilege": "GetAutoScalingGroupRecommendations", + "access_level": "Write", + "description": "Grants permission to resume the pipeline execution by retrying the last failed actions in a stage", + "privilege": "RetryStageExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "stage*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided EBS volumes", - "privilege": "GetEBSVolumeRecommendations", + "access_level": "Write", + "description": "Grants permission to run the most recent revision through the pipeline", + "privilege": "StartPipelineExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeVolumes" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided EC2 instances", - "privilege": "GetEC2InstanceRecommendations", + "access_level": "Write", + "description": "Grants permission to stop an in-progress pipeline execution", + "privilege": "StopPipelineExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeInstances" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the recommendation projected metrics of the specified instance", - "privilege": "GetEC2RecommendationProjectedMetrics", + "access_level": "Tagging", + "description": "Grants permission to tag a CodePipeline resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeInstances" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get the recommendation projected metrics of the specified ECS service", - "privilege": "GetECSServiceRecommendationProjectedMetrics", - "resource_types": [ + "dependent_actions": [], + "resource_type": "actiontype" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided ECS services", - "privilege": "GetECSServiceRecommendations", - "resource_types": [ + "resource_type": "pipeline" + }, { "condition_keys": [], - "dependent_actions": [ - "ecs:ListClusters", - "ecs:ListServices" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get recommendation preferences that are in effect", - "privilege": "GetEffectiveRecommendationPreferences", - "resource_types": [ + "dependent_actions": [], + "resource_type": "webhook" + }, { "condition_keys": [ - "compute-optimizer:ResourceType" - ], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "ec2:DescribeInstances" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get the enrollment status for the specified account", - "privilege": "GetEnrollmentStatus", + "access_level": "Tagging", + "description": "Grants permission to remove a tag from a CodePipeline resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get the enrollment statuses for member accounts of the organization", - "privilege": "GetEnrollmentStatusesForOrganization", - "resource_types": [ + "resource_type": "actiontype" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get recommendations for the provided Lambda functions", - "privilege": "GetLambdaFunctionRecommendations", - "resource_types": [ + "resource_type": "pipeline" + }, { "condition_keys": [], - "dependent_actions": [ - "lambda:ListFunctions", - "lambda:ListProvisionedConcurrencyConfigs" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get recommendation preferences", - "privilege": "GetRecommendationPreferences", - "resource_types": [ + "dependent_actions": [], + "resource_type": "webhook" + }, { "condition_keys": [ - "compute-optimizer:ResourceType" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -47719,90 +49675,116 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get the recommendation summaries for the specified account(s)", - "privilege": "GetRecommendationSummaries", + "access_level": "Write", + "description": "Grants permission to update an action type", + "privilege": "UpdateActionType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to put recommendation preferences", - "privilege": "PutRecommendationPreferences", - "resource_types": [ - { - "condition_keys": [ - "compute-optimizer:ResourceType" - ], - "dependent_actions": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "ec2:DescribeInstances" - ], - "resource_type": "" + "resource_type": "actiontype*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the enrollment status", - "privilege": "UpdateEnrollmentStatus", + "description": "Grants permission to update a pipeline with changes to the structure of the pipeline", + "privilege": "UpdatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] } ], - "resources": [], - "service_name": "AWS Compute Optimizer" + "resources": [ + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}/${ActionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "action" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${Owner}/${Category}/${Provider}/${Version}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "actiontype" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}/${StageName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stage" + }, + { + "arn": "arn:${Partition}:codepipeline:${Region}:${Account}:webhook:${WebhookName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "webhook" + } + ], + "service_name": "AWS CodePipeline" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the tags", + "description": "Filters access by requests based on the allowed set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource", + "description": "Filters access by actions based on tag-value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", + "description": "Filters access by requests based on the presence of mandatory tags in the request", "type": "ArrayOfString" + }, + { + "condition": "iam:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag-value associated with the resource", + "type": "String" } ], - "prefix": "config", + "prefix": "codestar", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to return the current configuration items for resources that are present in your AWS Config aggregator", - "privilege": "BatchGetAggregateResourceConfig", + "access_level": "Permissions management", + "description": "Grants permission to add a user to the team for an AWS CodeStar project", + "privilege": "AssociateTeamMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the current configuration for one or more requested resources", - "privilege": "BatchGetResourceConfig", + "access_level": "Permissions management", + "description": "Grants permission to create a project with minimal structure, customer policies, and no resources", + "privilege": "CreateProject", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -47810,68 +49792,68 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the authorization granted to the specified configuration aggregator account in a specified region", - "privilege": "DeleteAggregationAuthorization", + "description": "Grants permission to create a profile for a user that includes user preferences, display name, and email", + "privilege": "CreateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified AWS Config rule and all of its evaluation results", - "privilege": "DeleteConfigRule", + "description": "Grants permission to extended delete APIs", + "privilege": "DeleteExtendedAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified configuration aggregator and the aggregated data associated with the aggregator", - "privilege": "DeleteConfigurationAggregator", + "access_level": "Permissions management", + "description": "Grants permission to delete a project, including project resources. Does not delete users associated with the project, but does delete the IAM roles that allowed access to the project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the configuration recorder", - "privilege": "DeleteConfigurationRecorder", + "description": "Grants permission to delete a user profile in AWS CodeStar, including all personal preference data associated with that profile, such as display name and email address. It does not delete the history of that user, for example the history of commits made by that user", + "privilege": "DeleteUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified conformance pack and all the AWS Config rules and all evaluation results within that conformance pack", - "privilege": "DeleteConformancePack", + "access_level": "Read", + "description": "Grants permission to describe a project and its resources", + "privilege": "DescribeProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the delivery channel", - "privilege": "DeleteDeliveryChannel", + "access_level": "Read", + "description": "Grants permission to describe a user in AWS CodeStar and the user attributes across all projects", + "privilege": "DescribeUserProfile", "resource_types": [ { "condition_keys": [], @@ -47881,45 +49863,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the evaluation results for the specified Config rule", - "privilege": "DeleteEvaluationResults", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified organization config rule and all of its evaluation results from all member accounts in that organization", - "privilege": "DeleteOrganizationConfigRule", + "access_level": "Permissions management", + "description": "Grants permission to remove a user from a project. Removing a user from a project also removes the IAM policies from that user that allowed access to the project and its resources", + "privilege": "DisassociateTeamMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified organization conformance pack and all of its evaluation results from all member accounts in that organization", - "privilege": "DeleteOrganizationConformancePack", + "access_level": "Read", + "description": "Grants permission to extended read APIs", + "privilege": "GetExtendedAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConformancePack*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete pending authorization requests for a specified aggregator account in a specified region", - "privilege": "DeletePendingAggregationRequest", + "access_level": "List", + "description": "Grants permission to list all projects in CodeStar associated with your AWS account", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], @@ -47929,45 +49899,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the remediation configuration", - "privilege": "DeleteRemediationConfiguration", + "access_level": "List", + "description": "Grants permission to list all resources associated with a project in CodeStar", + "privilege": "ListResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RemediationConfiguration*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete one or more remediation exceptions for specific resource keys for a specific AWS Config Rule", - "privilege": "DeleteRemediationExceptions", + "access_level": "List", + "description": "Grants permission to list the tags associated with a project in CodeStar", + "privilege": "ListTagsForProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to record the configuration state for a custom resource that has been deleted", - "privilege": "DeleteResourceConfig", + "access_level": "List", + "description": "Grants permission to list all team members associated with a project", + "privilege": "ListTeamMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the retention configuration", - "privilege": "DeleteRetentionConfiguration", + "access_level": "List", + "description": "Grants permission to list user profiles in AWS CodeStar", + "privilege": "ListUserProfiles", "resource_types": [ { "condition_keys": [], @@ -47978,200 +49948,319 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the stored query for an AWS account in an AWS Region", - "privilege": "DeleteStoredQuery", + "description": "Grants permission to extended write APIs", + "privilege": "PutExtendedAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to schedule delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel", - "privilege": "DeliverConfigSnapshot", + "access_level": "Tagging", + "description": "Grants permission to add tags to a project in CodeStar", + "privilege": "TagProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules", - "privilege": "DescribeAggregateComplianceByConfigRules", - "resource_types": [ + "resource_type": "project*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list of compliant and noncompliant conformance packs along with count of compliant, non-compliant and total rules within each conformance pack", - "privilege": "DescribeAggregateComplianceByConformancePacks", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a project in CodeStar", + "privilege": "UntagProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a list of authorizations granted to various aggregator accounts and regions", - "privilege": "DescribeAggregationAuthorizations", - "resource_types": [ + "resource_type": "project*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to indicate whether the specified AWS Config rules are compliant", - "privilege": "DescribeComplianceByConfigRule", + "access_level": "Write", + "description": "Grants permission to update a project in CodeStar", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to indicate whether the specified AWS resources are compliant", - "privilege": "DescribeComplianceByResource", + "access_level": "Permissions management", + "description": "Grants permission to update team member attributes within a CodeStar project", + "privilege": "UpdateTeamMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return status information for each of your AWS managed Config rules", - "privilege": "DescribeConfigRuleEvaluationStatus", + "access_level": "Write", + "description": "Grants permission to update a profile for a user that includes user preferences, display name, and email", + "privilege": "UpdateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "user*" } ] }, { "access_level": "List", - "description": "Grants permission to return details about your AWS Config rules", - "privilege": "DescribeConfigRules", + "description": "Grants permission to verify whether the AWS CodeStar service role exists in the customer's account", + "privilege": "VerifyServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codestar:${Region}:${Account}:project/${ProjectId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" }, { - "access_level": "Read", - "description": "Grants permission to return status information for sources within an aggregator", - "privilege": "DescribeConfigurationAggregatorSourcesStatus", + "arn": "arn:${Partition}:iam::${Account}:user/${AwsUserName}", + "condition_keys": [ + "iam:ResourceTag/${TagKey}" + ], + "resource": "user" + } + ], + "service_name": "AWS CodeStar" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "codestar-connections:Branch", + "description": "Filters access by the branch name that is passed in the request", + "type": "String" + }, + { + "condition": "codestar-connections:BranchName", + "description": "Filters access by the branch name that is passed in the request. Applies only to UseConnection requests for access to a specific repository branch", + "type": "String" + }, + { + "condition": "codestar-connections:FullRepositoryId", + "description": "Filters access by the repository that is passed in the request. Applies only to UseConnection requests for access to a specific repository", + "type": "String" + }, + { + "condition": "codestar-connections:HostArn", + "description": "Filters access by the host resource associated with the connection used in the request", + "type": "ARN" + }, + { + "condition": "codestar-connections:InstallationId", + "description": "Filters access by the third-party ID (such as the Bitbucket App installation ID for CodeStar Connections) that is used to update a Connection. Allows you to restrict which third-party App installations can be used to make a Connection", + "type": "String" + }, + { + "condition": "codestar-connections:OwnerId", + "description": "Filters access by the owner of the third-party repository. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + }, + { + "condition": "codestar-connections:PassedToService", + "description": "Filters access by the service to which the principal is allowed to pass a Connection or RepositoryLink", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderAction", + "description": "Filters access by the provider action in a UseConnection request such as ListRepositories. See documentation for all valid values", + "type": "ArrayOfString" + }, + { + "condition": "codestar-connections:ProviderPermissionsRequired", + "description": "Filters access by the write permissions of a provider action in a UseConnection request. Valid types include read_only and read_write", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderType", + "description": "Filters access by the type of third-party provider passed in the request", + "type": "String" + }, + { + "condition": "codestar-connections:ProviderTypeFilter", + "description": "Filters access by the type of third-party provider used to filter results", + "type": "String" + }, + { + "condition": "codestar-connections:RepositoryName", + "description": "Filters access by the repository name that is passed in the request. Applies only to UseConnection requests for access to repositories owned by a specific user", + "type": "String" + } + ], + "prefix": "codestar-connections", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a Connection resource", + "privilege": "CreateConnection", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-connections:ProviderType" + ], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more configuration aggregators", - "privilege": "DescribeConfigurationAggregators", + "access_level": "Write", + "description": "Grants permission to create a host resource", + "privilege": "CreateHost", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-connections:ProviderType" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the current status of the specified configuration recorder", - "privilege": "DescribeConfigurationRecorderStatus", + "access_level": "Write", + "description": "Grants permission to create a repository link", + "privilege": "CreateRepositoryLink", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codestar-connections:PassConnection", + "codestar-connections:UseConnection" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the names of one or more specified configuration recorders", - "privilege": "DescribeConfigurationRecorders", + "access_level": "Write", + "description": "Grants permission to create a template sync config", + "privilege": "CreateSyncConfiguration", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codestar-connections:PassRepository", + "iam:PassRole" + ], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codestar-connections:Branch" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return compliance information for each rule in that conformance pack", - "privilege": "DescribeConformancePackCompliance", + "access_level": "Write", + "description": "Grants permission to delete a Connection resource", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "Connection*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide one or more conformance packs deployment status", - "privilege": "DescribeConformancePackStatus", + "access_level": "Write", + "description": "Grants permission to delete a host resource", + "privilege": "DeleteHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "Host*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of one or more conformance packs", - "privilege": "DescribeConformancePacks", + "access_level": "Write", + "description": "Grants permission to delete a repository link", + "privilege": "DeleteRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the current status of the specified delivery channel", - "privilege": "DescribeDeliveryChannelStatus", + "access_level": "Write", + "description": "Grants permission to delete a sync configuration", + "privilege": "DeleteSyncConfiguration", "resource_types": [ { "condition_keys": [], @@ -48181,93 +50270,106 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return details about the specified delivery channel", - "privilege": "DescribeDeliveryChannels", + "access_level": "Read", + "description": "Grants permission to get details about a Connection resource", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Connection*" } ] }, { "access_level": "Read", - "description": "Grants permission to provide organization config rule deployment status for an organization", - "privilege": "DescribeOrganizationConfigRuleStatuses", + "description": "Grants permission to get details about a host resource", + "privilege": "GetHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "Host*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of organization config rules", - "privilege": "DescribeOrganizationConfigRules", + "access_level": "Read", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetIndividualAccessToken", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "condition_keys": [ + "codestar-connections:ProviderType" + ], + "dependent_actions": [ + "codestar-connections:StartOAuthHandshake" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to provide organization conformance pack deployment status for an organization", - "privilege": "DescribeOrganizationConformancePackStatuses", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "GetInstallationUrl", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:ProviderType" + ], "dependent_actions": [], - "resource_type": "OrganizationConformancePack*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of organization conformance packs", - "privilege": "DescribeOrganizationConformancePacks", + "access_level": "Read", + "description": "Grants permission to describe a repository link", + "privilege": "GetRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConformancePack*" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of all pending aggregation requests", - "privilege": "DescribePendingAggregationRequests", + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a repository", + "privilege": "GetRepositorySyncStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codestar-connections:Branch" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more remediation configurations", - "privilege": "DescribeRemediationConfigurations", + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a resource (cfn stack or other resources)", + "privilege": "GetResourceSyncStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RemediationConfiguration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the details of one or more remediation exceptions", - "privilege": "DescribeRemediationExceptions", + "access_level": "Read", + "description": "Grants permission to describe service sync blockers on a resource (cfn stack or other resources)", + "privilege": "GetSyncBlockerSummary", "resource_types": [ { "condition_keys": [], @@ -48278,131 +50380,169 @@ }, { "access_level": "Read", - "description": "Grants permission to provide a detailed view of a Remediation Execution for a set of resources including state, timestamps and any error messages for steps that have failed", - "privilege": "DescribeRemediationExecutionStatus", + "description": "Grants permission to describe a sync configuration", + "privilege": "GetSyncConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RemediationConfiguration*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return the details of one or more retention configurations", - "privilege": "DescribeRetentionConfigurations", + "description": "Grants permission to list Connection resources", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:ProviderTypeFilter" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the evaluation results for the specified AWS Config rule for a specific resource in a rule", - "privilege": "GetAggregateComplianceDetailsByConfigRule", + "access_level": "List", + "description": "Grants permission to list host resources", + "privilege": "ListHosts", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:ProviderTypeFilter" + ], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator", - "privilege": "GetAggregateConfigRuleComplianceSummary", + "access_level": "List", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "ListInstallationTargets", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "dependent_actions": [ + "codestar-connections:GetIndividualAccessToken", + "codestar-connections:StartOAuthHandshake" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the number of compliant and noncompliant conformance packs for one or more accounts and regions in an aggregator", - "privilege": "GetAggregateConformancePackComplianceSummary", + "access_level": "List", + "description": "Grants permission to list repository links", + "privilege": "ListRepositoryLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the resource counts across accounts and regions that are present in your AWS Config aggregator", - "privilege": "GetAggregateDiscoveredResourceCounts", + "access_level": "List", + "description": "Grants permission to list repository sync definitions", + "privilege": "ListRepositorySyncDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return configuration item that is aggregated for your specific resource in a specific source account and region", - "privilege": "GetAggregateResourceConfig", + "access_level": "List", + "description": "Grants permission to list sync configurations for a repository link", + "privilege": "ListSyncConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the evaluation results for the specified AWS Config rule", - "privilege": "GetComplianceDetailsByConfigRule", + "access_level": "List", + "description": "Grants permission to the set of key-value pairs that are used to manage the resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" } ] }, { "access_level": "Read", - "description": "Grants permission to return the evaluation results for the specified AWS resource", - "privilege": "GetComplianceDetailsByResource", + "description": "Grants permission to pass a Connection resource to an AWS service that accepts a Connection ARN as input, such as codepipeline:CreatePipeline", + "privilege": "PassConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:PassedToService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each", - "privilege": "GetComplianceSummaryByConfigRule", + "description": "Grants permission to pass a repository link resource to an AWS service that accepts a RepositoryLinkId as input, such as codestar-connections:CreateSyncConfiguration", + "privilege": "PassRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "RepositoryLink*" + }, + { + "condition_keys": [ + "codestar-connections:PassedToService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the number of resources that are compliant and the number that are noncompliant", - "privilege": "GetComplianceSummaryByResourceType", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "RegisterAppCode", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:HostArn" + ], "dependent_actions": [], "resource_type": "" } @@ -48410,92 +50550,143 @@ }, { "access_level": "Read", - "description": "Grants permission to return compliance details of a conformance pack for all AWS resources that are monitered by conformance pack", - "privilege": "GetConformancePackComplianceDetails", + "description": "Grants permission to associate a third party server, such as a GitHub Enterprise Server instance, with a Host", + "privilege": "StartAppRegistrationHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:HostArn" + ], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to provide compliance summary for one or more conformance packs", - "privilege": "GetConformancePackComplianceSummary", + "description": "Grants permission to associate a third party, such as a Bitbucket App installation, with a Connection", + "privilege": "StartOAuthHandshake", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:ProviderType" + ], "dependent_actions": [], - "resource_type": "ConformancePack*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the policy definition containing the logic for your AWS Config Custom Policy rule", - "privilege": "GetCustomRulePolicy", + "access_level": "Tagging", + "description": "Grants permission to add or modify the tags of the given resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account", - "privilege": "GetDiscoveredResourceCounts", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an AWS resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Host" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RepositoryLink" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return detailed status for each member account within an organization for a given organization config rule", - "privilege": "GetOrganizationConfigRuleDetailedStatus", + "access_level": "Write", + "description": "Grants permission to update a Connection resource with an installation of the CodeStar Connections App", + "privilege": "UpdateConnectionInstallation", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "codestar-connections:GetIndividualAccessToken", + "codestar-connections:GetInstallationUrl", + "codestar-connections:ListInstallationTargets", + "codestar-connections:StartOAuthHandshake" + ], + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:InstallationId" + ], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return detailed status for each member account within an organization for a given organization conformance pack", - "privilege": "GetOrganizationConformancePackDetailedStatus", + "access_level": "Write", + "description": "Grants permission to update a host resource", + "privilege": "UpdateHost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConformancePack*" + "resource_type": "Host*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the policy definition containing the logic for your organization AWS Config Custom Policy rule", - "privilege": "GetOrganizationCustomRulePolicy", + "access_level": "Write", + "description": "Grants permission to update a repository link", + "privilege": "UpdateRepositoryLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule*" + "resource_type": "RepositoryLink*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list of configuration items for the specified resource", - "privilege": "GetResourceConfigHistory", + "access_level": "Write", + "description": "Grants permission to update a sync blocker for a resource (cfn stack or other resources)", + "privilege": "UpdateSyncBlocker", "resource_types": [ { "condition_keys": [], @@ -48505,12 +50696,14 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the summary of resource evaluations for a specific resource evaluation ID", - "privilege": "GetResourceEvaluationSummary", + "access_level": "Write", + "description": "Grants permission to update a sync configuration", + "privilege": "UpdateSyncConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "codestar-connections:Branch" + ], "dependent_actions": [], "resource_type": "" } @@ -48518,68 +50711,164 @@ }, { "access_level": "Read", - "description": "Grants permission to return the details of a specific stored query", - "privilege": "GetStoredQuery", + "description": "Grants permission to use a Connection resource to call provider actions", + "privilege": "UseConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery*" + "resource_type": "Connection*" + }, + { + "condition_keys": [ + "codestar-connections:BranchName", + "codestar-connections:FullRepositoryId", + "codestar-connections:OwnerId", + "codestar-connections:ProviderAction", + "codestar-connections:ProviderPermissionsRequired", + "codestar-connections:RepositoryName" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:connection/${ConnectionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Connection" }, { - "access_level": "List", - "description": "Grants permission to accept a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions", - "privilege": "ListAggregateDiscoveredResources", + "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:host/${HostId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Host" + }, + { + "arn": "arn:${Partition}:codestar-connections:${Region}:${Account}:repository-link/${RepositoryLinkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RepositoryLink" + } + ], + "service_name": "AWS CodeStar Connections" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "codestar-notifications:NotificationsForResource", + "description": "Filters access based on the ARN of the resource for which notifications are configured", + "type": "ARN" + } + ], + "prefix": "codestar-notifications", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a notification rule for a resource", + "privilege": "CreateNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the percentage of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations", - "privilege": "ListConformancePackComplianceScores", + "access_level": "Write", + "description": "Grants permission to delete a notification rule for a resource", + "privilege": "DeleteNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to accept a resource type and returns a list of resource identifiers for the resources of that type", - "privilege": "ListDiscoveredResources", + "access_level": "Write", + "description": "Grants permission to delete a target for a notification rule", + "privilege": "DeleteTarget", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource evaluation summaries for an AWS account in an AWS Region", - "privilege": "ListResourceEvaluations", + "access_level": "Read", + "description": "Grants permission to get information about a notification rule", + "privilege": "DescribeNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the stored queries for an AWS account in an AWS Region", - "privilege": "ListStoredQueries", + "description": "Grants permission to list notifications event types", + "privilege": "ListEventTypes", "resource_types": [ { "condition_keys": [], @@ -48589,56 +50878,26 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for AWS Config resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list notification rules in an AWS account", + "privilege": "ListNotificationRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationAggregator" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OrganizationConformancePack" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StoredQuery" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to authorize the aggregator account and region to collect data from the source account and region", - "privilege": "PutAggregationAuthorization", + "access_level": "List", + "description": "Grants permission to list the tags attached to a notification rule resource ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization*" + "resource_type": "notificationrule*" }, { "condition_keys": [ @@ -48651,15 +50910,10 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add or update an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations", - "privilege": "PutConfigRule", + "access_level": "List", + "description": "Grants permission to list the notification rule targets for an AWS account", + "privilege": "ListTargets", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -48672,22 +50926,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create and update the configuration aggregator with the selected source accounts and regions", - "privilege": "PutConfigurationAggregator", + "description": "Grants permission to create an association between a notification rule and an Amazon SNS topic", + "privilege": "Subscribe", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListDelegatedAdministrators" - ], - "resource_type": "ConfigurationAggregator*" + "dependent_actions": [], + "resource_type": "notificationrule*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" ], "dependent_actions": [], "resource_type": "" @@ -48695,170 +50947,251 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new configuration recorder to record the selected resource configurations", - "privilege": "PutConfigurationRecorder", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to a notification rule resource ARN", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a conformance pack", - "privilege": "PutConformancePack", + "description": "Grants permission to remove an association between a notification rule and an Amazon SNS topic", + "privilege": "Unsubscribe", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "s3:GetObject", - "s3:ListBucket", - "ssm:GetDocument" + "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" ], - "resource_type": "ConformancePack*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic", - "privilege": "PutDeliveryChannel", + "access_level": "Tagging", + "description": "Grants permission to disassociate resource tags from a notification rule resource ARN", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to be used by an AWS Lambda function to deliver evaluation results to AWS Config", - "privilege": "PutEvaluations", + "description": "Grants permission to change a notification rule for a resource", + "privilege": "UpdateNotificationRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "notificationrule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "codestar-notifications:NotificationsForResource" + ], + "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:codestar-notifications:${Region}:${Account}:notificationrule/${NotificationRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "notificationrule" + } + ], + "service_name": "AWS CodeStar Notifications" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to deliver evaluation result to AWS Config", - "privilege": "PutExternalEvaluation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with CodeWhisperer resource", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to add or update organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations", - "privilege": "PutOrganizationConfigRule", + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "codewhisperer", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to configure vended log delivery for CodeWhisperer customization resource", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListDelegatedAdministrators" + "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "OrganizationConfigRule*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update organization conformance pack for your entire organization evaluating whether your AWS resources comply with your desired configurations", - "privilege": "PutOrganizationConformancePack", + "description": "Grants permission to invoke AssociateCustomizationPermission on CodeWhisperer", + "privilege": "AssociateCustomizationPermission", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListDelegatedAdministrators", - "s3:GetObject" + "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "OrganizationConformancePack*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update the remediation configuration with a specific AWS Config rule with the selected target or action", - "privilege": "PutRemediationConfigurations", + "description": "Grants permission to invoke CreateCustomization on CodeWhisperer", + "privilege": "CreateCustomization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" + "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], - "resource_type": "RemediationConfiguration*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update remediation exceptions for specific resources for a specific AWS Config rule", - "privilege": "PutRemediationExceptions", + "description": "Grants permission to invoke CreateProfile on CodeWhisperer", + "privilege": "CreateProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "profile*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to record the configuration state for the resource provided in the request", - "privilege": "PutResourceConfig", + "description": "Grants permission to invoke DeleteCustomization on CodeWhisperer", + "privilege": "DeleteCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create and update the retention configuration with details about retention period (number of days) that AWS Config stores your historical information", - "privilege": "PutRetentionConfiguration", + "description": "Grants permission to invoke DeleteProfile on CodeWhisperer", + "privilege": "DeleteProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to save a new query or updates an existing saved query", - "privilege": "PutStoredQuery", + "description": "Grants permission to invoke DisassociateCustomizationPermission on CodeWhisperer", + "privilege": "DisassociateCustomizationPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery*" + "resource_type": "customization*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -48867,84 +51200,89 @@ }, { "access_level": "Read", - "description": "Grants permission to accept a structured query language (SQL) SELECT command and an aggregator to query configuration state of AWS resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties", - "privilege": "SelectAggregateResourceConfig", + "description": "Grants permission to invoke GenerateRecommendations on CodeWhisperer", + "privilege": "GenerateRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to accept a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties", - "privilege": "SelectResourceConfig", + "description": "Grants permission to invoke GetCustomization on CodeWhisperer", + "privilege": "GetCustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to evaluate your resources against the specified Config rules", - "privilege": "StartConfigRulesEvaluation", + "access_level": "List", + "description": "Grants permission to invoke ListCustomizationPermissions on CodeWhisperer", + "privilege": "ListCustomizationPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigRule*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start recording configurations of the AWS resources you have selected to record in your AWS account", - "privilege": "StartConfigurationRecorder", - "resource_types": [ + "resource_type": "customization*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to run an on-demand remediation for the specified AWS Config rules against the last known remediation configuration", - "privilege": "StartRemediationExecution", + "access_level": "List", + "description": "Grants permission to invoke ListCustomizationVersions on CodeWhisperer", + "privilege": "ListCustomizationVersions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" + "dependent_actions": [], + "resource_type": "customization*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to evaluate your resource details against the AWS Config rules in your account", - "privilege": "StartResourceEvaluation", + "access_level": "List", + "description": "Grants permission to invoke ListCustomizations on CodeWhisperer", + "privilege": "ListCustomizations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudformation:DescribeType" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "customization*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop recording configurations of the AWS resources you have selected to record in your AWS account", - "privilege": "StopConfigurationRecorder", + "access_level": "List", + "description": "Grants permission to invoke ListProfiles on CodeWhisperer", + "privilege": "ListProfiles", "resource_types": [ { "condition_keys": [], @@ -48954,49 +51292,49 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate the specified tags to a resource with the specified resourceArn", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to invoke ListTagsForResource on CodeWhisperer", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigurationAggregator" + "resource_type": "customization" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConformancePack" + "resource_type": "profile" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "OrganizationConfigRule" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to invoke TagResource on CodeWhisperer", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConformancePack" + "resource_type": "customization" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery" + "resource_type": "profile" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -49005,47 +51343,61 @@ }, { "access_level": "Tagging", - "description": "Grants permission to delete specified tags from a resource", + "description": "Grants permission to invoke UntagResource on CodeWhisperer", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AggregationAuthorization" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ConfigRule" + "resource_type": "customization" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ConfigurationAggregator" + "resource_type": "profile" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "ConformancePack" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke UpdateCustomization on CodeWhisperer", + "privilege": "UpdateCustomization", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OrganizationConfigRule" + "resource_type": "customization*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "OrganizationConformancePack" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to invoke UpdateProfile on CodeWhisperer", + "privilege": "UpdateProfile", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StoredQuery" + "resource_type": "profile*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -49055,120 +51407,51 @@ ], "resources": [ { - "arn": "arn:${Partition}:config:${Region}:${Account}:aggregation-authorization/${AggregatorAccount}/${AggregatorRegion}", + "arn": "arn:${Partition}:codewhisperer::${Account}:profile/${Identifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "AggregationAuthorization" + "resource": "profile" }, { - "arn": "arn:${Partition}:config:${Region}:${Account}:config-aggregator/${AggregatorId}", + "arn": "arn:${Partition}:codewhisperer::${Account}:customization/${Identifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ConfigurationAggregator" - }, + "resource": "customization" + } + ], + "service_name": "Amazon CodeWhisperer" + }, + { + "conditions": [ { - "arn": "arn:${Partition}:config:${Region}:${Account}:config-rule/${ConfigRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConfigRule" + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" }, { - "arn": "arn:${Partition}:config:${Region}:${Account}:conformance-pack/${ConformancePackName}/${ConformancePackId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ConformancePack" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" }, { - "arn": "arn:${Partition}:config:${Region}:${Account}:organization-config-rule/${OrganizationConfigRuleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "OrganizationConfigRule" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:organization-conformance-pack/${OrganizationConformancePackId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "OrganizationConformancePack" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:remediation-configuration/${RemediationConfigurationId}", - "condition_keys": [], - "resource": "RemediationConfiguration" - }, - { - "arn": "arn:${Partition}:config:${Region}:${Account}:stored-query/${StoredQueryName}/${StoredQueryId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "StoredQuery" - } - ], - "service_name": "AWS Config" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by using tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by using tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by using tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "connect:AttributeType", - "description": "Filters access by the attribute type of the Amazon Connect instance", - "type": "String" - }, - { - "condition": "connect:InstanceId", - "description": "Filters access by restricting federation into specified Amazon Connect instances", - "type": "String" - }, - { - "condition": "connect:MonitorCapabilities", - "description": "Filters access by restricting the monitor capabilities of the user in the request", - "type": "ArrayOfString" - }, - { - "condition": "connect:SearchTag/${TagKey}", - "description": "Filters access by TagFilter condition passed in the search request", - "type": "String" - }, - { - "condition": "connect:StorageResourceType", - "description": "Filters access by restricting the storage resource type of the Amazon Connect instance storage configuration", - "type": "String" - } - ], - "prefix": "connect", - "privileges": [ + "condition": "aws:TagKeys", + "description": "Filters access by a key that is present in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cognito-identity", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to activate an evaluation form in the specified Amazon Connect instance. After the evaluation form is activated, it is available to start new evaluations based on the form", - "privilege": "ActivateEvaluationForm", + "description": "Grants permission to create a new identity pool", + "privilege": "CreateIdentityPool", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation-form*" - }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -49177,81 +51460,59 @@ }, { "access_level": "Write", - "description": "Grants permission to associate approved origin for an existing Amazon Connect instance", - "privilege": "AssociateApprovedOrigin", + "description": "Grants permission to delete identities from an identity pool. You can specify a list of 1-60 identities that you want to delete", + "privilege": "DeleteIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", - "privilege": "AssociateBot", + "description": "Grants permission to delete a user pool. Once a pool is deleted, users will not be able to authenticate with the pool", + "privilege": "DeleteIdentityPool", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "lex:CreateResourcePolicy", - "lex:DescribeBotAlias", - "lex:GetBot", - "lex:UpdateResourcePolicy" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a Customer Profiles domain for an existing Amazon Connect instance", - "privilege": "AssociateCustomerProfilesDomain", + "access_level": "Read", + "description": "Grants permission to return metadata related to the given identity, including when the identity was created and any associated linked logins", + "privilege": "DescribeIdentity", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "profile:GetDomain" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to default vocabulary for an existing Amazon Connect instance", - "privilege": "AssociateDefaultVocabulary", + "access_level": "Read", + "description": "Grants permission to get details about a particular identity pool, including the pool name, ID description, creation date, and current number of users", + "privilege": "DescribeIdentityPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return credentials for the provided identity ID", + "privilege": "GetCredentialsForIdentity", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -49259,231 +51520,193 @@ }, { "access_level": "Write", - "description": "Grants permission to associate instance storage for an existing Amazon Connect instance", - "privilege": "AssociateInstanceStorageConfig", + "description": "Grants permission to generate (or retrieve) a Cognito ID. Supplying multiple logins will create an implicit linked account", + "privilege": "GetId", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "firehose:DescribeDeliveryStream", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "kinesis:DescribeStream", - "kms:CreateGrant", - "kms:DescribeKey", - "s3:GetBucketAcl", - "s3:GetBucketLocation" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:StorageResourceType", - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a Lambda function for an existing Amazon Connect instance", - "privilege": "AssociateLambdaFunction", + "access_level": "Read", + "description": "Grants permission to get analytics data about the total current identity count for all identity pool identity provider (IdPs)", + "privilege": "GetIdentityPoolAnalytics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lambda:AddPermission" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", - "privilege": "AssociateLexBot", + "access_level": "Read", + "description": "Grants permission to get analytics data about the number of new identities and total identities for all identity pool identity providers (IdPs)", + "privilege": "GetIdentityPoolDailyAnalytics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "lex:GetBot" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate contact flow resources to phone number resources in an Amazon Connect instance", - "privilege": "AssociatePhoneNumberContactFlow", + "access_level": "Read", + "description": "Grants permission to get the roles for an identity pool", + "privilege": "GetIdentityPoolRoles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get analytics data about the number of new identities and total identities for one identity pool identity provider (IdPs)", + "privilege": "GetIdentityProviderDailyAnalytics", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number*" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an OpenID token, using a known Cognito ID", + "privilege": "GetOpenIdToken", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate quick connects with a queue in an Amazon Connect instance", - "privilege": "AssociateQueueQuickConnects", + "access_level": "Read", + "description": "Grants permission to register (or retrieve) a Cognito IdentityId and an OpenID Connect token for a user authenticated by your backend authentication process", + "privilege": "GetOpenIdTokenForDeveloperIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the principal tags for an identity pool and provider", + "privilege": "GetPrincipalTagAttributeMap", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate queues with a routing profile in an Amazon Connect instance", - "privilege": "AssociateRoutingProfileQueues", + "access_level": "List", + "description": "Grants permission to list the identities in an identity pool", + "privilege": "ListIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all of the Cognito identity pools registered for your account", + "privilege": "ListIdentityPools", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a security key for an existing Amazon Connect instance", - "privilege": "AssociateSecurityKey", + "access_level": "Read", + "description": "Grants permission to list the tags that are assigned to an Amazon Cognito identity pool", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "identitypool" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the IdentityId associated with a DeveloperUserIdentifier or the list of DeveloperUserIdentifiers associated with an IdentityId for an existing identity", + "privilege": "LookupDeveloperIdentity", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Write", - "description": "Grants permission to grant access and to associate the datasets with the specified AWS account", - "privilege": "BatchAssociateAnalyticsDataSet", + "description": "Grants permission to merge two users having different IdentityIds, existing in the same identity pool, and identified by the same developer provider", + "privilege": "MergeDeveloperIdentities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Write", - "description": "Grants permission to revoke access and to disassociate the datasets with the specified AWS account", - "privilege": "BatchDisassociateAnalyticsDataSet", + "description": "Grants permission to set the roles for an identity pool. These roles are used when making calls to GetCredentialsForIdentity action", + "privilege": "SetIdentityPoolRoles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to claim phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "ClaimPhoneNumber", + "description": "Grants permission to set the principal tags for an identity pool and provider. These tags are used when making calls to GetOpenIdToken action", + "privilege": "SetPrincipalTagAttributeMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to assign a set of tags to an Amazon Cognito identity pool", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "identitypool" }, { "condition_keys": [ @@ -49497,61 +51720,41 @@ }, { "access_level": "Write", - "description": "Grants permission to create agent status in an Amazon Connect instance", - "privilege": "CreateAgentStatus", + "description": "Grants permission to unlink a DeveloperUserIdentifier from an existing identity", + "privilege": "UnlinkDeveloperIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a contact flow in an Amazon Connect instance", - "privilege": "CreateContactFlow", + "description": "Grants permission to unlink a federated identity from an existing account", + "privilege": "UnlinkIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a contact flow module in an Amazon Connect instance", - "privilege": "CreateContactFlowModule", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from an Amazon Cognito identity pool", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" + "resource_type": "identitypool" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -49560,591 +51763,408 @@ }, { "access_level": "Write", - "description": "Grants permission to create an evaluation form in the specified Amazon Connect instance. The form can be used to define questions related to agent performance, and create sections to organize such questions. Question and section identifiers cannot be duplicated within the same evaluation form", - "privilege": "CreateEvaluationForm", + "description": "Grants permission to update an identity pool", + "privilege": "UpdateIdentityPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cognito-identity:${Region}:${Account}:identitypool/${IdentityPoolId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "identitypool" + } + ], + "service_name": "Amazon Cognito Identity" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a key that is present in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cognito-idp", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create hours of operation in an Amazon Connect instance", - "privilege": "CreateHoursOfOperation", + "description": "Grants permission to add user attributes to the user pool schema", + "privilege": "AddCustomAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon Connect instance", - "privilege": "CreateInstance", + "description": "Grants permission to add any user to any group", + "privilege": "AdminAddUserToGroup", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ds:AuthorizeApplication", - "ds:CheckAlias", - "ds:CreateAlias", - "ds:CreateDirectory", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an integration association with an Amazon Connect instance", - "privilege": "CreateIntegrationAssociation", + "description": "Grants permission to confirm any user's registration without a confirmation code", + "privilege": "AdminConfirmSignUp", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "app-integrations:CreateEventIntegrationAssociation", - "cases:GetDomain", - "connect:DescribeInstance", - "ds:DescribeDirectories", - "events:PutRule", - "events:PutTargets", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "mobiletargeting:GetApp", - "voiceid:DescribeDomain", - "wisdom:GetAssistant", - "wisdom:GetKnowledgeBase" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a participant to an ongoing contact", - "privilege": "CreateParticipant", + "description": "Grants permission to create new users and send welcome messages via email or SMS", + "privilege": "AdminCreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a prompt in an Amazon Connect instance", - "privilege": "CreatePrompt", + "description": "Grants permission to delete any user", + "privilege": "AdminDeleteUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "s3:GetObject", - "s3:GetObjectAcl" - ], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a queue in an Amazon Connect instance", - "privilege": "CreateQueue", + "description": "Grants permission to delete attributes from any user", + "privilege": "AdminDeleteUserAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unlink any user pool user from a third-party identity provider (IdP) user", + "privilege": "AdminDisableProviderForUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deactivate any user", + "privilege": "AdminDisableUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to activate any user", + "privilege": "AdminEnableUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a quick connect in an Amazon Connect instance", - "privilege": "CreateQuickConnect", + "description": "Grants permission to deregister any user's devices", + "privilege": "AdminForgetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about any user's devices", + "privilege": "AdminGetDevice", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to look up any user by user name", + "privilege": "AdminGetUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to authenticate any user", + "privilege": "AdminInitiateAuth", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a routing profile in an Amazon Connect instance", - "privilege": "CreateRoutingProfile", + "description": "Grants permission to link any user pool user to a third-party IdP user", + "privilege": "AdminLinkProviderForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list any user's remembered devices", + "privilege": "AdminListDevices", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a rule in an Amazon Connect instance", - "privilege": "CreateRule", + "access_level": "List", + "description": "Grants permission to list the groups that any user belongs to", + "privilege": "AdminListGroupsForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a security profile for the specified Amazon Connect instance", - "privilege": "CreateSecurityProfile", + "access_level": "Read", + "description": "Grants permission to lists sign-in events for any user", + "privilege": "AdminListUserAuthEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a task template in an Amazon Connect instance", - "privilege": "CreateTaskTemplate", + "description": "Grants permission to remove any user from any group", + "privilege": "AdminRemoveUserFromGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a traffic distribution group", - "privilege": "CreateTrafficDistributionGroup", + "description": "Grants permission to reset any user's password", + "privilege": "AdminResetUserPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a use case for an integration association", - "privilege": "CreateUseCase", + "description": "Grants permission to respond to an authentication challenge during the authentication of any user", + "privilege": "AdminRespondToAuthChallenge", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a user for the specified Amazon Connect instance", - "privilege": "CreateUser", + "description": "Grants permission to set any user's preferred MFA method", + "privilege": "AdminSetUserMFAPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a user hierarchy group in an Amazon Connect instance", - "privilege": "CreateUserHierarchyGroup", + "description": "Grants permission to set any user's password", + "privilege": "AdminSetUserPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a vocabulary in an Amazon Connect instance", - "privilege": "CreateVocabulary", + "description": "Grants permission to set user settings for any user", + "privilege": "AdminSetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate an evaluation form in the specified Amazon Connect instance. After a form is deactivated, it is no longer available for users to start new evaluations based on the form", - "privilege": "DeactivateEvaluationForm", + "description": "Grants permission to update advanced security feedback for any user's authentication event", + "privilege": "AdminUpdateAuthEventFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a contact evaluation in the specified Amazon Connect instance", - "privilege": "DeleteContactEvaluation", + "description": "Grants permission to update the status of any user's remembered devices", + "privilege": "AdminUpdateDeviceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a contact flow in an Amazon Connect instance", - "privilege": "DeleteContactFlow", + "description": "Grants permission to updates any user's standard or custom attributes", + "privilege": "AdminUpdateUserAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a contact flow module in an Amazon Connect instance", - "privilege": "DeleteContactFlowModule", + "description": "Grants permission to sign out any user from all sessions", + "privilege": "AdminUserGlobalSignOut", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an evaluation form in the specified Amazon Connect instance. If the version property is provided, only the specified version of the evaluation form is deleted", - "privilege": "DeleteEvaluationForm", + "description": "Grants permission to return a unique generated shared secret key code for the user", + "privilege": "AssociateSoftwareToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete hours of operation in an Amazon Connect instance", - "privilege": "DeleteHoursOfOperation", + "description": "Grants permission to associate the user pool with an AWS WAF web ACL", + "privilege": "AssociateWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" + "resource_type": "userpool*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "webacl*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon Connect instance. When you remove an instance, the link to an existing AWS directory is also removed", - "privilege": "DeleteInstance", + "description": "Grants permission to change the password for a specified user in a user pool", + "privilege": "ChangePassword", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -50152,30 +52172,11 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an integration association from an Amazon Connect instance. The association must not have any use cases associated with it", - "privilege": "DeleteIntegrationAssociation", + "description": "Grants permission to confirm tracking of the device. This API call is the call that begins device tracking", + "privilege": "ConfirmDevice", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "app-integrations:DeleteEventIntegrationAssociation", - "connect:DescribeInstance", - "ds:DescribeDirectories", - "events:DeleteRule", - "events:ListTargetsByRule", - "events:RemoveTargets" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } @@ -50183,116 +52184,85 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a prompt in an Amazon Connect instance", - "privilege": "DeletePrompt", + "description": "Grants permission to allow a user to enter a confirmation code to reset a forgotten password", + "privilege": "ConfirmForgotPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a quick connect in an Amazon Connect instance", - "privilege": "DeleteQuickConnect", + "description": "Grants permission to confirm registration of a user and handles the existing alias from a previous user", + "privilege": "ConfirmSignUp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a rule in an Amazon Connect instance", - "privilege": "DeleteRule", + "description": "Grants permission to create new user pool groups", + "privilege": "CreateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a security profile in an Amazon Connect instance", - "privilege": "DeleteSecurityProfile", + "description": "Grants permission to add identity providers to user pools", + "privilege": "CreateIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a task template in an Amazon Connect instance", - "privilege": "DeleteTaskTemplate", + "description": "Grants permission to create and configure scopes for OAuth 2.0 resource servers", + "privilege": "CreateResourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a traffic distribution group", - "privilege": "DeleteTrafficDistributionGroup", + "description": "Grants permission to create user CSV import jobs", + "privilege": "CreateUserImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, + "resource_type": "userpool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and set password policy for user pools", + "privilege": "CreateUserPool", + "resource_types": [ { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -50302,645 +52272,383 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a use case from an integration association", - "privilege": "DeleteUseCase", + "description": "Grants permission to create user pool app clients", + "privilege": "CreateUserPoolClient", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user in an Amazon Connect instance", - "privilege": "DeleteUser", + "description": "Grants permission to add user pool domains", + "privilege": "CreateUserPoolDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user hierarchy group in an Amazon Connect instance", - "privilege": "DeleteUserHierarchyGroup", + "description": "Grants permission to delete any empty user pool group", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a vocabulary in an Amazon Connect instance", - "privilege": "DeleteVocabulary", + "description": "Grants permission to delete any identity provider from user pools", + "privilege": "DeleteIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe agent status in an Amazon Connect instance", - "privilege": "DescribeAgentStatus", + "access_level": "Write", + "description": "Grants permission to delete any OAuth 2.0 resource server from user pools", + "privilege": "DeleteResourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a contact in an Amazon Connect instance", - "privilege": "DescribeContact", + "access_level": "Write", + "description": "Grants permission to allow a user to delete one's self", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a contact evaluation in the specified Amazon Connect instance", - "privilege": "DescribeContactEvaluation", + "access_level": "Write", + "description": "Grants permission to delete the attributes for a user", + "privilege": "DeleteUserAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a contact flow in an Amazon Connect instance", - "privilege": "DescribeContactFlow", + "access_level": "Write", + "description": "Grants permission to delete user pools", + "privilege": "DeleteUserPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a contact flow module in an Amazon Connect instance", - "privilege": "DescribeContactFlowModule", + "access_level": "Write", + "description": "Grants permission to delete any user pool app client", + "privilege": "DeleteUserPoolClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an evaluation form in the specified Amazon Connect instance. If the version property is not provided, the latest version of the evaluation form is described", - "privilege": "DescribeEvaluationForm", + "access_level": "Write", + "description": "Grants permission to delete any user pool domain", + "privilege": "DeleteUserPoolDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the status of forecasting, planning, and scheduling integration on an Amazon Connect instance", - "privilege": "DescribeForecastingPlanningSchedulingIntegration", + "description": "Grants permission to describe any user pool identity provider", + "privilege": "DescribeIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe hours of operation in an Amazon Connect instance", - "privilege": "DescribeHoursOfOperation", + "description": "Grants permission to describe any OAuth 2.0 resource server", + "privilege": "DescribeResourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details of an Amazon Connect instance and is also required to create an instance", - "privilege": "DescribeInstance", + "description": "Grants permission to describe the risk configuration settings of user pools and app clients", + "privilege": "DescribeRiskConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the attribute details of an existing Amazon Connect instance", - "privilege": "DescribeInstanceAttribute", + "description": "Grants permission to describe any user import job", + "privilege": "DescribeUserImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:AttributeType", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the instance storage configuration for an existing Amazon Connect instance", - "privilege": "DescribeInstanceStorageConfig", + "description": "Grants permission to describe user pools", + "privilege": "DescribeUserPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:StorageResourceType", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "DescribePhoneNumber", + "description": "Grants permission to describe any user pool app client", + "privilege": "DescribeUserPoolClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a prompt in an Amazon Connect instance", - "privilege": "DescribePrompt", + "description": "Grants permission to describe any user pool domain", + "privilege": "DescribeUserPoolDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a queue in an Amazon Connect instance", - "privilege": "DescribeQueue", + "access_level": "Write", + "description": "Grants permission to disassociate the user pool with an AWS WAF web ACL", + "privilege": "DisassociateWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a quick connect in an Amazon Connect instance", - "privilege": "DescribeQuickConnect", + "access_level": "Write", + "description": "Grants permission to forget the specified device", + "privilege": "ForgetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a routing profile in an Amazon Connect instance", - "privilege": "DescribeRoutingProfile", + "access_level": "Write", + "description": "Grants permission to send a message to the end user with a confirmation code that is required to change the user's password", + "privilege": "ForgotPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a rule in an Amazon Connect instance", - "privilege": "DescribeRule", + "description": "Grants permission to generate headers for a user import .csv file", + "privilege": "GetCSVHeader", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a security profile in an Amazon Connect instance", - "privilege": "DescribeSecurityProfile", + "description": "Grants permission to get the device", + "privilege": "GetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a traffic distribution group", - "privilege": "DescribeTrafficDistributionGroup", + "description": "Grants permission to describe a user pool group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a user in an Amazon Connect instance", - "privilege": "DescribeUser", + "description": "Grants permission to correlate a user pool IdP identifier to the IdP Name", + "privilege": "GetIdentityProviderByIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a hierarchy group for an Amazon Connect instance", - "privilege": "DescribeUserHierarchyGroup", + "description": "Grants permission to get the detailed activity logging configuration for a user pool", + "privilege": "GetLogDeliveryConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the hierarchy structure for an Amazon Connect instance", - "privilege": "DescribeUserHierarchyStructure", + "description": "Grants permission to look up signing certificates for user pools", + "privilege": "GetSigningCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a vocabulary in an Amazon Connect instance", - "privilege": "DescribeVocabulary", + "description": "Grants permission to get UI customization information for the hosted UI of any app client", + "privilege": "GetUICustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate approved origin for an existing Amazon Connect instance", - "privilege": "DisassociateApprovedOrigin", + "access_level": "Read", + "description": "Grants permission to get the user attributes and metadata for a user", + "privilege": "GetUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", - "privilege": "DisassociateBot", + "access_level": "Read", + "description": "Grants permission to get the user attribute verification code for the specified attribute name", + "privilege": "GetUserAttributeVerificationCode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "lex:DeleteResourcePolicy", - "lex:UpdateResourcePolicy" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a Customer Profiles domain for an existing Amazon Connect instance", - "privilege": "DisassociateCustomerProfilesDomain", + "access_level": "Read", + "description": "Grants permission to look up the MFA configuration of user pools", + "privilege": "GetUserPoolMfaConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:DeleteRolePolicy", - "iam:DetachRolePolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRolePolicy" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate instance storage for an existing Amazon Connect instance", - "privilege": "DisassociateInstanceStorageConfig", + "access_level": "Read", + "description": "Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool", + "privilege": "GetWebACLForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:StorageResourceType", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a Lambda function for an existing Amazon Connect instance", - "privilege": "DisassociateLambdaFunction", + "description": "Grants permission to sign out users from all devices", + "privilege": "GlobalSignOut", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lambda:RemovePermission" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } @@ -50948,492 +52656,306 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", - "privilege": "DisassociateLexBot", + "description": "Grants permission to initiate the authentication flow", + "privilege": "InitiateAuth", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate contact flow resources from phone number resources in an Amazon Connect instance", - "privilege": "DisassociatePhoneNumberContactFlow", + "access_level": "List", + "description": "Grants permission to list the devices", + "privilege": "ListDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate quick connects from a queue in an Amazon Connect instance", - "privilege": "DisassociateQueueQuickConnects", + "access_level": "List", + "description": "Grants permission to list all groups in user pools", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate queues from a routing profile in an Amazon Connect instance", - "privilege": "DisassociateRoutingProfileQueues", + "access_level": "List", + "description": "Grants permission to list all identity providers in user pools", + "privilege": "ListIdentityProviders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the security key for an existing Amazon Connect instance", - "privilege": "DisassociateSecurityKey", + "access_level": "List", + "description": "Grants permission to list all resource servers in user pools", + "privilege": "ListResourceServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to dismiss terminated Contact from Agent CCP", - "privilege": "DismissUserContact", + "access_level": "List", + "description": "Grants permission to list the user pools that are associated with an AWS WAF web ACL", + "privilege": "ListResourcesForWebACL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "webacl*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the contact attributes for the specified contact", - "privilege": "GetContactAttributes", + "access_level": "List", + "description": "Grants permission to list the tags that are assigned to an Amazon Cognito user pool", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve current metric data for queues and routing profiles in an Amazon Connect instance", - "privilege": "GetCurrentMetricData", + "access_level": "List", + "description": "Grants permission to list all user import jobs", + "privilege": "ListUserImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve current user data in an Amazon Connect instance", - "privilege": "GetCurrentUserData", + "access_level": "List", + "description": "Grants permission to list all app clients in user pools", + "privilege": "ListUserPoolClients", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to federate into an Amazon Connect instance when using SAML-based authentication for identity management", - "privilege": "GetFederationToken", + "access_level": "List", + "description": "Grants permission to list all user pools", + "privilege": "ListUserPools", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to federate into an Amazon Connect instance (Log in for emergency access functionality in the Amazon Connect console)", - "privilege": "GetFederationTokens", + "access_level": "List", + "description": "Grants permission to list all user pool users", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "connect:ListInstances", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve historical metric data for queues in an Amazon Connect instance", - "privilege": "GetMetricData", + "access_level": "List", + "description": "Grants permission to list the users in any group", + "privilege": "ListUsersInGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metric data in an Amazon Connect instance", - "privilege": "GetMetricDataV2", + "access_level": "Write", + "description": "Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool", + "privilege": "ResendConfirmationCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a prompt's presigned Amazon S3 URL in an Amazon Connect instance", - "privilege": "GetPromptFile", + "access_level": "Write", + "description": "Grants permission to respond to the authentication challenge", + "privilege": "RespondToAuthChallenge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about specified task template in an Amazon Connect instance", - "privilege": "GetTaskTemplate", + "access_level": "Write", + "description": "Grants permission to revoke all of the access tokens generated by the specified refresh token", + "privilege": "RevokeToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to read traffic distribution for a traffic distribution group", - "privilege": "GetTrafficDistribution", + "access_level": "Write", + "description": "Grants permission to set up or modify the detailed activity logging configuration of a user pool", + "privilege": "SetLogDeliveryConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list agent statuses in an Amazon Connect instance", - "privilege": "ListAgentStatuses", + "access_level": "Write", + "description": "Grants permission to set risk configuration for user pools and app clients", + "privilege": "SetRiskConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-agent-status*" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to view approved origins of an existing Amazon Connect instance", - "privilege": "ListApprovedOrigins", + "access_level": "Write", + "description": "Grants permission to customize the hosted UI for any app client", + "privilege": "SetUICustomization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", - "privilege": "ListBots", + "access_level": "Write", + "description": "Grants permission to set MFA preference for the user in the userpool", + "privilege": "SetUserMFAPreference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list contact evaluations in the specified Amazon Connect instance", - "privilege": "ListContactEvaluations", + "access_level": "Write", + "description": "Grants permission to set user pool MFA configuration", + "privilege": "SetUserPoolMfaConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list contact flow module resources in an Amazon Connect instance", - "privilege": "ListContactFlowModules", + "access_level": "Write", + "description": "Grants permission to set the user settings like multi-factor authentication (MFA)", + "privilege": "SetUserSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list contact flow resources in an Amazon Connect instance", - "privilege": "ListContactFlows", + "access_level": "Write", + "description": "Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes", + "privilege": "SignUp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-contact-flow*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list references associated with a contact in an Amazon Connect instance", - "privilege": "ListContactReferences", + "access_level": "Write", + "description": "Grants permission to start any user import job", + "privilege": "StartUserImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list default vocabularies associated with a Amazon Connect instance", - "privilege": "ListDefaultVocabularies", + "access_level": "Write", + "description": "Grants permission to stop any user import job", + "privilege": "StopUserImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list versions of an evaluation form in the specified Amazon Connect instance", - "privilege": "ListEvaluationFormVersions", + "access_level": "Tagging", + "description": "Grants permission to tag a user pool", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" + "resource_type": "userpool" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51441,18 +52963,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list evaluation forms in the specified Amazon Connect instance", - "privilege": "ListEvaluationForms", + "access_level": "Tagging", + "description": "Grants permission to untag a user pool", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "userpool" }, { "condition_keys": [ - "connect:InstanceId" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51460,130 +52982,91 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list hours of operation resources in an Amazon Connect instance", - "privilege": "ListHoursOfOperations", + "access_level": "Write", + "description": "Grants permission to update the feedback for the user authentication event", + "privilege": "UpdateAuthEventFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the attributes of an existing Amazon Connect instance", - "privilege": "ListInstanceAttributes", + "access_level": "Write", + "description": "Grants permission to update the device status", + "privilege": "UpdateDeviceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to view storage configurations of an existing Amazon Connect instance", - "privilege": "ListInstanceStorageConfigs", + "access_level": "Write", + "description": "Grants permission to update the configuration of any group", + "privilege": "UpdateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the Amazon Connect instances associated with an AWS account", - "privilege": "ListInstances", + "access_level": "Write", + "description": "Grants permission to update the configuration of any user pool IdP", + "privilege": "UpdateIdentityProvider", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information about the integration associations for the specified Amazon Connect instance", - "privilege": "ListIntegrationAssociations", + "access_level": "Write", + "description": "Grants permission to update the configuration of any OAuth 2.0 resource server", + "privilege": "UpdateResourceServer", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the Lambda functions of an existing Amazon Connect instance", - "privilege": "ListLambdaFunctions", + "access_level": "Write", + "description": "Grants permission to allow a user to update a specific attribute (one at a time)", + "privilege": "UpdateUserAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", - "privilege": "ListLexBots", + "access_level": "Write", + "description": "Grants permission to updates the configuration of user pools", + "privilege": "UpdateUserPool", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "userpool*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51591,388 +53074,487 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list phone number resources in an Amazon Connect instance", - "privilege": "ListPhoneNumbers", + "access_level": "Write", + "description": "Grants permission to update any user pool client", + "privilege": "UpdateUserPoolClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-legacy-phone-number*" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list phone number resources in an Amazon Connect instance", - "privilege": "ListPhoneNumbersV2", + "access_level": "Write", + "description": "Grants permission to replace the certificate for any custom domain", + "privilege": "UpdateUserPoolDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "userpool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list prompt resources in an Amazon Connect instance", - "privilege": "ListPrompts", + "access_level": "Write", + "description": "Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful", + "privilege": "VerifySoftwareToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list quick connect resources in a queue in an Amazon Connect instance", - "privilege": "ListQueueQuickConnects", + "access_level": "Write", + "description": "Grants permission to verify a user attribute using a one time verification code", + "privilege": "VerifyUserAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "userpool" }, { - "access_level": "List", - "description": "Grants permission to list queue resources in an Amazon Connect instance", - "privilege": "ListQueues", + "arn": "arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}", + "condition_keys": [], + "resource": "webacl" + } + ], + "service_name": "Amazon Cognito User Pools" + }, + { + "conditions": [], + "prefix": "cognito-sync", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to initiate a bulk publish of all existing datasets for an Identity Pool to the configured stream", + "privilege": "BulkPublish", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-queue*" + "resource_type": "identitypool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list quick connect resources in an Amazon Connect instance", - "privilege": "ListQuickConnects", + "access_level": "Write", + "description": "Grants permission to delete a specific dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-quick-connect*" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the analysis segments for a real-time analysis session", - "privilege": "ListRealtimeContactAnalysisSegments", + "description": "Grants permission to get metadata about a dataset by identity and dataset name", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "dataset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list queue resources in a routing profile in an Amazon Connect instance", - "privilege": "ListRoutingProfileQueues", + "access_level": "Read", + "description": "Grants permission to get usage details (for example, data storage) about a particular identity pool", + "privilege": "DescribeIdentityPoolUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list routing profile resources in an Amazon Connect instance", - "privilege": "ListRoutingProfiles", + "access_level": "Read", + "description": "Grants permission to get usage information for an identity, including number of datasets and data usage", + "privilege": "DescribeIdentityUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identity*" } ] }, { - "access_level": "List", - "description": "Grants permission to list rules associated with a Amazon Connect instance", - "privilege": "ListRules", + "access_level": "Read", + "description": "Grants permission to get the status of the last BulkPublish operation for an identity pool", + "privilege": "GetBulkPublishDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the security keys of an existing Amazon Connect instance", - "privilege": "ListSecurityKeys", + "access_level": "Read", + "description": "Grants permission to get the events and the corresponding Lambda functions associated with an identity pool", + "privilege": "GetCognitoEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { - "access_level": "List", - "description": "Grants permission to list permissions associated with security profile in an Amazon Connect instance", - "privilege": "ListSecurityProfilePermissions", + "access_level": "Read", + "description": "Grants permission to get the configuration settings of an identity pool", + "privilege": "GetIdentityPoolConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "identitypool*" } ] }, { "access_level": "List", - "description": "Grants permission to list security profile resources in an Amazon Connect instance", - "privilege": "ListSecurityProfiles", + "description": "Grants permission to list datasets for an identity", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for an Amazon Connect resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get a list of identity pools registered with Cognito", + "privilege": "ListIdentityPoolUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-evaluation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow-module" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation-form" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get paginated records, optionally changed after a particular sync count for a dataset and identity", + "privilege": "ListRecords", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" - }, + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to query records", + "privilege": "QueryRecords", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register a device to receive push sync notifications", + "privilege": "RegisterDevice", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration-association" - }, + "resource_type": "identity*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the AWS Lambda function for a given event type for an identity pool", + "privilege": "SetCognitoEvents", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to configure datasets", + "privilege": "SetDatasetConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt" - }, + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the necessary configuration for push sync", + "privilege": "SetIdentityPoolConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" - }, + "resource_type": "identitypool*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to subscribe to receive notifications when a dataset is modified by another device", + "privilege": "SubscribeToDataset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect" - }, + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unsubscribe from receiving notifications when a dataset is modified by another device", + "privilege": "UnsubscribeFromDataset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile" - }, + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to post updates to records and add and delete records for a dataset and user", + "privilege": "UpdateRecords", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" - }, + "resource_type": "dataset*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}/dataset/${DatasetName}", + "condition_keys": [], + "resource": "dataset" + }, + { + "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}/identity/${IdentityId}", + "condition_keys": [], + "resource": "identity" + }, + { + "arn": "arn:${Partition}:cognito-sync:${Region}:${Account}:identitypool/${IdentityPoolId}", + "condition_keys": [], + "resource": "identitypool" + } + ], + "service_name": "Amazon Cognito Sync" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by requiring tag values present in a resource creation request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by requiring tag value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by requiring the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "comprehend:DataLakeKmsKey", + "description": "Filters access by the DataLake Kms Key associated with the flywheel resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:FlywheelIterationId", + "description": "Filters access by particular Iteration Id for a flywheel", + "type": "String" + }, + { + "condition": "comprehend:ModelKmsKey", + "description": "Filters access by the model KMS key associated with the resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:OutputKmsKey", + "description": "Filters access by the output KMS key associated with the resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:VolumeKmsKey", + "description": "Filters access by the volume KMS key associated with the resource in the request", + "type": "ARN" + }, + { + "condition": "comprehend:VpcSecurityGroupIds", + "description": "Filters access by the list of all VPC security group ids associated with the resource in the request", + "type": "ArrayOfString" + }, + { + "condition": "comprehend:VpcSubnets", + "description": "Filters access by the list of all VPC subnets associated with the resource in the request", + "type": "ArrayOfString" + } + ], + "prefix": "comprehend", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to detect the language or languages present in the list of text documents", + "privilege": "BatchDetectDominantLanguage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given list of text documents", + "privilege": "BatchDetectEntities", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect the phrases in the list of text documents that are most indicative of the content", + "privilege": "BatchDetectKeyPhrases", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "use-case" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect the sentiment of a text in the list of documents (Positive, Negative, Neutral, or Mixed)", + "privilege": "BatchDetectSentiment", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a list of text documents", + "privilege": "BatchDetectSyntax", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list task template resources in an Amazon Connect instance", - "privilege": "ListTaskTemplates", + "access_level": "Read", + "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) within the given list of text documents", + "privilege": "BatchDetectTargetedSentiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list traffic distribution groups", - "privilege": "ListTrafficDistributionGroups", + "access_level": "Read", + "description": "Grants permission to create a new document classification request to analyze a single document in real-time, using a previously created and trained custom model and an endpoint", + "privilege": "ClassifyDocument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" + "resource_type": "document-classifier-endpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the use cases of an integration association", - "privilege": "ListUseCases", + "access_level": "Read", + "description": "Grants permission to classify the personally identifiable information within given documents in real-time", + "privilege": "ContainsPiiEntities", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeInstance", - "ds:DescribeDirectories" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the hierarchy group resources in an Amazon Connect instance", - "privilege": "ListUserHierarchyGroups", + "access_level": "Write", + "description": "Grants permission to create a new dataset within a flywheel", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "flywheel*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -51980,18 +53562,24 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list user resources in an Amazon Connect instance", - "privilege": "ListUsers", + "access_level": "Write", + "description": "Grants permission to create a new document classifier that you can use to categorize documents", + "privilege": "CreateDocumentClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "document-classifier*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -52000,29 +53588,60 @@ }, { "access_level": "Write", - "description": "Grants permission to monitor an ongoing contact", - "privilege": "MonitorContact", + "description": "Grants permission to create a model-specific endpoint for synchronous inference for a previously trained custom model", + "privilege": "CreateEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "document-classifier*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "document-classifier-endpoint*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "entity-recognizer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "entity-recognizer-endpoint*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "flywheel" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an entity recognizer using submitted files", + "privilege": "CreateEntityRecognizer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" }, { "condition_keys": [ - "connect:MonitorCapabilities", - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -52031,272 +53650,230 @@ }, { "access_level": "Write", - "description": "Grants permission to switch User Status in an Amazon Connect instance", - "privilege": "PutUserStatus", + "description": "Grants permission to create a new flywheel that you can use to train model versions", + "privilege": "CreateFlywheel", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:DataLakeKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], "dependent_actions": [], - "resource_type": "agent-status*" + "resource_type": "flywheel*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "document-classifier" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "entity-recognizer" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a previously created document classifier", + "privilege": "DeleteDocumentClassifier", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier*" } ] }, { "access_level": "Write", - "description": "Grants permission to release phone number resources in an Amazon Connect instance", - "privilege": "ReleasePhoneNumber", + "description": "Grants permission to delete a model-specific endpoint for a previously-trained custom model. All endpoints must be deleted in order for the model to be deleted", + "privilege": "DeleteEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number*" + "resource_type": "document-classifier-endpoint*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer-endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a replica of an Amazon Connect instance", - "privilege": "ReplicateInstance", + "description": "Grants permission to delete a submitted entity recognizer", + "privilege": "DeleteEntityRecognizer", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ds:AuthorizeApplication", - "ds:CheckAlias", - "ds:CreateAlias", - "ds:CreateDirectory", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" } ] }, { "access_level": "Write", - "description": "Grants permission to resume recording for the specified contact", - "privilege": "ResumeContactRecording", + "description": "Grants permission to Delete a flywheel", + "privilege": "DeleteFlywheel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "flywheel*" } ] }, { - "access_level": "List", - "description": "Grants permission to search phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "SearchAvailablePhoneNumbers", + "access_level": "Write", + "description": "Grants permission to remove policy on resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number*" + "resource_type": "document-classifier*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity-recognizer*" } ] }, { "access_level": "Read", - "description": "Grants permission to search hours of operation resources in an Amazon Connect instance", - "privilege": "SearchHoursOfOperations", + "description": "Grants permission to get the properties associated with a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeHoursOfOperation" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel-dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to search prompt resources in an Amazon Connect instance", - "privilege": "SearchPrompts", + "description": "Grants permission to get the properties associated with a document classification job", + "privilege": "DescribeDocumentClassificationJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribePrompt" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classification-job*" } ] }, { "access_level": "Read", - "description": "Grants permission to search queue resources in an Amazon Connect instance", - "privilege": "SearchQueues", + "description": "Grants permission to get the properties associated with a document classifier", + "privilege": "DescribeDocumentClassifier", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeQueue" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier*" } ] }, { "access_level": "Read", - "description": "Grants permission to search quick connect resources in an Amazon Connect instance", - "privilege": "SearchQuickConnects", + "description": "Grants permission to get the properties associated with a dominant language detection job", + "privilege": "DescribeDominantLanguageDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeQuickConnect" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "dominant-language-detection-job*" } ] }, { - "access_level": "List", - "description": "Grants permission to search tags used in an Amazon Connect instance", - "privilege": "SearchResourceTags", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a specific endpoint. Use this operation to get the status of an endpoint", + "privilege": "DescribeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "document-classifier-endpoint*" }, { - "condition_keys": [ - "connect:InstanceId", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer-endpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to search routing profile resources in an Amazon Connect instance", - "privilege": "SearchRoutingProfiles", + "description": "Grants permission to get the properties associated with an entities detection job", + "privilege": "DescribeEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeRoutingProfile" - ], - "resource_type": "instance*" - }, + "dependent_actions": [], + "resource_type": "entities-detection-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to provide details about an entity recognizer including status, S3 buckets containing training data, recognizer metadata, metrics, and so on", + "privilege": "DescribeEntityRecognizer", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer*" } ] }, { "access_level": "Read", - "description": "Grants permission to search security profile resources in an Amazon Connect instance", - "privilege": "SearchSecurityProfiles", + "description": "Grants permission to get the properties associated with an Events detection job", + "privilege": "DescribeEventsDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeSecurityProfile" - ], - "resource_type": "instance*" - }, + "dependent_actions": [], + "resource_type": "events-detection-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the properties associated with a flywheel", + "privilege": "DescribeFlywheel", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel*" } ] }, { "access_level": "Read", - "description": "Grants permission to search user resources in an Amazon Connect instance", - "privilege": "SearchUsers", + "description": "Grants permission to get the properties associated with a flywheel iteration for a flywheel", + "privilege": "DescribeFlywheelIteration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "connect:DescribeUser" - ], - "resource_type": "instance*" + "dependent_actions": [], + "resource_type": "flywheel*" }, { "condition_keys": [ - "connect:InstanceId", - "connect:SearchTag/${TagKey}" + "comprehend:FlywheelIterationId" ], "dependent_actions": [], "resource_type": "" @@ -52304,151 +53881,198 @@ ] }, { - "access_level": "List", - "description": "Grants permission to search vocabularies in a Amazon Connect instance", - "privilege": "SearchVocabularies", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a key phrases detection job", + "privilege": "DescribeKeyPhrasesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary*" - }, + "resource_type": "key-phrases-detection-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the properties associated with a PII entities detection job", + "privilege": "DescribePiiEntitiesDetectionJob", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pii-entities-detection-job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a chat using the Amazon Connect API", - "privilege": "StartChatContact", + "access_level": "Read", + "description": "Grants permission to read attached policy on resource", + "privilege": "DescribeResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "document-classifier*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact" - }, + "resource_type": "entity-recognizer*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the properties associated with a sentiment detection job", + "privilege": "DescribeSentimentDetectionJob", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sentiment-detection-job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an empty evaluation in the specified Amazon Connect instance, using the given evaluation form for the particular contact. The evaluation form version used for the contact evaluation corresponds to the currently activated version. If no version is activated for the evaluation form, the contact evaluation cannot be started", - "privilege": "StartContactEvaluation", + "access_level": "Read", + "description": "Grants permission to get the properties associated with a targeted sentiment detection job", + "privilege": "DescribeTargetedSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" - }, + "resource_type": "targeted-sentiment-detection-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the properties associated with a topic detection job", + "privilege": "DescribeTopicsDetectionJob", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "topics-detection-job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect the language or languages present in the text", + "privilege": "DetectDominantLanguage", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start recording for the specified contact", - "privilege": "StartContactRecording", + "access_level": "Read", + "description": "Grants permission to detect the named entities (\"People\", \"Places\", \"Locations\", etc) within the given text document", + "privilege": "DetectEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "entity-recognizer-endpoint" } ] }, { - "access_level": "Write", - "description": "Grants permission to start chat streaming using the Amazon Connect API", - "privilege": "StartContactStreaming", + "access_level": "Read", + "description": "Grants permission to detect the phrases in the text that are most indicative of the content", + "privilege": "DetectKeyPhrases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable forecasting, planning, and scheduling integration on an Amazon Connect instance", - "privilege": "StartForecastingPlanningSchedulingIntegration", + "access_level": "Read", + "description": "Grants permission to detect the personally identifiable information entities (\"Name\", \"SSN\", \"PIN\", etc) within the given text document", + "privilege": "DetectPiiEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect the sentiment of a text in a document (Positive, Negative, Neutral, or Mixed)", + "privilege": "DetectSentiment", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate outbound calls using the Amazon Connect API", - "privilege": "StartOutboundVoiceContact", + "access_level": "Read", + "description": "Grants permission to detect syntactic information (like Part of Speech, Tokens) in a text document", + "privilege": "DetectSyntax", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to initiate a task using the Amazon Connect API", - "privilege": "StartTaskContact", + "access_level": "Read", + "description": "Grants permission to detect the sentiments associated with specific entities (such as brands or products) in a document", + "privilege": "DetectTargetedSentiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to detect toxic content within the given list of text segments", + "privilege": "DetectToxicContent", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import a trained Comprehend model", + "privilege": "ImportModel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect" + "resource_type": "document-classifier*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template" + "resource_type": "entity-recognizer*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:ModelKmsKey" ], "dependent_actions": [], "resource_type": "" @@ -52456,428 +54080,355 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop contacts that were initiated using the Amazon Connect API. If you use this operation on an active contact the contact ends, even if the agent is active on a call with a customer", - "privilege": "StopContact", + "access_level": "Read", + "description": "Grants permission to get a list of the Datasets associated with a flywheel", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, + "resource_type": "flywheel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of the document classification jobs that you have submitted", + "privilege": "ListDocumentClassificationJobs", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop recording for the specified contact", - "privilege": "StopContactRecording", + "access_level": "Read", + "description": "Grants permission to get a list of summaries of the document classifiers that you have created", + "privilege": "ListDocumentClassifierSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop chat streaming using the Amazon Connect API", - "privilege": "StopContactStreaming", + "access_level": "Read", + "description": "Grants permission to get a list of the document classifiers that you have created", + "privilege": "ListDocumentClassifiers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable forecasting, planning, and scheduling integration on an Amazon Connect instance", - "privilege": "StopForecastingPlanningSchedulingIntegration", + "access_level": "Read", + "description": "Grants permission to get a list of the dominant language detection jobs that you have submitted", + "privilege": "ListDominantLanguageDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit a contact evaluation in the specified Amazon Connect instance. Answers included in the request are merged with existing answers for the given evaluation. If no answers or notes are passed, the evaluation is submitted with the existing answers and notes. You can delete an answer or note by passing an empty object ( { }) to the question identifier", - "privilege": "SubmitContactEvaluation", + "access_level": "Read", + "description": "Grants permission to get a list of all existing endpoints that you've created", + "privilege": "ListEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of the entity detection jobs that you have submitted", + "privilege": "ListEntitiesDetectionJobs", + "resource_types": [ { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to suspend recording for the specified contact", - "privilege": "SuspendContactRecording", + "access_level": "Read", + "description": "Grants permission to get a list of summaries for the entity recognizers that you have created", + "privilege": "ListEntityRecognizerSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an Amazon Connect resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get a list of the properties of all entity recognizers that you created, including recognizers currently in training", + "privilege": "ListEntityRecognizers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of Events detection jobs that you have submitted", + "privilege": "ListEventsDetectionJobs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of iterations associated for a flywheel", + "privilege": "ListFlywheelIterationHistory", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow" - }, + "resource_type": "flywheel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of the flywheels that you have created", + "privilege": "ListFlywheels", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of key phrase detection jobs that you have submitted", + "privilege": "ListKeyPhrasesDetectionJobs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of PII entities detection jobs that you have submitted", + "privilege": "ListPiiEntitiesDetectionJobs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of sentiment detection jobs that you have submitted", + "privilege": "ListSentimentDetectionJobs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance" + "resource_type": "document-classification-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "integration-association" + "resource_type": "document-classifier" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number" + "resource_type": "document-classifier-endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "prompt" + "resource_type": "dominant-language-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "entities-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect" + "resource_type": "entity-recognizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile" + "resource_type": "entity-recognizer-endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "events-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile" + "resource_type": "flywheel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template" + "resource_type": "flywheel-dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group" + "resource_type": "key-phrases-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "use-case" + "resource_type": "pii-entities-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "sentiment-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "vocabulary" + "resource_type": "targeted-sentiment-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "wildcard-phone-number" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "topics-detection-job" } ] }, { - "access_level": "Write", - "description": "Grants permission to transfer the contact to another queue or agent", - "privilege": "TransferContact", + "access_level": "Read", + "description": "Grants permission to get a list of targeted sentiment detection jobs that you have submitted", + "privilege": "ListTargetedSentimentDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag an Amazon Connect resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get a list of the topic detection jobs that you have submitted", + "privilege": "ListTopicsDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-evaluation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "contact-flow-module" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation-form" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hierarchy-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "hours-of-operation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integration-association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "prompt" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "quick-connect" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "routing-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "security-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "use-case" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vocabulary" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "wildcard-phone-number" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update agent status in an Amazon Connect instance", - "privilege": "UpdateAgentStatus", + "description": "Grants permission to attach policy to resource", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent-status*" + "resource_type": "document-classifier*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a contact in an Amazon Connect instance", - "privilege": "UpdateContact", + "description": "Grants permission to start an asynchronous document classification job", + "privilege": "StartDocumentClassificationJob", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], + "resource_type": "document-classification-job*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "document-classifier" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update the contact attributes associated with the specified contact", - "privilege": "UpdateContactAttributes", + "description": "Grants permission to start an asynchronous dominant language detection job for a collection of documents", + "privilege": "StartDominantLanguageDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "dominant-language-detection-job*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -52886,37 +54437,48 @@ }, { "access_level": "Write", - "description": "Grants permission to update details about a contact evaluation in the specified Amazon Connect instance. A contact evaluation must be in the draft state. Answers included in the request are merged with existing answers for the given evaluation. An answer or note can be deleted by passing an empty object ( { }) to the question identifier", - "privilege": "UpdateContactEvaluation", + "description": "Grants permission to start an asynchronous entity detection job for a collection of documents", + "privilege": "StartEntitiesDetectionJob", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], + "dependent_actions": [], + "resource_type": "entities-detection-job*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-evaluation*" + "resource_type": "entity-recognizer" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel" } ] }, { "access_level": "Write", - "description": "Grants permission to update contact flow content in an Amazon Connect instance", - "privilege": "UpdateContactFlowContent", + "description": "Grants permission to start an asynchronous Events detection job for a collection of documents", + "privilege": "StartEventsDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "events-detection-job*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:OutputKmsKey" ], "dependent_actions": [], "resource_type": "" @@ -52925,38 +54487,34 @@ }, { "access_level": "Write", - "description": "Grants permission to update the metadata of a contact flow in an Amazon Connect instance", - "privilege": "UpdateContactFlowMetadata", + "description": "Grants permission to start a flywheel iteration for a flywheel", + "privilege": "StartFlywheelIteration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update contact flow module content in an Amazon Connect instance", - "privilege": "UpdateContactFlowModuleContent", + "description": "Grants permission to start an asynchronous key phrase detection job for a collection of documents", + "privilege": "StartKeyPhrasesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" + "resource_type": "key-phrases-detection-job*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -52965,18 +54523,19 @@ }, { "access_level": "Write", - "description": "Grants permission to update the metadata of a contact flow module in an Amazon Connect instance", - "privilege": "UpdateContactFlowModuleMetadata", + "description": "Grants permission to start an asynchronous PII entities detection job for a collection of documents", + "privilege": "StartPiiEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow-module*" + "resource_type": "pii-entities-detection-job*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:OutputKmsKey" ], "dependent_actions": [], "resource_type": "" @@ -52985,18 +54544,22 @@ }, { "access_level": "Write", - "description": "Grants permission to update the name and description of a contact flow in an Amazon Connect instance", - "privilege": "UpdateContactFlowName", + "description": "Grants permission to start an asynchronous sentiment detection job for a collection of documents", + "privilege": "StartSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow*" + "resource_type": "sentiment-detection-job*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -53005,17 +54568,22 @@ }, { "access_level": "Write", - "description": "Grants permission to update the schedule of a contact that is already scheduled in an Amazon Connect instance", - "privilege": "UpdateContactSchedule", + "description": "Grants permission to start an asynchronous targeted sentiment detection job for a collection of documents", + "privilege": "StartTargetedSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" + "resource_type": "targeted-sentiment-detection-job*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -53024,17 +54592,22 @@ }, { "access_level": "Write", - "description": "Grants permission to update details about a specific evaluation form version in the specified Amazon Connect instance. Question and section identifiers cannot be duplicated within the same evaluation form", - "privilege": "UpdateEvaluationForm", + "description": "Grants permission to start an asynchronous job to detect the most common topics in the collection of documents and the phrases associated with each topic", + "privilege": "StartTopicsDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation-form*" + "resource_type": "topics-detection-job*" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "comprehend:VolumeKmsKey", + "comprehend:OutputKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -53043,426 +54616,196 @@ }, { "access_level": "Write", - "description": "Grants permission to update hours of operation in an Amazon Connect instance", - "privilege": "UpdateHoursOfOperation", + "description": "Grants permission to stop a dominant language detection job", + "privilege": "StopDominantLanguageDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dominant-language-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the attribute for an existing Amazon Connect instance", - "privilege": "UpdateInstanceAttribute", + "description": "Grants permission to stop an entity detection job", + "privilege": "StopEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "logs:CreateLogGroup" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:AttributeType", - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "entities-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the storage configuration for an existing Amazon Connect instance", - "privilege": "UpdateInstanceStorageConfig", + "description": "Grants permission to stop an Events detection job", + "privilege": "StopEventsDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "firehose:DescribeDeliveryStream", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "kinesis:DescribeStream", - "kms:CreateGrant", - "kms:DescribeKey", - "s3:GetBucketAcl", - "s3:GetBucketLocation" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:StorageResourceType", - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "events-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update participant role configurations associated with a contact", - "privilege": "UpdateParticipantRoleConfig", + "description": "Grants permission to stop a key phrase detection job", + "privilege": "StopKeyPhrasesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "key-phrases-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update phone number resources in an Amazon Connect instance or traffic distribution group", - "privilege": "UpdatePhoneNumber", + "description": "Grants permission to stop a PII entities detection job", + "privilege": "StopPiiEntitiesDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "phone-number*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-distribution-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "pii-entities-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a prompt's name, description, and Amazon S3 URI in an Amazon Connect instance", - "privilege": "UpdatePrompt", + "description": "Grants permission to stop a sentiment detection job", + "privilege": "StopSentimentDetectionJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt", - "s3:GetObject", - "s3:GetObjectAcl" - ], - "resource_type": "prompt*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "sentiment-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update queue hours of operation in an Amazon Connect instance", - "privilege": "UpdateQueueHoursOfOperation", + "description": "Grants permission to stop a targeted sentiment detection job", + "privilege": "StopTargetedSentimentDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "hours-of-operation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "targeted-sentiment-detection-job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update queue capacity in an Amazon Connect instance", - "privilege": "UpdateQueueMaxContacts", + "description": "Grants permission to stop a previously created document classifier training job", + "privilege": "StopTrainingDocumentClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "document-classifier*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a queue name and description in an Amazon Connect instance", - "privilege": "UpdateQueueName", + "description": "Grants permission to stop a previously created entity recognizer training job", + "privilege": "StopTrainingEntityRecognizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update queue outbound caller config in an Amazon Connect instance", - "privilege": "UpdateQueueOutboundCallerConfig", + "access_level": "Tagging", + "description": "Grants permission to tag a resource with given key value pairs", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "document-classification-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow" + "resource_type": "document-classifier" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number" + "resource_type": "document-classifier-endpoint" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update queue status in an Amazon Connect instance", - "privilege": "UpdateQueueStatus", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "dominant-language-detection-job" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the configuration of a quick connect in an Amazon Connect instance", - "privilege": "UpdateQuickConnectConfig", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" + "resource_type": "entities-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "contact-flow" + "resource_type": "entity-recognizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue" + "resource_type": "entity-recognizer-endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "events-detection-job" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a quick connect name and description in an Amazon Connect instance", - "privilege": "UpdateQuickConnectName", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quick-connect*" + "resource_type": "flywheel" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the concurrency in a routing profile in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileConcurrency", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "flywheel-dataset" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the outbound queue in a routing profile in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileDefaultOutboundQueue", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "queue*" + "resource_type": "key-phrases-detection-job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "pii-entities-detection-job" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a routing profile name and description in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileName", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "sentiment-detection-job" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the queues in routing profile in an Amazon Connect instance", - "privilege": "UpdateRoutingProfileQueues", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "targeted-sentiment-detection-job" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a rule for an existing Amazon Connect instance", - "privilege": "UpdateRule", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "topics-detection-job" }, { "condition_keys": [ - "connect:InstanceId" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -53470,161 +54813,88 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a security profile group for a user in an Amazon Connect instance", - "privilege": "UpdateSecurityProfile", + "access_level": "Tagging", + "description": "Grants permission to untag a resource with given key", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-profile*" + "resource_type": "document-classification-job" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update task template belonging to a Amazon Connect instance", - "privilege": "UpdateTaskTemplate", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-template*" + "resource_type": "document-classifier" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update traffic distribution for a traffic distribution group", - "privilege": "UpdateTrafficDistribution", - "resource_types": [ + "resource_type": "document-classifier-endpoint" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-distribution-group*" + "resource_type": "dominant-language-detection-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a hierarchy group for a user in an Amazon Connect instance", - "privilege": "UpdateUserHierarchy", - "resource_types": [ + "resource_type": "entities-detection-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "entity-recognizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group" + "resource_type": "entity-recognizer-endpoint" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a user hierarchy group name in an Amazon Connect instance", - "privilege": "UpdateUserHierarchyGroupName", - "resource_types": [ + "resource_type": "events-detection-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "hierarchy-group*" + "resource_type": "flywheel" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update user hierarchy structure in an Amazon Connect instance", - "privilege": "UpdateUserHierarchyStructure", - "resource_types": [ + "resource_type": "flywheel-dataset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "key-phrases-detection-job" }, { - "condition_keys": [ - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update identity information for a user in an Amazon Connect instance", - "privilege": "UpdateUserIdentityInfo", - "resource_types": [ + "resource_type": "pii-entities-detection-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "sentiment-detection-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update phone configuration settings for a user in an Amazon Connect instance", - "privilege": "UpdateUserPhoneConfig", - "resource_types": [ + "resource_type": "targeted-sentiment-detection-job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "topics-detection-job" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -53633,304 +54903,201 @@ }, { "access_level": "Write", - "description": "Grants permission to update a routing profile for a user in an Amazon Connect instance", - "privilege": "UpdateUserRoutingProfile", + "description": "Grants permission to update information about the specified endpoint", + "privilege": "UpdateEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "routing-profile*" + "resource_type": "document-classifier-endpoint*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "entity-recognizer-endpoint*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "flywheel" } ] }, { "access_level": "Write", - "description": "Grants permission to update security profiles for a user in an Amazon Connect instance", - "privilege": "UpdateUserSecurityProfiles", + "description": "Grants permission to Update a flywheel's configuration", + "privilege": "UpdateFlywheel", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "comprehend:VolumeKmsKey", + "comprehend:ModelKmsKey", + "comprehend:VpcSecurityGroupIds", + "comprehend:VpcSubnets" + ], "dependent_actions": [], - "resource_type": "security-profile*" + "resource_type": "flywheel*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "document-classifier" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "connect:InstanceId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-recognizer" } ] } ], "resources": [ { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "instance" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact/${ContactId}", - "condition_keys": [], - "resource": "contact" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent/${UserId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "user" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/routing-profile/${RoutingProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "routing-profile" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/security-profile/${SecurityProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "security-profile" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-group/${HierarchyGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "hierarchy-group" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/${QueueId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "queue" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/*", - "condition_keys": [], - "resource": "wildcard-queue" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/${QuickConnectId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "quick-connect" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/*", - "condition_keys": [], - "resource": "wildcard-quick-connect" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/${ContactFlowId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:targeted-sentiment-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "contact-flow" + "resource": "targeted-sentiment-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/task-template/${TaskTemplateId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier/${DocumentClassifierName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "task-template" + "resource": "document-classifier" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/flow-module/${ContactFlowModuleId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classifier-endpoint/${DocumentClassifierEndpointName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "contact-flow-module" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/*", - "condition_keys": [], - "resource": "wildcard-contact-flow" + "resource": "document-classifier-endpoint" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/operating-hours/${HoursOfOperationId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer/${EntityRecognizerName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "hours-of-operation" + "resource": "entity-recognizer" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/${AgentStatusId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer-endpoint/${EntityRecognizerEndpointName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "agent-status" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/*", - "condition_keys": [], - "resource": "wildcard-agent-status" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/${PhoneNumberId}", - "condition_keys": [], - "resource": "legacy-phone-number" - }, - { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/*", - "condition_keys": [], - "resource": "wildcard-legacy-phone-number" + "resource": "entity-recognizer-endpoint" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/${PhoneNumberId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:dominant-language-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "phone-number" + "resource": "dominant-language-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/*", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:entities-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "wildcard-phone-number" + "resource": "entities-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/integration-association/${IntegrationAssociationId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:pii-entities-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "integration-association" + "resource": "pii-entities-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/use-case/${UseCaseId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:events-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "use-case" + "resource": "events-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/vocabulary/${VocabularyId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:key-phrases-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "vocabulary" + "resource": "key-phrases-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:traffic-distribution-group/${TrafficDistributionGroupId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:sentiment-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "traffic-distribution-group" + "resource": "sentiment-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/rule/${RuleId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:topics-detection-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "rule" + "resource": "topics-detection-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/evaluation-form/${FormId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:document-classification-job/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "evaluation-form" + "resource": "document-classification-job" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-evaluation/${EvaluationId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "contact-evaluation" + "resource": "flywheel" }, { - "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/prompt/${PromptId}", + "arn": "arn:${Partition}:comprehend:${Region}:${Account}:flywheel/${FlywheelName}/dataset/${DatasetName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "prompt" + "resource": "flywheel-dataset" } ], - "service_name": "Amazon Connect" + "service_name": "Amazon Comprehend" }, { "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", - "type": "String" - }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "connect-campaigns", + "prefix": "comprehendmedical", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to create a campaign", - "privilege": "CreateCampaign", + "access_level": "Read", + "description": "Grants permission to describe the properties of a medical entity detection job that you have submitted", + "privilege": "DescribeEntitiesDetectionV2Job", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a campaign", - "privilege": "DeleteCampaign", + "access_level": "Read", + "description": "Grants permission to describe the properties of an ICD-10-CM linking job that you have submitted", + "privilege": "DescribeICD10CMInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove configuration information for an Amazon Connect instance", - "privilege": "DeleteConnectInstanceConfig", + "access_level": "Read", + "description": "Grants permission to describe the properties of a PHI entity detection job that you have submitted", + "privilege": "DescribePHIDetectionJob", "resource_types": [ { "condition_keys": [], @@ -53940,9 +55107,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove onboarding job for an Amazon Connect instance", - "privilege": "DeleteInstanceOnboardingJob", + "access_level": "Read", + "description": "Grants permission to describe the properties of an RxNorm linking job that you have submitted", + "privilege": "DescribeRxNormInferenceJob", "resource_types": [ { "condition_keys": [], @@ -53953,65 +55120,44 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a specific campaign", - "privilege": "DescribeCampaign", + "description": "Grants permission to describe the properties of a SNOMED-CT linking job that you have submitted", + "privilege": "DescribeSNOMEDCTInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get state of a campaign", - "privilege": "GetCampaignState", + "description": "Grants permission to detect the named medical entities, and their relationships and traits within the given text document", + "privilege": "DetectEntitiesV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get state of campaigns", - "privilege": "GetCampaignStateBatch", + "description": "Grants permission to detect the protected health information (PHI) entities within the given text document", + "privilege": "DetectPHI", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get configuration information for an Amazon Connect instance", - "privilege": "GetConnectInstanceConfig", + "description": "Grants permission to detect the medical condition entities within the given text document and link them to ICD-10-CM codes", + "privilege": "InferICD10CM", "resource_types": [ { "condition_keys": [], @@ -54022,8 +55168,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get onboarding job status for an Amazon Connect instance", - "privilege": "GetInstanceOnboardingJobStatus", + "description": "Grants permission to detect the medication entities within the given text document and link them to RxCUI concept identifiers from the National Library of Medicine RxNorm database", + "privilege": "InferRxNorm", "resource_types": [ { "condition_keys": [], @@ -54033,14 +55179,12 @@ ] }, { - "access_level": "List", - "description": "Grants permission to provide summary of all campaigns", - "privilege": "ListCampaigns", + "access_level": "Read", + "description": "Grants permission to detect the medical condition, anatomy, and test, treatment, and procedure entities within the given text document and link them to SNOMED-CT codes", + "privilege": "InferSNOMEDCT", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -54048,75 +55192,68 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list the medical entity detection jobs that you have submitted", + "privilege": "ListEntitiesDetectionV2Jobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to pause a campaign", - "privilege": "PauseCampaign", + "access_level": "Read", + "description": "Grants permission to list the ICD-10-CM linking jobs that you have submitted", + "privilege": "ListICD10CMInferenceJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create dial requests for the specified campaign", - "privilege": "PutDialRequestBatch", + "access_level": "Read", + "description": "Grants permission to list the PHI entity detection jobs that you have submitted", + "privilege": "ListPHIDetectionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to resume a campaign", - "privilege": "ResumeCampaign", + "access_level": "Read", + "description": "Grants permission to list the RxNorm linking jobs that you have submitted", + "privilege": "ListRxNormInferenceJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a campaign", - "privilege": "StartCampaign", + "access_level": "Read", + "description": "Grants permission to list the SNOMED-CT linking jobs that you have submitted", + "privilege": "ListSNOMEDCTInferenceJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start onboarding job for an Amazon Connect instance", - "privilege": "StartInstanceOnboardingJob", + "description": "Grants permission to start an asynchronous medical entity detection job for a collection of documents", + "privilege": "StartEntitiesDetectionV2Job", "resource_types": [ { "condition_keys": [], @@ -54127,130 +55264,80 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a campaign", - "privilege": "StopCampaign", + "description": "Grants permission to start an asynchronous ICD-10-CM linking job for a collection of documents", + "privilege": "StartICD10CMInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to start an asynchronous PHI entity detection job for a collection of documents", + "privilege": "StartPHIDetectionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to start an asynchronous RxNorm linking job for a collection of documents", + "privilege": "StartRxNormInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the dialer configuration of a campaign", - "privilege": "UpdateCampaignDialerConfig", + "description": "Grants permission to start an asynchronous SNOMED-CT linking job for a collection of documents", + "privilege": "StartSNOMEDCTInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name of a campaign", - "privilege": "UpdateCampaignName", + "description": "Grants permission to stop a medical entity detection job", + "privilege": "StopEntitiesDetectionV2Job", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the outbound call configuration of a campaign", - "privilege": "UpdateCampaignOutboundCallConfig", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "campaign" - } - ], - "service_name": "High-volume outbound communications" - }, - { - "conditions": [ - { - "condition": "consoleapp:DeviceIdentityArn", - "description": "A unique identifier for an identity on a device", - "type": "String" - } - ], - "prefix": "consoleapp", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve the device identity for a Console Mobile App device", - "privilege": "GetDeviceIdentity", + "description": "Grants permission to stop an ICD-10-CM linking job", + "privilege": "StopICD10CMInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DeviceIdentity*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of device identities", - "privilege": "ListDeviceIdentities", + "access_level": "Write", + "description": "Grants permission to stop a PHI entity detection job", + "privilege": "StopPHIDetectionJob", "resource_types": [ { "condition_keys": [], @@ -54258,27 +55345,11 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:consoleapp::${Account}:device/${DeviceId}/identity/${IdentityId}", - "condition_keys": [ - "consoleapp:DeviceIdentityArn" - ], - "resource": "DeviceIdentity" - } - ], - "service_name": "AWS Management Console Mobile App" - }, - { - "conditions": [], - "prefix": "consolidatedbilling", - "privileges": [ + }, { - "access_level": "Read", - "description": "Grants permission to get account role (Payer, Linked, Regular)", - "privilege": "GetAccountBillingRole", + "access_level": "Write", + "description": "Grants permission to stop an RxNorm linking job", + "privilege": "StopRxNormInferenceJob", "resource_types": [ { "condition_keys": [], @@ -54288,9 +55359,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get list of member/linked accounts", - "privilege": "ListLinkedAccounts", + "access_level": "Write", + "description": "Grants permission to stop a SNOMED-CT linking job", + "privilege": "StopSNOMEDCTInferenceJob", "resource_types": [ { "condition_keys": [], @@ -54301,28 +55372,39 @@ } ], "resources": [], - "service_name": "AWS Consolidated Billing" + "service_name": "Amazon Comprehend Medical" }, { - "conditions": [], - "prefix": "controltower", + "conditions": [ + { + "condition": "compute-optimizer:ResourceType", + "description": "Filters access by the resource type", + "type": "String" + } + ], + "prefix": "compute-optimizer", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an account managed by AWS Control Tower", - "privilege": "CreateManagedAccount", + "description": "Grants permission to delete recommendation preferences", + "privilege": "DeleteRecommendationPreferences", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete AWS Control Tower landing zone", - "privilege": "DeleteLandingZone", + "access_level": "List", + "description": "Grants permission to view the status of recommendation export jobs", + "privilege": "DescribeRecommendationExportJobs", "resource_types": [ { "condition_keys": [], @@ -54333,128 +55415,156 @@ }, { "access_level": "Write", - "description": "Grants permission to deregister an account created through the account factory from AWS Control Tower", - "privilege": "DeregisterManagedAccount", + "description": "Grants permission to export AutoScaling group recommendations to S3 for the provided accounts", + "privilege": "ExportAutoScalingGroupRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "compute-optimizer:GetAutoScalingGroupRecommendations" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an organizational unit from AWS Control Tower management", - "privilege": "DeregisterOrganizationalUnit", + "description": "Grants permission to export EBS volume recommendations to S3 for the provided accounts", + "privilege": "ExportEBSVolumeRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetEBSVolumeRecommendations", + "ec2:DescribeVolumes" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current account factory configuration", - "privilege": "DescribeAccountFactoryConfig", + "access_level": "Write", + "description": "Grants permission to export EC2 instance recommendations to S3 for the provided accounts", + "privilege": "ExportEC2InstanceRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetEC2InstanceRecommendations", + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe resources managed by core accounts in AWS Control Tower", - "privilege": "DescribeCoreService", + "access_level": "Write", + "description": "Grants permission to export ECS service recommendations to S3 for the provided accounts", + "privilege": "ExportECSServiceRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetECSServiceRecommendations", + "ecs:ListClusters", + "ecs:ListServices" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a guardrail", - "privilege": "DescribeGuardrail", + "access_level": "Write", + "description": "Grants permission to export Lambda function recommendations to S3 for the provided accounts", + "privilege": "ExportLambdaFunctionRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetLambdaFunctionRecommendations", + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a guardrail for a organizational unit", - "privilege": "DescribeGuardrailForTarget", + "access_level": "Write", + "description": "Grants permission to export license recommendations to S3 for the provided account(s)", + "privilege": "ExportLicenseRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "compute-optimizer:GetLicenseRecommendations", + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current Landing Zone configuration", - "privilege": "DescribeLandingZoneConfiguration", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided AutoScaling groups", + "privilege": "GetAutoScalingGroupRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an account created through account factory", - "privilege": "DescribeManagedAccount", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided EBS volumes", + "privilege": "GetEBSVolumeRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeVolumes" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an AWS Organizations organizational unit managed by AWS Control Tower", - "privilege": "DescribeManagedOrganizationalUnit", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided EC2 instances", + "privilege": "GetEC2InstanceRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a Register Organizational Unit Operation", - "privilege": "DescribeRegisterOrganizationalUnitOperation", + "access_level": "List", + "description": "Grants permission to get the recommendation projected metrics of the specified instance", + "privilege": "GetEC2RecommendationProjectedMetrics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current AWS Control Tower SSO configuration", - "privilege": "DescribeSingleSignOn", + "access_level": "List", + "description": "Grants permission to get the recommendation projected metrics of the specified ECS service", + "privilege": "GetECSServiceRecommendationProjectedMetrics", "resource_types": [ { "condition_keys": [], @@ -54464,33 +55574,42 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove a control from an organizational unit", - "privilege": "DisableControl", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided ECS services", + "privilege": "GetECSServiceRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ecs:ListClusters", + "ecs:ListServices" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable a guardrail from an organizational unit", - "privilege": "DisableGuardrail", + "access_level": "Read", + "description": "Grants permission to get recommendation preferences that are in effect", + "privilege": "GetEffectiveRecommendationPreferences", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate a control for an organizational unit", - "privilege": "EnableControl", + "access_level": "List", + "description": "Grants permission to get the enrollment status for the specified account", + "privilege": "GetEnrollmentStatus", "resource_types": [ { "condition_keys": [], @@ -54500,9 +55619,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to enable a guardrail to an organizational unit", - "privilege": "EnableGuardrail", + "access_level": "List", + "description": "Grants permission to get the enrollment statuses for member accounts of the organization", + "privilege": "GetEnrollmentStatusesForOrganization", "resource_types": [ { "condition_keys": [], @@ -54512,45 +55631,52 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe an account email and validate that it exists", - "privilege": "GetAccountInfo", + "access_level": "List", + "description": "Grants permission to get recommendations for the provided Lambda functions", + "privilege": "GetLambdaFunctionRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list available updates for the current AWS Control Tower deployment", - "privilege": "GetAvailableUpdates", + "access_level": "List", + "description": "Grants permission to get license recommendations for the specified account(s)", + "privilege": "GetLicenseRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the current status of a particular EnabledControl or DisableControl operation", - "privilege": "GetControlOperation", + "description": "Grants permission to get recommendation preferences", + "privilege": "GetRecommendationPreferences", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "compute-optimizer:ResourceType" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the current compliance status of a guardrail", - "privilege": "GetGuardrailComplianceStatus", + "access_level": "List", + "description": "Grants permission to get the recommendation summaries for the specified account(s)", + "privilege": "GetRecommendationSummaries", "resource_types": [ { "condition_keys": [], @@ -54560,21 +55686,27 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the home region of the AWS Control Tower setup", - "privilege": "GetHomeRegion", + "access_level": "Write", + "description": "Grants permission to put recommendation preferences", + "privilege": "PutRecommendationPreferences", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "compute-optimizer:ResourceType" + ], + "dependent_actions": [ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "ec2:DescribeInstances" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the current landing zone drift status", - "privilege": "GetLandingZoneDriftStatus", + "access_level": "Write", + "description": "Grants permission to update the enrollment status", + "privilege": "UpdateEnrollmentStatus", "resource_types": [ { "condition_keys": [], @@ -54582,23 +55714,47 @@ "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Compute Optimizer" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "config", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get the current status of the landing zone setup", - "privilege": "GetLandingZoneStatus", + "description": "Grants permission to return the current configuration items for resources that are present in your AWS Config aggregator", + "privilege": "BatchGetAggregateResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the current directory groups available through SSO", - "privilege": "ListDirectoryGroups", + "access_level": "Read", + "description": "Grants permission to return the current configuration for one or more requested resources", + "privilege": "BatchGetResourceConfig", "resource_types": [ { "condition_keys": [], @@ -54608,45 +55764,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list occurrences of drift in AWS Control Tower", - "privilege": "ListDriftDetails", + "access_level": "Write", + "description": "Grants permission to delete the authorization granted to the specified configuration aggregator account in a specified region", + "privilege": "DeleteAggregationAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AggregationAuthorization*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all enabled controls in a specified organizational unit", - "privilege": "ListEnabledControls", + "access_level": "Write", + "description": "Grants permission to delete the specified AWS Config rule and all of its evaluation results", + "privilege": "DeleteConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { - "access_level": "List", - "description": "Grants permission to list currently enabled guardrails", - "privilege": "ListEnabledGuardrails", + "access_level": "Write", + "description": "Grants permission to delete the specified configuration aggregator and the aggregated data associated with the aggregator", + "privilege": "DeleteConfigurationAggregator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list Precheck details for an Organizational Unit", - "privilege": "ListExtendGovernancePrecheckDetails", + "access_level": "Write", + "description": "Grants permission to delete the configuration recorder", + "privilege": "DeleteConfigurationRecorder", "resource_types": [ { "condition_keys": [], @@ -54656,21 +55812,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the compliance of external AWS Config rules", - "privilege": "ListExternalConfigRuleCompliance", + "access_level": "Write", + "description": "Grants permission to delete the specified conformance pack and all the AWS Config rules and all evaluation results within that conformance pack", + "privilege": "DeleteConformancePack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing guardrail violations", - "privilege": "ListGuardrailViolations", + "access_level": "Write", + "description": "Grants permission to delete the delivery channel", + "privilege": "DeleteDeliveryChannel", "resource_types": [ { "condition_keys": [], @@ -54680,45 +55836,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all available guardrails", - "privilege": "ListGuardrails", + "access_level": "Write", + "description": "Grants permission to delete the evaluation results for the specified Config rule", + "privilege": "DeleteEvaluationResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { - "access_level": "List", - "description": "Grants permission to list guardrails and their current state for a organizational unit", - "privilege": "ListGuardrailsForTarget", + "access_level": "Write", + "description": "Grants permission to delete the specified organization config rule and all of its evaluation results from all member accounts in that organization", + "privilege": "DeleteOrganizationConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConfigRule*" } ] }, { - "access_level": "List", - "description": "Grants permission to list accounts managed through AWS Control Tower", - "privilege": "ListManagedAccounts", + "access_level": "Write", + "description": "Grants permission to delete the specified organization conformance pack and all of its evaluation results from all member accounts in that organization", + "privilege": "DeleteOrganizationConformancePack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConformancePack*" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed accounts with a specified guardrail applied", - "privilege": "ListManagedAccountsForGuardrail", + "access_level": "Write", + "description": "Grants permission to delete pending authorization requests for a specified aggregator account in a specified region", + "privilege": "DeletePendingAggregationRequest", "resource_types": [ { "condition_keys": [], @@ -54728,21 +55884,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list managed accounts under an organizational unit", - "privilege": "ListManagedAccountsForParent", + "access_level": "Write", + "description": "Grants permission to delete the remediation configuration", + "privilege": "DeleteRemediationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RemediationConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list organizational units managed by AWS Control Tower", - "privilege": "ListManagedOrganizationalUnits", + "access_level": "Write", + "description": "Grants permission to delete one or more remediation exceptions for specific resource keys for a specific AWS Config Rule", + "privilege": "DeleteRemediationExceptions", "resource_types": [ { "condition_keys": [], @@ -54752,9 +55908,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list managed organizational units that have a specified guardrail applied", - "privilege": "ListManagedOrganizationalUnitsForGuardrail", + "access_level": "Write", + "description": "Grants permission to record the configuration state for a custom resource that has been deleted", + "privilege": "DeleteResourceConfig", "resource_types": [ { "condition_keys": [], @@ -54765,8 +55921,8 @@ }, { "access_level": "Write", - "description": "Grants permission to set up an organizational unit to be managed by AWS Control Tower", - "privilege": "ManageOrganizationalUnit", + "description": "Grants permission to delete the retention configuration", + "privilege": "DeleteRetentionConfiguration", "resource_types": [ { "condition_keys": [], @@ -54776,21 +55932,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to perform validations in an account", - "privilege": "PerformPreLaunchChecks", + "access_level": "Write", + "description": "Grants permission to delete the stored query for an AWS account in an AWS Region", + "privilege": "DeleteStoredQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "StoredQuery*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set up or update AWS Control Tower landing zone", - "privilege": "SetupLandingZone", + "access_level": "Read", + "description": "Grants permission to schedule delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel", + "privilege": "DeliverConfigSnapshot", "resource_types": [ { "condition_keys": [], @@ -54800,41 +55956,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the account factory configuration", - "privilege": "UpdateAccountFactoryConfig", + "access_level": "Read", + "description": "Grants permission to return a list of compliant and noncompliant rules with the number of resources for compliant and noncompliant rules", + "privilege": "DescribeAggregateComplianceByConfigRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] - } - ], - "resources": [], - "service_name": "AWS Control Tower" - }, - { - "conditions": [], - "prefix": "cur", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to delete Cost and Usage Report Definition", - "privilege": "DeleteReportDefinition", + "access_level": "Read", + "description": "Grants permission to return a list of compliant and noncompliant conformance packs along with count of compliant, non-compliant and total rules within each conformance pack", + "privilege": "DescribeAggregateComplianceByConformancePacks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get Cost and Usage Report Definitions", - "privilege": "DescribeReportDefinitions", + "access_level": "List", + "description": "Grants permission to return a list of authorizations granted to various aggregator accounts and regions", + "privilege": "DescribeAggregationAuthorizations", "resource_types": [ { "condition_keys": [], @@ -54845,8 +55993,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get Bills CSV report", - "privilege": "GetClassicReport", + "description": "Grants permission to indicate whether the specified AWS Config rules are compliant", + "privilege": "DescribeComplianceByConfigRule", "resource_types": [ { "condition_keys": [], @@ -54857,8 +56005,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get the classic report enablement status for Usage Reports", - "privilege": "GetClassicReportPreferences", + "description": "Grants permission to indicate whether the specified AWS resources are compliant", + "privilege": "DescribeComplianceByResource", "resource_types": [ { "condition_keys": [], @@ -54869,8 +56017,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get list of AWS services, usage type and operation for the Usage Report workflow. Allows or denies download of usage reports too", - "privilege": "GetUsageReport", + "description": "Grants permission to return status information for each of your AWS managed Config rules", + "privilege": "DescribeConfigRuleEvaluationStatus", "resource_types": [ { "condition_keys": [], @@ -54880,45 +56028,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to modify Cost and Usage Report Definition", - "privilege": "ModifyReportDefinition", + "access_level": "List", + "description": "Grants permission to return details about your AWS Config rules", + "privilege": "DescribeConfigRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable classic reports", - "privilege": "PutClassicReportPreferences", + "access_level": "Read", + "description": "Grants permission to return status information for sources within an aggregator", + "privilege": "DescribeConfigurationAggregatorSourcesStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to write Cost and Usage Report Definition", - "privilege": "PutReportDefinition", + "access_level": "List", + "description": "Grants permission to return the details of one or more configuration aggregators", + "privilege": "DescribeConfigurationAggregators", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cur*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to validates if the s3 bucket exists with appropriate permissions for CUR delivery", - "privilege": "ValidateReportDestination", + "description": "Grants permission to return the current status of the specified configuration recorder", + "privilege": "DescribeConfigurationRecorderStatus", "resource_types": [ { "condition_keys": [], @@ -54926,25 +56074,11 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:cur:${Region}:${Account}:definition/${ReportName}", - "condition_keys": [], - "resource": "cur" - } - ], - "service_name": "AWS Cost and Usage Report" - }, - { - "conditions": [], - "prefix": "customer-verification", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to create customer verification data", - "privilege": "CreateCustomerVerificationDetails", + "access_level": "List", + "description": "Grants permission to return the names of one or more specified configuration recorders", + "privilege": "DescribeConfigurationRecorders", "resource_types": [ { "condition_keys": [], @@ -54955,20 +56089,20 @@ }, { "access_level": "Read", - "description": "Grants permission to get customer verification data", - "privilege": "GetCustomerVerificationDetails", + "description": "Grants permission to return compliance information for each rule in that conformance pack", + "privilege": "DescribeConformancePackCompliance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { "access_level": "Read", - "description": "Grants permission to get customer verification eligibility", - "privilege": "GetCustomerVerificationEligibility", + "description": "Grants permission to provide one or more conformance packs deployment status", + "privilege": "DescribeConformancePackStatus", "resource_types": [ { "condition_keys": [], @@ -54978,9 +56112,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update customer verification data", - "privilege": "UpdateCustomerVerificationDetails", + "access_level": "List", + "description": "Grants permission to return a list of one or more conformance packs", + "privilege": "DescribeConformancePacks", "resource_types": [ { "condition_keys": [], @@ -54988,332 +56122,287 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS Customer Verification Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "databrew", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to delete one or more recipe versions", - "privilege": "BatchDeleteRecipeVersion", + "access_level": "Read", + "description": "Grants permission to return the current status of the specified delivery channel", + "privilege": "DescribeDeliveryChannelStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateDataset", + "access_level": "List", + "description": "Grants permission to return details about the specified delivery channel", + "privilege": "DescribeDeliveryChannels", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a profile job", - "privilege": "CreateProfileJob", + "access_level": "Read", + "description": "Grants permission to provide organization config rule deployment status for an organization", + "privilege": "DescribeOrganizationConfigRuleStatuses", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a project", - "privilege": "CreateProject", + "access_level": "List", + "description": "Grants permission to return a list of organization config rules", + "privilege": "DescribeOrganizationConfigRules", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a recipe", - "privilege": "CreateRecipe", + "access_level": "Read", + "description": "Grants permission to provide organization conformance pack deployment status for an organization", + "privilege": "DescribeOrganizationConformancePackStatuses", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a recipe job", - "privilege": "CreateRecipeJob", + "access_level": "List", + "description": "Grants permission to return a list of organization conformance packs", + "privilege": "DescribeOrganizationConformancePacks", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a ruleset", - "privilege": "CreateRuleset", + "access_level": "List", + "description": "Grants permission to return a list of all pending aggregation requests", + "privilege": "DescribePendingAggregationRequests", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a schedule", - "privilege": "CreateSchedule", + "access_level": "List", + "description": "Grants permission to return the details of one or more remediation configurations", + "privilege": "DescribeRemediationConfigurations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RemediationConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "access_level": "List", + "description": "Grants permission to return the details of one or more remediation exceptions", + "privilege": "DescribeRemediationExceptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job", - "privilege": "DeleteJob", + "access_level": "Read", + "description": "Grants permission to provide a detailed view of a Remediation Execution for a set of resources including state, timestamps and any error messages for steps that have failed", + "privilege": "DescribeRemediationExecutionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "RemediationConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", + "access_level": "List", + "description": "Grants permission to return the details of one or more retention configurations", + "privilege": "DescribeRetentionConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a recipe version", - "privilege": "DeleteRecipeVersion", + "access_level": "Read", + "description": "Grants permission to return the evaluation results for the specified AWS Config rule for a specific resource in a rule", + "privilege": "GetAggregateComplianceDetailsByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a ruleset", - "privilege": "DeleteRuleset", + "access_level": "Read", + "description": "Grants permission to return the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator", + "privilege": "GetAggregateConfigRuleComplianceSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset*" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a schedule", - "privilege": "DeleteSchedule", + "access_level": "Read", + "description": "Grants permission to return the number of compliant and noncompliant conformance packs for one or more accounts and regions in an aggregator", + "privilege": "GetAggregateConformancePackComplianceSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule*" + "resource_type": "ConfigurationAggregator*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a dataset", - "privilege": "DescribeDataset", + "description": "Grants permission to return the resource counts across accounts and regions that are present in your AWS Config aggregator", + "privilege": "GetAggregateDiscoveredResourceCounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset*" + "resource_type": "ConfigurationAggregator*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a job", - "privilege": "DescribeJob", + "description": "Grants permission to return configuration item that is aggregated for your specific resource in a specific source account and region", + "privilege": "GetAggregateResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "ConfigurationAggregator*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about job run for a given job", - "privilege": "DescribeJobRun", + "description": "Grants permission to return the evaluation results for the specified AWS Config rule", + "privilege": "GetComplianceDetailsByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a project", - "privilege": "DescribeProject", + "description": "Grants permission to return the evaluation results for the specified AWS resource", + "privilege": "GetComplianceDetailsByResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a recipe", - "privilege": "DescribeRecipe", + "description": "Grants permission to return the number of AWS Config rules that are compliant and noncompliant, up to a maximum of 25 for each", + "privilege": "GetComplianceSummaryByConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a ruleset", - "privilege": "DescribeRuleset", + "description": "Grants permission to return the number of resources that are compliant and the number that are noncompliant", + "privilege": "GetComplianceSummaryByResourceType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a schedule", - "privilege": "DescribeSchedule", + "description": "Grants permission to return compliance details of a conformance pack for all AWS resources that are monitered by conformance pack", + "privilege": "GetConformancePackComplianceDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule*" + "resource_type": "ConformancePack*" } ] }, { "access_level": "Read", - "description": "Grants permission to list datasets in your account", - "privilege": "ListDatasets", + "description": "Grants permission to provide compliance summary for one or more conformance packs", + "privilege": "GetConformancePackComplianceSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConformancePack*" } ] }, { "access_level": "Read", - "description": "Grants permission to list job runs for a given job", - "privilege": "ListJobRuns", + "description": "Grants permission to return the policy definition containing the logic for your AWS Config Custom Policy rule", + "privilege": "GetCustomRulePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Read", - "description": "Grants permission to list jobs in your account", - "privilege": "ListJobs", + "description": "Grants permission to return the resource types, the number of each resource type, and the total number of resources that AWS Config is recording in this region for your AWS account", + "privilege": "GetDiscoveredResourceCounts", "resource_types": [ { "condition_keys": [], @@ -55324,44 +56413,44 @@ }, { "access_level": "Read", - "description": "Grants permission to list projects in your account", - "privilege": "ListProjects", + "description": "Grants permission to return detailed status for each member account within an organization for a given organization config rule", + "privilege": "GetOrganizationConfigRuleDetailedStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConfigRule*" } ] }, { "access_level": "Read", - "description": "Grants permission to list versions in your recipe", - "privilege": "ListRecipeVersions", + "description": "Grants permission to return detailed status for each member account within an organization for a given organization conformance pack", + "privilege": "GetOrganizationConformancePackDetailedStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "OrganizationConformancePack*" } ] }, { "access_level": "Read", - "description": "Grants permission to list recipes in your account", - "privilege": "ListRecipes", + "description": "Grants permission to return the policy definition containing the logic for your organization AWS Config Custom Policy rule", + "privilege": "GetOrganizationCustomRulePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConfigRule*" } ] }, { "access_level": "Read", - "description": "Grants permission to list rulesets in your account", - "privilege": "ListRulesets", + "description": "Grants permission to return a list of configuration items for the specified resource", + "privilege": "GetResourceConfigHistory", "resource_types": [ { "condition_keys": [], @@ -55372,8 +56461,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list schedules in your account", - "privilege": "ListSchedules", + "description": "Grants permission to return the summary of resource evaluations for a specific resource evaluation ID", + "privilege": "GetResourceEvaluationSummary", "resource_types": [ { "condition_keys": [], @@ -55384,183 +56473,131 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve tags associated with a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to return the details of a specific stored query", + "privilege": "GetStoredQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Recipe" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Ruleset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Schedule" + "resource_type": "StoredQuery*" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish a major verison of a recipe", - "privilege": "PublishRecipe", + "access_level": "List", + "description": "Grants permission to accept a resource type and returns a list of resource identifiers that are aggregated for a specific resource type across accounts and regions", + "privilege": "ListAggregateDiscoveredResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "ConfigurationAggregator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit an action to the interactive session for a project", - "privilege": "SendProjectSessionAction", + "access_level": "List", + "description": "Grants permission to return the percentage of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations", + "privilege": "ListConformancePackComplianceScores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start running a job", - "privilege": "StartJobRun", + "access_level": "List", + "description": "Grants permission to accept a resource type and returns a list of resource identifiers for the resources of that type", + "privilege": "ListDiscoveredResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an interactive session for a project", - "privilege": "StartProjectSession", + "access_level": "List", + "description": "Grants permission to list the resource evaluation summaries for an AWS account in an AWS Region", + "privilege": "ListResourceEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a job run for a job", - "privilege": "StopJobRun", + "access_level": "List", + "description": "Grants permission to list the stored queries for an AWS account in an AWS Region", + "privilege": "ListStoredQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list the tags for AWS Config resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset" + "resource_type": "AggregationAuthorization" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job" + "resource_type": "ConfigRule" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project" + "resource_type": "ConfigurationAggregator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recipe" + "resource_type": "ConformancePack" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Ruleset" + "resource_type": "OrganizationConfigRule" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule" + "resource_type": "OrganizationConformancePack" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "StoredQuery" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to authorize the aggregator account and region to collect data from the source account and region", + "privilege": "PutAggregationAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Recipe" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Ruleset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Schedule" + "resource_type": "AggregationAuthorization*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -55570,203 +56607,94 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a dataset", - "privilege": "UpdateDataset", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Dataset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a profile job", - "privilege": "UpdateProfileJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a project", - "privilege": "UpdateProject", + "description": "Grants permission to add or update an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations", + "privilege": "PutConfigRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a recipe", - "privilege": "UpdateRecipe", - "resource_types": [ + "resource_type": "ConfigRule*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Recipe*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify a recipe job", - "privilege": "UpdateRecipeJob", + "description": "Grants permission to create and update the configuration aggregator with the selected source accounts and regions", + "privilege": "PutConfigurationAggregator", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a ruleset", - "privilege": "UpdateRuleset", - "resource_types": [ + "dependent_actions": [ + "iam:PassRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators" + ], + "resource_type": "ConfigurationAggregator*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Ruleset*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify a schedule", - "privilege": "UpdateSchedule", + "description": "Grants permission to create a new configuration recorder to record the selected resource configurations", + "privilege": "PutConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Schedule*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:project/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Project" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:dataset/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Dataset" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:ruleset/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Ruleset" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:recipe/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Recipe" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Job" - }, - { - "arn": "arn:${Partition}:databrew:${Region}:${Account}:schedule/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Schedule" - } - ], - "service_name": "AWS Glue DataBrew" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the mandatory tags in the create request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the create request", - "type": "ArrayOfString" }, - { - "condition": "dataexchange:JobType", - "description": "Filters access by the specified job type", - "type": "String" - } - ], - "prefix": "dataexchange", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a job", - "privilege": "CancelJob", + "description": "Grants permission to create or update a conformance pack", + "privilege": "PutConformancePack", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobs*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "s3:GetObject", + "s3:ListBucket", + "ssm:GetDocument" + ], + "resource_type": "ConformancePack*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an asset (for example, in a Job)", - "privilege": "CreateAsset", + "description": "Grants permission to create a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic", + "privilege": "PutDeliveryChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a data set", - "privilege": "CreateDataSet", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an event action", - "privilege": "CreateEventAction", + "description": "Grants permission to be used by an AWS Lambda function to deliver evaluation results to AWS Config", + "privilege": "PutEvaluations", "resource_types": [ { "condition_keys": [], @@ -55777,204 +56705,201 @@ }, { "access_level": "Write", - "description": "Grants permission to create a job to import or export assets", - "privilege": "CreateJob", + "description": "Grants permission to deliver evaluation result to AWS Config", + "privilege": "PutExternalEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a revision", - "privilege": "CreateRevision", + "description": "Grants permission to add or update organization config rule for your entire organization evaluating whether your AWS resources comply with your desired configurations", + "privilege": "PutOrganizationConfigRule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-sets*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "OrganizationConfigRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an asset", - "privilege": "DeleteAsset", + "description": "Grants permission to add or update organization conformance pack for your entire organization evaluating whether your AWS resources comply with your desired configurations", + "privilege": "PutOrganizationConformancePack", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "assets*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators", + "s3:GetObject" + ], + "resource_type": "OrganizationConformancePack*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a data set", - "privilege": "DeleteDataSet", + "description": "Grants permission to add or update the remediation configuration with a specific AWS Config rule with the selected target or action", + "privilege": "PutRemediationConfigurations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-sets*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "RemediationConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an event action", - "privilege": "DeleteEventAction", + "description": "Grants permission to add or update remediation exceptions for specific resources for a specific AWS Config rule", + "privilege": "PutRemediationExceptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-actions*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a revision", - "privilege": "DeleteRevision", + "description": "Grants permission to record the configuration state for the resource provided in the request", + "privilege": "PutResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an asset and to export it (for example, in a Job)", - "privilege": "GetAsset", + "access_level": "Write", + "description": "Grants permission to create and update the retention configuration with details about retention period (number of days) that AWS Config stores your historical information", + "privilege": "PutRetentionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-assets*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a data set", - "privilege": "GetDataSet", + "access_level": "Write", + "description": "Grants permission to save a new query or updates an existing saved query", + "privilege": "PutStoredQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" + "resource_type": "StoredQuery*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "entitled-data-sets*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get an event action", - "privilege": "GetEventAction", + "description": "Grants permission to accept a structured query language (SQL) SELECT command and an aggregator to query configuration state of AWS resources across multiple accounts and regions, performs the corresponding search, and returns resource configurations matching the properties", + "privilege": "SelectAggregateResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-actions*" + "resource_type": "ConfigurationAggregator*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a job", - "privilege": "GetJob", + "description": "Grants permission to accept a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties", + "privilege": "SelectResourceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobs*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a revision", - "privilege": "GetRevision", + "access_level": "Write", + "description": "Grants permission to evaluate your resources against the specified Config rules", + "privilege": "StartConfigRulesEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entitled-revisions*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "revisions*" + "resource_type": "ConfigRule*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the revisions of a data set", - "privilege": "ListDataSetRevisions", + "access_level": "Write", + "description": "Grants permission to start recording configurations of the AWS resources you have selected to record in your AWS account", + "privilege": "StartConfigurationRecorder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entitled-data-sets*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list data sets for the account", - "privilege": "ListDataSets", + "access_level": "Write", + "description": "Grants permission to run an on-demand remediation for the specified AWS Config rules against the last known remediation configuration", + "privilege": "StartRemediationExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list event actions for the account", - "privilege": "ListEventActions", + "access_level": "Write", + "description": "Grants permission to evaluate your resource details against the AWS Config rules in your account", + "privilege": "StartResourceEvaluation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "cloudformation:DescribeType" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list jobs for the account", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to stop recording configurations of the AWS resources you have selected to record in your AWS account", + "privilege": "StopConfigurationRecorder", "resource_types": [ { "condition_keys": [], @@ -55984,108 +56909,44 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get list the assets of a revision", - "privilege": "ListRevisionAssets", + "access_level": "Tagging", + "description": "Grants permission to associate the specified tags to a resource with the specified resourceArn", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entitled-revisions*" + "resource_type": "AggregationAuthorization" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the tags that you associated with the specified resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-sets" + "resource_type": "ConfigRule" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to publish a data set", - "privilege": "PublishDataSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-sets*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to revoke subscriber access to a revision", - "privilege": "RevokeRevision", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "revisions*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send a request to an API asset", - "privilege": "SendApiAsset", - "resource_types": [ + "resource_type": "ConfigurationAggregator" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" + "resource_type": "ConformancePack" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "entitled-assets*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a job", - "privilege": "StartJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dataexchange:CreateAsset" - ], - "resource_type": "jobs*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags to a specified resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "OrganizationConfigRule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets" + "resource_type": "OrganizationConformancePack" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions" + "resource_type": "StoredQuery" }, { "condition_keys": [ @@ -56099,179 +56960,175 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from a specified resource", + "description": "Grants permission to delete specified tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets" + "resource_type": "AggregationAuthorization" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "revisions" + "resource_type": "ConfigRule" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to get update information about an asset", - "privilege": "UpdateAsset", - "resource_types": [ + "resource_type": "ConfigurationAggregator" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information about a data set", - "privilege": "UpdateDataSet", - "resource_types": [ + "resource_type": "ConformancePack" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-sets*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information for an event action", - "privilege": "UpdateEventAction", - "resource_types": [ + "resource_type": "OrganizationConfigRule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-actions*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information about a revision", - "privilege": "UpdateRevision", - "resource_types": [ + "resource_type": "OrganizationConformancePack" + }, { "condition_keys": [], - "dependent_actions": [ - "dataexchange:PublishDataSet" + "dependent_actions": [], + "resource_type": "StoredQuery" + }, + { + "condition_keys": [ + "aws:TagKeys" ], - "resource_type": "revisions*" + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:jobs/${JobId}", + "arn": "arn:${Partition}:config:${Region}:${Account}:aggregation-authorization/${AggregatorAccount}/${AggregatorRegion}", "condition_keys": [ - "dataexchange:JobType" + "aws:ResourceTag/${TagKey}" ], - "resource": "jobs" + "resource": "AggregationAuthorization" }, { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}", + "arn": "arn:${Partition}:config:${Region}:${Account}:config-aggregator/${AggregatorId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "data-sets" + "resource": "ConfigurationAggregator" }, { - "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}", - "condition_keys": [], - "resource": "entitled-data-sets" + "arn": "arn:${Partition}:config:${Region}:${Account}:config-rule/${ConfigRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConfigRule" }, { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}", + "arn": "arn:${Partition}:config:${Region}:${Account}:conformance-pack/${ConformancePackName}/${ConformancePackId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "revisions" + "resource": "ConformancePack" }, { - "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}", - "condition_keys": [], - "resource": "entitled-revisions" + "arn": "arn:${Partition}:config:${Region}:${Account}:organization-config-rule/${OrganizationConfigRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "OrganizationConfigRule" }, { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", - "condition_keys": [], - "resource": "assets" + "arn": "arn:${Partition}:config:${Region}:${Account}:organization-conformance-pack/${OrganizationConformancePackId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "OrganizationConformancePack" }, { - "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", + "arn": "arn:${Partition}:config:${Region}:${Account}:remediation-configuration/${RemediationConfigurationId}", "condition_keys": [], - "resource": "entitled-assets" + "resource": "RemediationConfiguration" }, { - "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}", - "condition_keys": [], - "resource": "event-actions" + "arn": "arn:${Partition}:config:${Region}:${Account}:stored-query/${StoredQueryName}/${StoredQueryId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "StoredQuery" } ], - "service_name": "AWS Data Exchange" + "service_name": "AWS Config" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by using tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access by using tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access by using tag keys in the request", "type": "ArrayOfString" }, { - "condition": "datapipeline:PipelineCreator", - "description": "Filters access by the IAM user that created the pipeline", - "type": "ArrayOfString" + "condition": "connect:AttributeType", + "description": "Filters access by the attribute type of the Amazon Connect instance", + "type": "String" }, { - "condition": "datapipeline:Tag", - "description": "Filters access by customer-specified key/value pair that can be attached to a resource", + "condition": "connect:InstanceId", + "description": "Filters access by restricting federation into specified Amazon Connect instances", + "type": "String" + }, + { + "condition": "connect:MonitorCapabilities", + "description": "Filters access by restricting the monitor capabilities of the user in the request", "type": "ArrayOfString" }, { - "condition": "datapipeline:workerGroup", - "description": "Filters access by the name of a worker group for which a Task Runner retrieves work", + "condition": "connect:SearchContactsByContactAnalysis", + "description": "Filters access by restricting searches using analysis outputs from Amazon Connect Contact Lens", "type": "ArrayOfString" + }, + { + "condition": "connect:SearchTag/${TagKey}", + "description": "Filters access by TagFilter condition passed in the search request", + "type": "String" + }, + { + "condition": "connect:StorageResourceType", + "description": "Filters access by restricting the storage resource type of the Amazon Connect instance storage configuration", + "type": "String" } ], - "prefix": "datapipeline", + "prefix": "connect", "privileges": [ { "access_level": "Write", - "description": "Grants permission to validate the specified pipeline and starts processing pipeline tasks. If the pipeline does not pass validation, activation fails", - "privilege": "ActivatePipeline", + "description": "Grants permission to activate an evaluation form in the specified Amazon Connect instance. After the evaluation form is activated, it is available to start new evaluations based on the form", + "privilege": "ActivateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "evaluation-form*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "datapipeline:workerGroup" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56279,21 +57136,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or modify tags for the specified pipeline", - "privilege": "AddTags", + "access_level": "Write", + "description": "Grants permission to associate approved origin for an existing Amazon Connect instance", + "privilege": "AssociateApprovedOrigin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56302,57 +57156,61 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new, empty pipeline", - "privilege": "CreatePipeline", + "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", + "privilege": "AssociateBot", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "datapipeline:Tag" - ], + "condition_keys": [], "dependent_actions": [ - "datapipeline:AddTags" + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:CreateResourcePolicy", + "lex:DescribeBotAlias", + "lex:GetBot", + "lex:UpdateResourcePolicy" ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to Deactivate the specified running pipeline", - "privilege": "DeactivatePipeline", + "description": "Grants permission to associate a Customer Profiles domain for an existing Amazon Connect instance", + "privilege": "AssociateCustomerProfilesDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "datapipeline:workerGroup" + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "profile:GetDomain" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pipeline, its pipeline definition, and its run history", - "privilege": "DeletePipeline", + "description": "Grants permission to default vocabulary for an existing Amazon Connect instance", + "privilege": "AssociateDefaultVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56360,19 +57218,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the object definitions for a set of objects associated with the pipeline", - "privilege": "DescribeObjects", + "access_level": "Write", + "description": "Grants permission to associate a resource with a flow in an Amazon Connect instance", + "privilege": "AssociateFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56380,19 +57243,30 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieves metadata about one or more pipelines", - "privilege": "DescribePipelines", + "access_level": "Write", + "description": "Grants permission to associate instance storage for an existing Amazon Connect instance", + "privilege": "AssociateInstanceStorageConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" + "dependent_actions": [ + "ds:DescribeDirectories", + "firehose:DescribeDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kinesis:DescribeStream", + "kms:CreateGrant", + "kms:DescribeKey", + "s3:GetBucketAcl", + "s3:GetBucketLocation" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag" + "connect:StorageResourceType", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56400,19 +57274,20 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to task runners to call EvaluateExpression, to evaluate a string in the context of the specified object", - "privilege": "EvaluateExpression", + "access_level": "Write", + "description": "Grants permission to associate a Lambda function for an existing Amazon Connect instance", + "privilege": "AssociateLambdaFunction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" + "dependent_actions": [ + "lambda:AddPermission" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56420,32 +57295,48 @@ ] }, { - "access_level": "List", - "description": "Grants permission to call GetAccountLimits", - "privilege": "GetAccountLimits", + "access_level": "Write", + "description": "Grants permission to associate a Lex bot for an existing Amazon Connect instance", + "privilege": "AssociateLexBot", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:GetBot" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to gets the definition of the specified pipeline", - "privilege": "GetPipelineDefinition", + "access_level": "Write", + "description": "Grants permission to associate contact flow resources to phone number resources in an Amazon Connect instance", + "privilege": "AssociatePhoneNumberContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "phone-number*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "datapipeline:workerGroup" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56453,25 +57344,24 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the pipeline identifiers for all active pipelines that you have permission to access", - "privilege": "ListPipelines", + "access_level": "Write", + "description": "Grants permission to associate quick connects with a queue in an Amazon Connect instance", + "privilege": "AssociateQueueQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to task runners to call PollForTask, to receive a task to perform from AWS Data Pipeline", - "privilege": "PollForTask", - "resource_types": [ + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect*" + }, { "condition_keys": [ - "datapipeline:workerGroup" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56480,31 +57370,42 @@ }, { "access_level": "Write", - "description": "Grants permission to call PutAccountLimits", - "privilege": "PutAccountLimits", + "description": "Grants permission to associate queues with a routing profile in an Amazon Connect instance", + "privilege": "AssociateRoutingProfileQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add tasks, schedules, and preconditions to the specified pipeline", - "privilege": "PutPipelineDefinition", + "description": "Grants permission to associate a security key for an existing Amazon Connect instance", + "privilege": "AssociateSecurityKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "datapipeline:workerGroup" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56512,19 +57413,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to query the specified pipeline for the names of objects that match the specified set of conditions", - "privilege": "QueryObjects", + "access_level": "Write", + "description": "Grants permission to associate a user to a traffic distribution group in the specified Amazon Connect instance", + "privilege": "AssociateTrafficDistributionGroupUser", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "connect:DescribeUser", + "connect:SearchUsers" + ], + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag" + "connect:InstanceId", + "aws:ResourceTag/${TagKey}", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -56532,21 +57447,23 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove existing tags from the specified pipeline", - "privilege": "RemoveTags", + "access_level": "Write", + "description": "Grants permission to associate user proficiencies to a user in an Amazon Connect instance", + "privilege": "AssociateUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56555,42 +57472,56 @@ }, { "access_level": "Write", - "description": "Grants permission to task runners to call ReportTaskProgress, when they are assigned a task to acknowledge that it has the task", - "privilege": "ReportTaskProgress", + "description": "Grants permission to grant access and to associate the datasets with the specified AWS account", + "privilege": "BatchAssociateAnalyticsDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to task runners to call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational", - "privilege": "ReportTaskRunnerHeartbeat", + "description": "Grants permission to revoke access and to disassociate the datasets with the specified AWS account", + "privilege": "BatchDisassociateAnalyticsDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to requests that the status of the specified physical or logical pipeline objects be updated in the specified pipeline", - "privilege": "SetStatus", + "access_level": "List", + "description": "Grants permission to get summary information about the flow associations for the specified Amazon Connect instance", + "privilege": "BatchGetFlowAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "instance*" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56599,84 +57530,53 @@ }, { "access_level": "Write", - "description": "Grants permission to task runners to call SetTaskStatus to notify AWS Data Pipeline that a task is completed and provide information about the final status", - "privilege": "SetTaskStatus", + "description": "Grants permission to put contacts in an Amazon Connect instance", + "privilege": "BatchPutContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to validate the specified pipeline definition to ensure that it is well formed and can be run without error", - "privilege": "ValidatePipelineDefinition", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "queue" }, { "condition_keys": [ - "datapipeline:PipelineCreator", - "datapipeline:Tag", - "datapipeline:workerGroup" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:datapipeline:${Region}:${Account}:pipeline/${PipelineId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pipeline" - } - ], - "service_name": "AWS Data Pipeline" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "datasync", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a storage system", - "privilege": "AddStorageSystem", + "description": "Grants permission to claim phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "ClaimPhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56685,17 +57585,19 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel execution of a sync task", - "privilege": "CancelTaskExecution", + "description": "Grants permission to create agent status in an Amazon Connect instance", + "privilege": "CreateAgentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution*" + "resource_type": "agent-status*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56704,13 +57606,19 @@ }, { "access_level": "Write", - "description": "Grants permission to activate an agent that you have deployed on your host", - "privilege": "CreateAgent", + "description": "Grants permission to create a contact flow in an Amazon Connect instance", + "privilege": "CreateContactFlow", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56719,13 +57627,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon EFS file system", - "privilege": "CreateLocationEfs", + "description": "Grants permission to create a contact flow module in an Amazon Connect instance", + "privilege": "CreateContactFlowModule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56734,13 +57648,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon Fsx Lustre", - "privilege": "CreateLocationFsxLustre", + "description": "Grants permission to create an evaluation form in the specified Amazon Connect instance. The form can be used to define questions related to agent performance, and create sections to organize such questions. Question and section identifiers cannot be duplicated within the same evaluation form", + "privilege": "CreateEvaluationForm", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-form*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56749,28 +57667,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for Amazon FSx for ONTAP", - "privilege": "CreateLocationFsxOntap", + "description": "Grants permission to create hours of operation in an Amazon Connect instance", + "privilege": "CreateHoursOfOperation", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for Amazon FSx for OpenZFS", - "privilege": "CreateLocationFsxOpenZfs", - "resource_types": [ + "resource_type": "hours-of-operation*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56779,41 +57688,66 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon FSx Windows File Server file system", - "privilege": "CreateLocationFsxWindows", + "description": "Grants permission to create a new Amazon Connect instance", + "privilege": "CreateInstance", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:CheckAlias", + "ds:CreateAlias", + "ds:CreateDirectory", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon Hdfs", - "privilege": "CreateLocationHdfs", + "description": "Grants permission to create an integration association with an Amazon Connect instance", + "privilege": "CreateIntegrationAssociation", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "app-integrations:CreateApplicationAssociation", + "app-integrations:CreateEventIntegrationAssociation", + "app-integrations:GetApplication", + "cases:GetDomain", + "connect:DescribeInstance", + "ds:DescribeDirectories", + "events:PutRule", + "events:PutTargets", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "mobiletargeting:GetApp", + "voiceid:DescribeDomain", + "wisdom:GetAssistant", + "wisdom:GetKnowledgeBase", + "wisdom:TagResource" ], + "resource_type": "instance*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for a NFS file system", - "privilege": "CreateLocationNfs", - "resource_types": [ + "resource_type": "integration-association*" + }, { "condition_keys": [ + "connect:InstanceId", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -56824,43 +57758,22 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint for a self-managed object storage bucket", - "privilege": "CreateLocationObjectStorage", + "description": "Grants permission to add a participant to an ongoing contact", + "privilege": "CreateParticipant", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for an Amazon S3 bucket", - "privilege": "CreateLocationS3", - "resource_types": [ + "resource_type": "contact*" + }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an endpoint for an SMB file system", - "privilege": "CreateLocationSmb", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56869,23 +57782,22 @@ }, { "access_level": "Write", - "description": "Grants permission to create a sync task", - "privilege": "CreateTask", + "description": "Grants permission to create persistent contact associations for a contact", + "privilege": "CreatePersistentContactAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "contact*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -56894,245 +57806,185 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an agent", - "privilege": "DeleteAgent", + "description": "Grants permission to create a predefined attribute in an Amazon Connect instance", + "privilege": "CreatePredefinedAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a location used by AWS DataSync", - "privilege": "DeleteLocation", - "resource_types": [ + "resource_type": "instance*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a sync task", - "privilege": "DeleteTask", + "description": "Grants permission to create a prompt in an Amazon Connect instance", + "privilege": "CreatePrompt", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "s3:GetObject", + "s3:GetObjectAcl" + ], + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view metadata such as name, network interfaces, and the status (that is, whether the agent is running or not) about a sync agent", - "privilege": "DescribeAgent", + "access_level": "Write", + "description": "Grants permission to create a queue in an Amazon Connect instance", + "privilege": "CreateQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe metadata about a discovery job", - "privilege": "DescribeDiscoveryJob", - "resource_types": [ + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon EFS sync location", - "privilege": "DescribeLocationEfs", - "resource_types": [ + "resource_type": "queue*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Lustre sync location", - "privilege": "DescribeLocationFsxLustre", - "resource_types": [ + "resource_type": "contact-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx for ONTAP sync location", - "privilege": "DescribeLocationFsxOntap", - "resource_types": [ + "resource_type": "phone-number" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx OpenZFS sync location", - "privilege": "DescribeLocationFsxOpenZfs", - "resource_types": [ + "resource_type": "quick-connect" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Windows sync location", - "privilege": "DescribeLocationFsxWindows", + "access_level": "Write", + "description": "Grants permission to create a quick connect in an Amazon Connect instance", + "privilege": "CreateQuickConnect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information about an Amazon HDFS sync location", - "privilege": "DescribeLocationHdfs", - "resource_types": [ + "resource_type": "quick-connect*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information, about a NFS sync location", - "privilege": "DescribeLocationNfs", - "resource_types": [ + "resource_type": "contact-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata about a self-managed object storage server location", - "privilege": "DescribeLocationObjectStorage", - "resource_types": [ + "resource_type": "queue" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata, such as bucket name, about an Amazon S3 bucket sync location", - "privilege": "DescribeLocationS3", - "resource_types": [ + "resource_type": "user" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view metadata, such as the path information, about an SMB sync location", - "privilege": "DescribeLocationSmb", + "access_level": "Write", + "description": "Grants permission to create a routing profile in an Amazon Connect instance", + "privilege": "CreateRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata about a storage system", - "privilege": "DescribeStorageSystem", - "resource_types": [ + "resource_type": "queue*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe resource metrics collected by a discovery job", - "privilege": "DescribeStorageSystemResourceMetrics", - "resource_types": [ + "resource_type": "routing-profile*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe resources identified by a discovery job", - "privilege": "DescribeStorageSystemResources", + "access_level": "Write", + "description": "Grants permission to create a rule in an Amazon Connect instance", + "privilege": "CreateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view metadata about a sync task", - "privilege": "DescribeTask", - "resource_types": [ + "resource_type": "rule*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view metadata about a sync task that is being executed", - "privilege": "DescribeTaskExecution", + "access_level": "Write", + "description": "Grants permission to create a security profile for the specified Amazon Connect instance", + "privilege": "CreateSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution*" + "resource_type": "security-profile*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57141,114 +57993,127 @@ }, { "access_level": "Write", - "description": "Grants permission to generate recommendations for a resource identified by a discovery job", - "privilege": "GenerateRecommendations", + "description": "Grants permission to create a task template in an Amazon Connect instance", + "privilege": "CreateTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "task-template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list agents owned by an AWS account in a region specified in the request", - "privilege": "ListAgents", + "access_level": "Write", + "description": "Grants permission to create a traffic distribution group", + "privilege": "CreateTrafficDistributionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list discovery jobs", - "privilege": "ListDiscoveryJobs", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list source and destination sync locations", - "privilege": "ListLocations", + "access_level": "Write", + "description": "Grants permission to create a use case for an integration association", + "privilege": "CreateUseCase", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list storage systems", - "privilege": "ListStorageSystems", - "resource_types": [ + "resource_type": "integration-association*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "use-case*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags that have been added to the specified resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a user for the specified Amazon Connect instance", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "discoveryjob" + "resource_type": "routing-profile*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "security-profile*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem" + "resource_type": "user*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "hierarchy-group" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "taskexecution" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list executed sync tasks", - "privilege": "ListTaskExecutions", + "access_level": "Write", + "description": "Grants permission to create a user hierarchy group in an Amazon Connect instance", + "privilege": "CreateUserHierarchyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "hierarchy-group" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57256,56 +58121,61 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list of all the sync tasks", - "privilege": "ListTasks", + "access_level": "Write", + "description": "Grants permission to create a view in an Amazon Connect instance", + "privilege": "CreateView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a storage system", - "privilege": "RemoveStorageSystem", + "description": "Grants permission to create a view version in an Amazon Connect instance", + "privilege": "CreateViewVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a discovery job for a storage system", - "privilege": "StartDiscoveryJob", - "resource_types": [ + "resource_type": "customer-managed-view*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "storagesystem*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a specific invocation of a sync task", - "privilege": "StartTaskExecution", + "description": "Grants permission to create a vocabulary in an Amazon Connect instance", + "privilege": "CreateVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "vocabulary*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57314,55 +58184,37 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a discovery job", - "privilege": "StopDiscoveryJob", + "description": "Grants permission to deactivate an evaluation form in the specified Amazon Connect instance. After a form is deactivated, it is no longer available for users to start new evaluations based on the form", + "privilege": "DeactivateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply a key-value pair to an AWS resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a contact evaluation in the specified Amazon Connect instance", + "privilege": "DeleteContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "discoveryjob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storagesystem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "taskexecution" + "resource_type": "contact-evaluation*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57370,43 +58222,19 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a contact flow in an Amazon Connect instance", + "privilege": "DeleteContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "discoveryjob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storagesystem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "taskexecution" + "resource_type": "contact-flow*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57415,261 +58243,320 @@ }, { "access_level": "Write", - "description": "Grants permission to update the name of an agent", - "privilege": "UpdateAgent", + "description": "Grants permission to delete a contact flow module in an Amazon Connect instance", + "privilege": "DeleteContactFlowModule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "agent*" + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a discovery job", - "privilege": "UpdateDiscoveryJob", + "description": "Grants permission to delete an evaluation form in the specified Amazon Connect instance. If the version property is provided, only the specified version of the evaluation form is deleted", + "privilege": "DeleteEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "discoveryjob*" + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an HDFS sync Location", - "privilege": "UpdateLocationHdfs", + "description": "Grants permission to delete hours of operation in an Amazon Connect instance", + "privilege": "DeleteHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an NFS sync Location", - "privilege": "UpdateLocationNfs", + "description": "Grants permission to delete an Amazon Connect instance. When you remove an instance, the link to an existing AWS directory is also removed", + "privilege": "DeleteInstance", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a self-managed object storage server location", - "privilege": "UpdateLocationObjectStorage", + "description": "Grants permission to delete an integration association from an Amazon Connect instance. The association must not have any use cases associated with it", + "privilege": "DeleteIntegrationAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "app-integrations:DeleteApplicationAssociation", + "app-integrations:DeleteEventIntegrationAssociation", + "connect:DescribeInstance", + "ds:DescribeDirectories", + "events:DeleteRule", + "events:ListTargetsByRule", + "events:RemoveTargets" + ], + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "integration-association*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a SMB sync location", - "privilege": "UpdateLocationSmb", + "description": "Grants permission to delete a predefined attribute in an Amazon Connect instance", + "privilege": "DeletePredefinedAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a storage system", - "privilege": "UpdateStorageSystem", + "description": "Grants permission to delete a prompt in an Amazon Connect instance", + "privilege": "DeletePrompt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storagesystem*" + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update metadata associated with a sync task", - "privilege": "UpdateTask", + "description": "Grants permission to delete a queue in an Amazon Connect instance", + "privilege": "DeleteQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update execution of a sync task", - "privilege": "UpdateTaskExecution", + "description": "Grants permission to delete a quick connect in an Amazon Connect instance", + "privilege": "DeleteQuickConnect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "taskexecution*" + "resource_type": "quick-connect*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:agent/${AgentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "agent" }, { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "location" - }, - { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "task" - }, - { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}/execution/${ExecutionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "taskexecution" - }, - { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "storagesystem" - }, - { - "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}/job/${DiscoveryJobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "discoveryjob" - } - ], - "service_name": "AWS DataSync" - }, - { - "conditions": [], - "prefix": "datazone", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve information about an Amazon DataZone project", - "privilege": "GetProject", + "access_level": "Write", + "description": "Grants permission to delete routing profiles in an Amazon Connect instance", + "privilege": "DeleteRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve configuration information for an Amazon DataZone project", - "privilege": "GetProjectConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a rule in an Amazon Connect instance", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve credentials for an Amazon DataZone project", - "privilege": "GetProjectCredentials", + "access_level": "Write", + "description": "Grants permission to delete a security profile in an Amazon Connect instance", + "privilege": "DeleteSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon DataZone projects", - "privilege": "ListProjects", + "access_level": "Write", + "description": "Grants permission to delete a task template in an Amazon Connect instance", + "privilege": "DeleteTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "task-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon DataZone projects for a user", - "privilege": "ListUserProjects", + "access_level": "Write", + "description": "Grants permission to delete a traffic distribution group", + "privilege": "DeleteTrafficDistributionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon DataZone" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "datazonecontrol", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to request association of an account with a given domain", - "privilege": "CreateAccountAssociationInvitation", + "description": "Grants permission to delete a use case from an integration association", + "privilege": "DeleteUseCase", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "use-case*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } @@ -57677,13 +58564,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create Amazon DataZone data sources used for publishing and subscribing to data", - "privilege": "CreateDataSource", + "description": "Grants permission to delete a user in an Amazon Connect instance", + "privilege": "DeleteUser", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57692,13 +58584,17 @@ }, { "access_level": "Write", - "description": "Grants permission to provision a root-domain which is a top level entity that contains other Amazon DataZone resources", - "privilege": "CreateEnvironment", + "description": "Grants permission to delete a user hierarchy group in an Amazon Connect instance", + "privilege": "DeleteUserHierarchyGroup", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hierarchy-group*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57707,280 +58603,436 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a data source", - "privilege": "DeleteDataSource", + "description": "Grants permission to delete a view in an Amazon Connect instance", + "privilege": "DeleteView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a provisioned root-domain", - "privilege": "DeleteEnvironment", + "description": "Grants permission to delete a view version in an Amazon Connect instance", + "privilege": "DeleteViewVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "customer-managed-view-version*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an account with a given domain", - "privilege": "DissociateAccount", + "description": "Grants permission to delete a vocabulary in an Amazon Connect instance", + "privilege": "DeleteVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "vocabulary*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about any associated domain in the associated account", - "privilege": "GetAssociatedDomain", + "description": "Grants permission to describe agent status in an Amazon Connect instance", + "privilege": "DescribeAgentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "agent-status*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve any data source under any domain for a given root-domain", - "privilege": "GetDataSourceByEnvironment", + "description": "Grants permission to describe a contact in an Amazon Connect instance", + "privilege": "DescribeContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about any domain in the account", - "privilege": "GetDomain", + "description": "Grants permission to describe a contact evaluation in the specified Amazon Connect instance", + "privilege": "DescribeContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-evaluation*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a root-domain", - "privilege": "GetEnvironment", + "description": "Grants permission to describe a contact flow in an Amazon Connect instance", + "privilege": "DescribeContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a publishing job", - "privilege": "GetMetadataCollector", + "description": "Grants permission to describe a contact flow module in an Amazon Connect instance", + "privilege": "DescribeContactFlowModule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve credentials to log into Amazon DataZone data portal from AWS management console", - "privilege": "GetUserPortalLoginAuthCode", + "description": "Grants permission to describe an evaluation form in the specified Amazon Connect instance. If the version property is not provided, the latest version of the evaluation form is described", + "privilege": "DescribeEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all account-association invitations for a given associated account", - "privilege": "ListAccountAssociationInvitations", + "access_level": "Read", + "description": "Grants permission to describe the status of forecasting, planning, and scheduling integration on an Amazon Connect instance", + "privilege": "DescribeForecastingPlanningSchedulingIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all associated accounts under the given root-domain, including accounts associated to its sub-domains", - "privilege": "ListAllAssociatedAccountsForEnvironment", + "access_level": "Read", + "description": "Grants permission to describe hours of operation in an Amazon Connect instance", + "privilege": "DescribeHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to lists all the associated domains for a given associated account", - "privilege": "ListAssociatedEnvironments", + "access_level": "Read", + "description": "Grants permission to view details of an Amazon Connect instance and is also required to create an instance", + "privilege": "DescribeInstance", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ds:DescribeDirectories" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all data sources under any domain in the associated account", - "privilege": "ListDataSources", + "access_level": "Read", + "description": "Grants permission to view the attribute details of an existing Amazon Connect instance", + "privilege": "DescribeInstanceAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:AttributeType", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all data sources under any domain for a given root-domain", - "privilege": "ListDataSourcesByEnvironment", + "access_level": "Read", + "description": "Grants permission to view the instance storage configuration for an existing Amazon Connect instance", + "privilege": "DescribeInstanceStorageConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:StorageResourceType", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the sub-domains for a given domain or a root-domain", - "privilege": "ListDomains", + "access_level": "Read", + "description": "Grants permission to describe phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "DescribePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "phone-number*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all root-domains", - "privilege": "ListEnvironment", + "access_level": "Read", + "description": "Grants permission to describe a predefined attribute in an Amazon Connect instance", + "privilege": "DescribePredefinedAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all runs for a given publishing job through Amazon DataZone console for a data source", - "privilege": "ListMetadataCollectorRuns", + "access_level": "Read", + "description": "Grants permission to describe a prompt in an Amazon Connect instance", + "privilege": "DescribePrompt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all publishing jobs", - "privilege": "ListMetadataCollectors", + "access_level": "Read", + "description": "Grants permission to describe a queue in an Amazon Connect instance", + "privilege": "DescribeQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon DataZone projects", - "privilege": "ListProjects", + "access_level": "Read", + "description": "Grants permission to describe a quick connect in an Amazon Connect instance", + "privilege": "DescribeQuickConnect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "quick-connect*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all tags associated with a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe a routing profile in an Amazon Connect instance", + "privilege": "DescribeRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "routing-profile*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to accept or reject the pending association requests for the given account", - "privilege": "ReviewAccountAssociationInvitation", + "access_level": "Read", + "description": "Grants permission to describe a rule in an Amazon Connect instance", + "privilege": "DescribeRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to describe a security profile in an Amazon Connect instance", + "privilege": "DescribeSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" + "resource_type": "security-profile*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -57988,23 +59040,38 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to describe a traffic distribution group", + "privilege": "DescribeTrafficDistributionGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "traffic-distribution-group*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a user in an Amazon Connect instance", + "privilege": "DescribeUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "user*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58012,190 +59079,259 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the description of the account association of the given associated account and given domain", - "privilege": "UpdateAccountAssociationDescription", + "access_level": "Read", + "description": "Grants permission to describe a hierarchy group for an Amazon Connect instance", + "privilege": "DescribeUserHierarchyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "hierarchy-group*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a data source", - "privilege": "UpdateDataSource", + "access_level": "Read", + "description": "Grants permission to describe the hierarchy structure for an Amazon Connect instance", + "privilege": "DescribeUserHierarchyStructure", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update information for a root-domain", - "privilege": "UpdateEnvironment", + "access_level": "Read", + "description": "Grants permission to describe a view in an Amazon Connect instance", + "privilege": "DescribeView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "aws-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "qualified-aws-managed-view*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "qualified-customer-managed-view*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:datazonecontrol:${Region}:${Account}:domain/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" }, - { - "arn": "arn:${Partition}:datazonecontrol:${Region}:${Account}:data-source/${DomainId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "data-source" - } - ], - "service_name": "Amazon DataZone Control" - }, - { - "conditions": [ - { - "condition": "dax:EnclosingOperation", - "description": "Used to block Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", - "type": "String" - } - ], - "prefix": "dax", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to return the attributes of one or more items from one or more tables", - "privilege": "BatchGetItem", + "description": "Grants permission to describe a vocabulary in an Amazon Connect instance", + "privilege": "DescribeVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "vocabulary*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to put or delete multiple items in one or more tables", - "privilege": "BatchWriteItem", + "description": "Grants permission to disassociate approved origin for an existing Amazon Connect instance", + "privilege": "DisassociateApprovedOrigin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to the ConditionCheckItem operation that checks the existence of a set of attributes for the item with the given primary key", - "privilege": "ConditionCheckItem", + "access_level": "Write", + "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", + "privilege": "DisassociateBot", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "lex:DeleteResourcePolicy", + "lex:UpdateResourcePolicy" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a DAX cluster", - "privilege": "CreateCluster", + "description": "Grants permission to disassociate a Customer Profiles domain for an existing Amazon Connect instance", + "privilege": "DisassociateCustomerProfilesDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "dax:CreateParameterGroup", - "dax:CreateSubnetGroup", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:GetRole", - "iam:PassRole" + "iam:AttachRolePolicy", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRolePolicy" ], - "resource_type": "application*" + "resource_type": "instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a parameter group", - "privilege": "CreateParameterGroup", + "description": "Grants permission to disassociate a resource from a flow in an Amazon Connect instance", + "privilege": "DisassociateFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a subnet group", - "privilege": "CreateSubnetGroup", + "description": "Grants permission to disassociate instance storage for an existing Amazon Connect instance", + "privilege": "DisassociateInstanceStorageConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:StorageResourceType", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove one or more nodes from a DAX cluster", - "privilege": "DecreaseReplicationFactor", + "description": "Grants permission to disassociate a Lambda function for an existing Amazon Connect instance", + "privilege": "DisassociateLambdaFunction", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "lambda:RemovePermission" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a previously provisioned DAX cluster", - "privilege": "DeleteCluster", + "description": "Grants permission to disassociate a Lex bot for an existing Amazon Connect instance", + "privilege": "DisassociateLexBot", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a single item in a table by primary key", - "privilege": "DeleteItem", + "description": "Grants permission to disassociate contact flow resources from phone number resources in an Amazon Connect instance", + "privilege": "DisassociatePhoneNumberContactFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "phone-number*" }, { "condition_keys": [ - "dax:EnclosingOperation" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58204,113 +59340,215 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified parameter group", - "privilege": "DeleteParameterGroup", + "description": "Grants permission to disassociate quick connects from a queue in an Amazon Connect instance", + "privilege": "DisassociateQueueQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a subnet group", - "privilege": "DeleteSubnetGroup", + "description": "Grants permission to disassociate queues from a routing profile in an Amazon Connect instance", + "privilege": "DisassociateRoutingProfileQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return information about all provisioned DAX clusters", - "privilege": "DescribeClusters", + "access_level": "Write", + "description": "Grants permission to disassociate the security key for an existing Amazon Connect instance", + "privilege": "DisassociateSecurityKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return the default system parameter information for DAX", - "privilege": "DescribeDefaultParameters", + "access_level": "Write", + "description": "Grants permission to disassociate a user from a traffic distribution group in the specified Amazon Connect instance", + "privilege": "DisassociateTrafficDistributionGroupUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return events related to DAX clusters and parameter groups", - "privilege": "DescribeEvents", + "access_level": "Write", + "description": "Grants permission to disassociate user proficiencies from a user in an Amazon Connect instance", + "privilege": "DisassociateUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of parameter group descriptions", - "privilege": "DescribeParameterGroups", + "access_level": "Write", + "description": "Grants permission to dismiss terminated Contact from Agent CCP", + "privilege": "DismissUserContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the detailed parameter list for a particular parameter group", - "privilege": "DescribeParameters", + "description": "Grants permission to retrieve the contact attributes for the specified contact", + "privilege": "GetContactAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of subnet group descriptions", - "privilege": "DescribeSubnetGroups", + "access_level": "Read", + "description": "Grants permission to retrieve current metric data for queues and routing profiles in an Amazon Connect instance", + "privilege": "GetCurrentMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", - "privilege": "GetItem", + "description": "Grants permission to retrieve current user data in an Amazon Connect instance", + "privilege": "GetCurrentUserData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "hierarchy-group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "dax:EnclosingOperation" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58318,42 +59556,54 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add one or more nodes to a DAX cluster", - "privilege": "IncreaseReplicationFactor", + "access_level": "Read", + "description": "Grants permission to federate into an Amazon Connect instance when using SAML-based authentication for identity management", + "privilege": "GetFederationToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list all of the tags for a DAX cluster", - "privilege": "ListTags", + "access_level": "Write", + "description": "Grants permission to federate into an Amazon Connect instance (Log in for emergency access functionality in the Amazon Connect console)", + "privilege": "GetFederationTokens", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" + "dependent_actions": [ + "connect:DescribeInstance", + "connect:ListInstances", + "ds:DescribeDirectories" + ], + "resource_type": "instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new item, or replace an old item with a new item", - "privilege": "PutItem", + "access_level": "Read", + "description": "Grants permission to get information about the flow associations for the specified Amazon Connect instance", + "privilege": "GetFlowAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "instance*" }, { "condition_keys": [ - "dax:EnclosingOperation" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58362,89 +59612,112 @@ }, { "access_level": "Read", - "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", - "privilege": "Query", + "description": "Grants permission to retrieve historical metric data for queues in an Amazon Connect instance", + "privilege": "GetMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reboot a single node of a DAX cluster", - "privilege": "RebootNode", - "resource_types": [ + "resource_type": "queue*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", - "privilege": "Scan", + "description": "Grants permission to retrieve metric data in an Amazon Connect instance", + "privilege": "GetMetricDataV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to associate a set of tags with a DAX resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "hierarchy-group*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the association of tags from a DAX resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get details about a prompt's presigned Amazon S3 URL in an Amazon Connect instance", + "privilege": "GetPromptFile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the settings for a DAX cluster", - "privilege": "UpdateCluster", + "access_level": "Read", + "description": "Grants permission to get details about specified task template in an Amazon Connect instance", + "privilege": "GetTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "task-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", - "privilege": "UpdateItem", + "access_level": "List", + "description": "Grants permission to read traffic distribution for a traffic distribution group", + "privilege": "GetTrafficDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "traffic-distribution-group*" }, { "condition_keys": [ - "dax:EnclosingOperation" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -58453,260 +59726,325 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the parameters of a parameter group", - "privilege": "UpdateParameterGroup", + "description": "Grants permission to import phone number resources to an Amazon Connect instance", + "privilege": "ImportPhoneNumber", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "sms-voice:DescribePhoneNumbers" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing subnet group", - "privilege": "UpdateSubnetGroup", + "access_level": "List", + "description": "Grants permission to list agent statuses in an Amazon Connect instance", + "privilege": "ListAgentStatuses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "wildcard-agent-status*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:dax:${Region}:${Account}:cache/${ClusterName}", - "condition_keys": [], - "resource": "application" - } - ], - "service_name": "Amazon DynamoDB Accelerator (DAX)" - }, - { - "conditions": [], - "prefix": "dbqms", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to create a new favorite query", - "privilege": "CreateFavoriteQuery", + "access_level": "List", + "description": "Grants permission to view approved origins of an existing Amazon Connect instance", + "privilege": "ListApprovedOrigins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a query to the history", - "privilege": "CreateQueryHistory", + "access_level": "List", + "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", + "privilege": "ListBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new query tab", - "privilege": "CreateTab", + "access_level": "List", + "description": "Grants permission to list contact evaluations in the specified Amazon Connect instance", + "privilege": "ListContactEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete saved queries", - "privilege": "DeleteFavoriteQueries", + "access_level": "List", + "description": "Grants permission to list contact flow module resources in an Amazon Connect instance", + "privilege": "ListContactFlowModules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a historical query", - "privilege": "DeleteQueryHistory", + "access_level": "List", + "description": "Grants permission to list contact flow resources in an Amazon Connect instance", + "privilege": "ListContactFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "wildcard-contact-flow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete query tab", - "privilege": "DeleteTab", + "access_level": "List", + "description": "Grants permission to list references associated with a contact in an Amazon Connect instance", + "privilege": "ListContactReferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list saved queries and associated metadata", - "privilege": "DescribeFavoriteQueries", + "description": "Grants permission to list default vocabularies associated with a Amazon Connect instance", + "privilege": "ListDefaultVocabularies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list history of queries that were run", - "privilege": "DescribeQueryHistory", + "description": "Grants permission to list versions of an evaluation form in the specified Amazon Connect instance", + "privilege": "ListEvaluationFormVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list query tabs and associated metadata", - "privilege": "DescribeTabs", + "description": "Grants permission to list evaluation forms in the specified Amazon Connect instance", + "privilege": "ListEvaluationForms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve favorite or history query string by id", - "privilege": "GetQueryString", + "access_level": "List", + "description": "Grants permission to list summary information about the flow associations for the specified Amazon Connect instance", + "privilege": "ListFlowAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update saved query and description", - "privilege": "UpdateFavoriteQuery", + "access_level": "List", + "description": "Grants permission to list hours of operation resources in an Amazon Connect instance", + "privilege": "ListHoursOfOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the query history", - "privilege": "UpdateQueryHistory", + "access_level": "List", + "description": "Grants permission to view the attributes of an existing Amazon Connect instance", + "privilege": "ListInstanceAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update query tab", - "privilege": "UpdateTab", + "access_level": "List", + "description": "Grants permission to view storage configurations of an existing Amazon Connect instance", + "privilege": "ListInstanceStorageConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Database Query Metadata Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "deepcomposer", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a DeepComposer coupon (or DSN) with the account associated with the sender of the request", - "privilege": "AssociateCoupon", + "access_level": "List", + "description": "Grants permission to view the Amazon Connect instances associated with an AWS account", + "privilege": "ListInstances", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ds:DescribeDirectories" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an audio file by converting the midi composition into a wav or mp3 file", - "privilege": "CreateAudio", + "access_level": "List", + "description": "Grants permission to list summary information about the integration associations for the specified Amazon Connect instance", + "privilege": "ListIntegrationAssociations", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "audio*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a multi-track midi composition", - "privilege": "CreateComposition", + "access_level": "List", + "description": "Grants permission to view the Lambda functions of an existing Amazon Connect instance", + "privilege": "ListLambdaFunctions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58714,19 +60052,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start creating/training a generative-model that is able to perform inference against the user-provided piano-melody to create a multi-track midi composition", - "privilege": "CreateModel", + "access_level": "List", + "description": "Grants permission to view the Lex bots of an existing Amazon Connect instance", + "privilege": "ListLexBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58734,42 +60071,42 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the composition", - "privilege": "DeleteComposition", + "access_level": "List", + "description": "Grants permission to list phone number resources in an Amazon Connect instance", + "privilege": "ListPhoneNumbers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition*" + "resource_type": "wildcard-legacy-phone-number*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the model", - "privilege": "DeleteModel", + "access_level": "List", + "description": "Grants permission to list phone number resources in an Amazon Connect instance", + "privilege": "ListPhoneNumbersV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "wildcard-phone-number*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the composition", - "privilege": "GetComposition", + "access_level": "List", + "description": "Grants permission to list predefined attributes in an Amazon Connect instance", + "privilege": "ListPredefinedAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58777,18 +60114,18 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the model", - "privilege": "GetModel", + "access_level": "List", + "description": "Grants permission to list prompt resources in an Amazon Connect instance", + "privilege": "ListPrompts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58796,71 +60133,87 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the sample/pre-trained DeepComposer model", - "privilege": "GetSampleModel", + "access_level": "List", + "description": "Grants permission to list quick connect resources in a queue in an Amazon Connect instance", + "privilege": "ListQueueQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all the compositions owned by the sender of the request", - "privilege": "ListCompositions", + "description": "Grants permission to list queue resources in an Amazon Connect instance", + "privilege": "ListQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition*" + "resource_type": "wildcard-queue*" } ] }, { "access_level": "List", - "description": "Grants permission to list all the models owned by the sender of the request", - "privilege": "ListModels", + "description": "Grants permission to list quick connect resources in an Amazon Connect instance", + "privilege": "ListQuickConnects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "wildcard-quick-connect*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the sample/pre-trained models provided by the DeepComposer service", - "privilege": "ListSampleModels", + "access_level": "Read", + "description": "Grants permission to list the analysis segments for a real-time analysis session", + "privilege": "ListRealtimeContactAnalysisSegments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "contact*" } ] }, { "access_level": "List", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list the analysis segments for a real-time chat analytics session", + "privilege": "ListRealtimeContactAnalysisSegmentsV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition" - }, + "resource_type": "contact*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list queue resources in a routing profile in an Amazon Connect instance", + "privilege": "ListRoutingProfileQueues", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "routing-profile*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58869,36 +60222,36 @@ }, { "access_level": "List", - "description": "Grants permission to list all the training options or topic for creating/training a model", - "privilege": "ListTrainingTopics", + "description": "Grants permission to list routing profile resources in an Amazon Connect instance", + "privilege": "ListRoutingProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list rules associated with a Amazon Connect instance", + "privilege": "ListRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58906,25 +60259,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to view the security keys of an existing Amazon Connect instance", + "privilege": "ListSecurityKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" + "resource_type": "instance*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -58932,414 +60278,251 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to modify the mutable properties associated with a composition", - "privilege": "UpdateComposition", + "access_level": "List", + "description": "Grants permission to list applications associated with a specific security profile in an Amazon Connect instance", + "privilege": "ListSecurityProfileApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "composition*" + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to to modify the mutable properties associated with a model", - "privilege": "UpdateModel", + "access_level": "List", + "description": "Grants permission to list permissions associated with security profile in an Amazon Connect instance", + "privilege": "ListSecurityProfilePermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:model/${ModelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model" - }, - { - "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:composition/${CompositionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "composition" }, { - "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:audio/${AudioId}", - "condition_keys": [], - "resource": "audio" - } - ], - "service_name": "AWS DeepComposer" - }, - { - "conditions": [], - "prefix": "deeplens", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Associates the user's account with IAM roles controlling various permissions needed by AWS DeepLens for proper functionality.", - "privilege": "AssociateServiceRoleToAccount", + "access_level": "List", + "description": "Grants permission to list security profile resources in an Amazon Connect instance", + "privilege": "ListSecurityProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Retrieves a list of AWS DeepLens devices.", - "privilege": "BatchGetDevice", + "description": "Grants permission to list tags for an Amazon Connect resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves a list of AWS DeepLens Models.", - "privilege": "BatchGetModel", - "resource_types": [ + "resource_type": "agent-status" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves a list of AWS DeepLens Projects.", - "privilege": "BatchGetProject", - "resource_types": [ + "resource_type": "contact-evaluation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Creates a certificate package that is used to successfully authenticate and Register an AWS DeepLens device.", - "privilege": "CreateDeviceCertificates", - "resource_types": [ + "resource_type": "contact-flow" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Creates a new AWS DeepLens Model.", - "privilege": "CreateModel", - "resource_types": [ + "resource_type": "contact-flow-module" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Creates a new AWS DeepLens Project.", - "privilege": "CreateProject", - "resource_types": [ + "resource_type": "evaluation-form" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes an AWS DeepLens Model.", - "privilege": "DeleteModel", - "resource_types": [ + "resource_type": "hierarchy-group" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" - } - ] - }, - { - "access_level": "Write", - "description": "Deletes an AWS DeepLens Project.", - "privilege": "DeleteProject", - "resource_types": [ + "resource_type": "hours-of-operation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Deploys an AWS DeepLens project to a registered AWS DeepLens device.", - "privilege": "DeployProject", - "resource_types": [ + "resource_type": "integration-association" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "phone-number" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Begins a device de-registration workflow for a registered AWS DeepLens device.", - "privilege": "DeregisterDevice", - "resource_types": [ + "resource_type": "prompt" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves the account level resources associated with the user's account.", - "privilege": "GetAssociatedResources", - "resource_types": [ + "resource_type": "queue" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves the the deployment status of a particular AWS DeepLens device, along with any associated metadata.", - "privilege": "GetDeploymentStatus", - "resource_types": [ + "resource_type": "quick-connect" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves information about an AWS DeepLens device.", - "privilege": "GetDevice", - "resource_types": [ + "resource_type": "routing-profile" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves an AWS DeepLens Model.", - "privilege": "GetModel", - "resource_types": [ + "resource_type": "rule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" - } - ] - }, - { - "access_level": "Read", - "description": "Retrieves an AWS DeepLens Project.", - "privilege": "GetProject", - "resource_types": [ + "resource_type": "security-profile" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Creates a new AWS DeepLens project from a sample project template.", - "privilege": "ImportProjectFromTemplate", - "resource_types": [ + "resource_type": "traffic-distribution-group" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Retrieves a list of AWS DeepLens Deployment identifiers.", - "privilege": "ListDeployments", - "resource_types": [ + "resource_type": "use-case" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Retrieves a list of AWS DeepLens device identifiers.", - "privilege": "ListDevices", - "resource_types": [ + "resource_type": "user" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "wildcard-phone-number" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Retrieves a list of AWS DeepLens Model identifiers.", - "privilege": "ListModels", + "description": "Grants permission to list task template resources in an Amazon Connect instance", + "privilege": "ListTaskTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { "access_level": "List", - "description": "Retrieves a list of AWS DeepLens Project identifiers.", - "privilege": "ListProjects", + "description": "Grants permission to list the active user associations for a traffic distribution group", + "privilege": "ListTrafficDistributionGroupUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Begins a device registration workflow for an AWS DeepLens device.", - "privilege": "RegisterDevice", - "resource_types": [ + "resource_type": "traffic-distribution-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Removes a deployed AWS DeepLens project from an AWS DeepLens device.", - "privilege": "RemoveProject", + "access_level": "List", + "description": "Grants permission to list traffic distribution groups", + "privilege": "ListTrafficDistributionGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "traffic-distribution-group*" } ] }, { - "access_level": "Write", - "description": "Updates an existing AWS DeepLens Project.", - "privilege": "UpdateProject", + "access_level": "List", + "description": "Grants permission to list the use cases of an integration association", + "privilege": "ListUseCases", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeInstance", + "ds:DescribeDirectories" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:deeplens:${Region}:${Account}:device/${DeviceName}", - "condition_keys": [], - "resource": "device" - }, - { - "arn": "arn:${Partition}:deeplens:${Region}:${Account}:project/${ProjectName}", - "condition_keys": [], - "resource": "project" - }, - { - "arn": "arn:${Partition}:deeplens:${Region}:${Account}:model/${ModelName}", - "condition_keys": [], - "resource": "model" - } - ], - "service_name": "AWS DeepLens" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions by tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions by tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "deepracer:MultiUser", - "description": "Filters access by multiuser flag", - "type": "Bool" }, { - "condition": "deepracer:UserToken", - "description": "Filters access by user token in the request", - "type": "String" - } - ], - "prefix": "deepracer", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add access for a private leaderboard", - "privilege": "AddLeaderboardAccessPermission", + "access_level": "List", + "description": "Grants permission to list the hierarchy group resources in an Amazon Connect instance", + "privilege": "ListUserHierarchyGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59347,86 +60530,67 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get current admin multiuser configuration for this account", - "privilege": "AdminGetAccountConfig", + "access_level": "List", + "description": "Grants permission to list user proficiencies from a user in an Amazon Connect instance", + "privilege": "ListUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all deepracer users with their associated resources created under this account", - "privilege": "AdminListAssociatedResources", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list user data for all users associated with this account", - "privilege": "AdminListAssociatedUsers", - "resource_types": [ + "resource_type": "user*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to manage a user associated with this account", - "privilege": "AdminManageUser", + "access_level": "List", + "description": "Grants permission to list user resources in an Amazon Connect instance", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set configuration options for this account", - "privilege": "AdminSetAccountConfig", - "resource_types": [ + "resource_type": "instance*" + }, { - "condition_keys": [], + "condition_keys": [ + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to clone an existing DeepRacer model", - "privilege": "CloneReinforcementLearningModel", + "access_level": "List", + "description": "Grants permission to list the view versions in an Amazon Connect instance", + "privilege": "ListViewVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "resource_type": "aws-managed-view*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "track*" + "resource_type": "customer-managed-view*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59434,33 +60598,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a DeepRacer car in your garage", - "privilege": "CreateCar", + "access_level": "List", + "description": "Grants permission to list the views in an Amazon Connect instance", + "privilege": "ListViews", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a leaderboard", - "privilege": "CreateLeaderboard", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59469,18 +60618,29 @@ }, { "access_level": "Write", - "description": "Grants permission to create an access token for a private leaderboard", - "privilege": "CreateLeaderboardAccessToken", + "description": "Grants permission to monitor an ongoing contact", + "privilege": "MonitorContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:MonitorCapabilities", + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59489,25 +60649,28 @@ }, { "access_level": "Write", - "description": "Grants permission to submit a DeepRacer model to be evaluated for leaderboards", - "privilege": "CreateLeaderboardSubmission", + "description": "Grants permission to pause an ongoing contact", + "privilege": "PauseContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "contact*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59516,20 +60679,28 @@ }, { "access_level": "Write", - "description": "Grants permission to create ra einforcement learning model for DeepRacer", - "privilege": "CreateReinforcementLearningModel", + "description": "Grants permission to switch User Status in an Amazon Connect instance", + "privilege": "PutUserStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "track*" + "resource_type": "agent-status*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59538,18 +60709,17 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a leaderboard", - "privilege": "DeleteLeaderboard", + "description": "Grants permission to release phone number resources in an Amazon Connect instance", + "privilege": "ReleasePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "phone-number*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59558,18 +60728,31 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a DeepRacer model", - "privilege": "DeleteModel", + "description": "Grants permission to create a replica of an Amazon Connect instance", + "privilege": "ReplicateInstance", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:CheckAlias", + "ds:CreateAlias", + "ds:CreateDirectory", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59578,18 +60761,28 @@ }, { "access_level": "Write", - "description": "Grants permission to edit a leaderboard", - "privilege": "EditLeaderboard", + "description": "Grants permission to resume a paused contact", + "privilege": "ResumeContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59597,49 +60790,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get current multiuser configuration for this account", - "privilege": "GetAccountConfig", + "access_level": "Write", + "description": "Grants permission to resume recording for the specified contact", + "privilege": "ResumeContactRecording", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the user's alias for submitting a DeepRacer model to leaderboards", - "privilege": "GetAlias", + "access_level": "List", + "description": "Grants permission to search phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "SearchAvailablePhoneNumbers", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "wildcard-phone-number*" } ] }, { "access_level": "Read", - "description": "Grants permission to download artifacts for an existing DeepRacer model", - "privilege": "GetAssetUrl", + "description": "Grants permission to search contacts in an Amazon Connect instance", + "privilege": "SearchContacts", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "dependent_actions": [ + "connect:DescribeContact" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchContactsByContactAnalysis" ], "dependent_actions": [], "resource_type": "" @@ -59648,18 +60837,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a specific DeepRacer car from your garage", - "privilege": "GetCar", + "description": "Grants permission to search hours of operation resources in an Amazon Connect instance", + "privilege": "SearchHoursOfOperations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "car*" + "dependent_actions": [ + "connect:DescribeHoursOfOperation" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59668,13 +60859,19 @@ }, { "access_level": "Read", - "description": "Grants permission to view all the DeepRacer cars in your garage", - "privilege": "GetCars", + "description": "Grants permission to search predefined attributes in an Amazon Connect instance", + "privilege": "SearchPredefinedAttributes", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "connect:DescribePredefinedAttribute" + ], + "resource_type": "instance*" + }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59683,18 +60880,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about an existing DeepRacer model's evaluation jobs", - "privilege": "GetEvaluation", + "description": "Grants permission to search prompt resources in an Amazon Connect instance", + "privilege": "SearchPrompts", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation_job*" + "dependent_actions": [ + "connect:DescribePrompt" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59703,18 +60902,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about how the latest submitted DeepRacer model for a user performed on a leaderboard", - "privilege": "GetLatestUserSubmission", + "description": "Grants permission to search queue resources in an Amazon Connect instance", + "privilege": "SearchQueues", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "connect:DescribeQueue" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59723,18 +60924,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about leaderboards", - "privilege": "GetLeaderboard", + "description": "Grants permission to search quick connect resources in an Amazon Connect instance", + "privilege": "SearchQuickConnects", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "connect:DescribeQuickConnect" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59742,19 +60945,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an existing DeepRacer model", - "privilege": "GetModel", + "access_level": "List", + "description": "Grants permission to search tags that are used in an Amazon Connect instance", + "privilege": "SearchResourceTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59763,18 +60966,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about private leaderboards", - "privilege": "GetPrivateLeaderboard", + "description": "Grants permission to search routing profile resources in an Amazon Connect instance", + "privilege": "SearchRoutingProfiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "connect:DescribeRoutingProfile" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59783,18 +60988,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the performance of a user's DeepRacer model that got placed on a leaderboard", - "privilege": "GetRankedUserSubmission", + "description": "Grants permission to search security profile resources in an Amazon Connect instance", + "privilege": "SearchSecurityProfiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard*" + "dependent_actions": [ + "connect:DescribeSecurityProfile" + ], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId", + "connect:SearchTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -59803,30 +61010,39 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about DeepRacer tracks", - "privilege": "GetTrack", + "description": "Grants permission to search user resources in an Amazon Connect instance", + "privilege": "SearchUsers", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "connect:DescribeUser" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId", + "connect:SearchTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "track*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an existing DeepRacer model's training job", - "privilege": "GetTrainingJob", + "access_level": "List", + "description": "Grants permission to search vocabularies in a Amazon Connect instance", + "privilege": "SearchVocabularies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "training_job*" + "resource_type": "vocabulary*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59835,33 +61051,34 @@ }, { "access_level": "Write", - "description": "Grants permission to import a reinforcement learning model for DeepRacer", - "privilege": "ImportModel", + "description": "Grants permission to send chat integration events using the Amazon Connect API", + "privilege": "SendChatIntegrationEvent", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a DeepRacer model's evaluation jobs", - "privilege": "ListEvaluations", + "access_level": "Write", + "description": "Grants permission to initiate a chat using the Amazon Connect API", + "privilege": "StartChatContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59869,19 +61086,28 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the DeepRacer model submissions of a user on a leaderboard", - "privilege": "ListLeaderboardSubmissions", + "access_level": "Write", + "description": "Grants permission to start an empty evaluation in the specified Amazon Connect instance, using the given evaluation form for the particular contact. The evaluation form version used for the contact evaluation corresponds to the currently activated version. If no version is activated for the evaluation form, the contact evaluation cannot be started", + "privilege": "StartContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-evaluation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-form*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59889,64 +61115,42 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the available leaderboards", - "privilege": "ListLeaderboards", + "access_level": "Write", + "description": "Grants permission to start recording for the specified contact", + "privilege": "StartContactRecording", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all existing DeepRacer models", - "privilege": "ListModels", + "access_level": "Write", + "description": "Grants permission to start chat streaming using the Amazon Connect API", + "privilege": "StartContactStreaming", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve participant information about private leaderboards", - "privilege": "ListPrivateLeaderboardParticipants", + "access_level": "Write", + "description": "Grants permission to enable forecasting, planning, and scheduling integration on an Amazon Connect instance", + "privilege": "StartForecastingPlanningSchedulingIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all the available private leaderboards", - "privilege": "ListPrivateLeaderboards", - "resource_types": [ - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -59954,60 +61158,46 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the subscribed private leaderboards", - "privilege": "ListSubscribedPrivateLeaderboards", + "access_level": "Write", + "description": "Grants permission to initiate outbound calls using the Amazon Connect API", + "privilege": "StartOutboundVoiceContact", "resource_types": [ { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { - "access_level": "Read", - "description": "Grants permission to lists tag for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to initiate a task using the Amazon Connect API", + "privilege": "StartTaskContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "car" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation_job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "leaderboard" + "resource_type": "contact-flow*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard_evaluation_job" + "resource_type": "contact" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model" + "resource_type": "quick-connect" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "training_job" + "resource_type": "task-template" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60015,31 +61205,37 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all DeepRacer tracks", - "privilege": "ListTracks", + "access_level": "Write", + "description": "Grants permission to initiate a WebRTC contact using the Amazon Connect API", + "privilege": "StartWebRTCContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list a DeepRacer model's training jobs", - "privilege": "ListTrainingJobs", + "access_level": "Write", + "description": "Grants permission to stop contacts that were initiated using the Amazon Connect API. If you use this operation on an active contact the contact ends, even if the agent is active on a call with a customer", + "privilege": "StopContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "resource_type": "contact*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60048,50 +61244,41 @@ }, { "access_level": "Write", - "description": "Grants permission to migrate previous reinforcement learning models for DeepRacer", - "privilege": "MigrateModels", + "description": "Grants permission to stop recording for the specified contact", + "privilege": "StopContactRecording", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { "access_level": "Write", - "description": "Grants permission to performs the leaderboard operation mentioned in the operation attribute", - "privilege": "PerformLeaderboardOperation", + "description": "Grants permission to stop chat streaming using the Amazon Connect API", + "privilege": "StopContactStreaming", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard" - }, - { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove access for a private leaderboard", - "privilege": "RemoveLeaderboardAccessPermission", + "description": "Grants permission to disable forecasting, planning, and scheduling integration on an Amazon Connect instance", + "privilege": "StopForecastingPlanningSchedulingIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard*" + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60100,13 +61287,17 @@ }, { "access_level": "Write", - "description": "Grants permission to set the user's alias for submitting a DeepRacer model to leaderboards", - "privilege": "SetAlias", + "description": "Grants permission to submit a contact evaluation in the specified Amazon Connect instance. Answers included in the request are merged with existing answers for the given evaluation. If no answers or notes are passed, the evaluation is submitted with the existing answers and notes. You can delete an answer or note by passing an empty object ( { }) to the question identifier", + "privilege": "SubmitContactEvaluation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-evaluation*" + }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60115,45 +61306,29 @@ }, { "access_level": "Write", - "description": "Grants permission to evaluate a DeepRacer model in a simulated environment", - "privilege": "StartEvaluation", + "description": "Grants permission to suspend recording for the specified contact", + "privilege": "SuspendContactRecording", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "track*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "deepracer:UserToken", - "deepracer:MultiUser" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "contact*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop DeepRacer model evaluations", - "privilege": "StopEvaluation", + "description": "Grants permission to tag a contact in an Amazon Connect instance", + "privilege": "TagContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation_job*" + "resource_type": "contact*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60161,127 +61336,129 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop training a DeepRacer model", - "privilege": "StopTrainingReinforcementLearningModel", + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon Connect resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model*" + "resource_type": "agent-status" }, { - "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "contact-evaluation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "car" + "resource_type": "contact-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation_job" + "resource_type": "contact-flow-module" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard" + "resource_type": "customer-managed-view" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard_evaluation_job" + "resource_type": "evaluation-form" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model" + "resource_type": "hierarchy-group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "training_job" + "resource_type": "hours-of-operation" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "deepracer:UserToken", - "deepracer:MultiUser" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to test reward functions for correctness", - "privilege": "TestRewardFunction", - "resource_types": [ + "resource_type": "instance" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "integration-association" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "car" + "resource_type": "phone-number" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation_job" + "resource_type": "prompt" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard" + "resource_type": "queue" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "leaderboard_evaluation_job" + "resource_type": "quick-connect" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reinforcement_learning_model" + "resource_type": "routing-profile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "training_job" + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "use-case" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vocabulary" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "wildcard-phone-number" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "deepracer:UserToken", - "deepracer:MultiUser" + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -60290,141 +61467,195 @@ }, { "access_level": "Write", - "description": "Grants permission to update a DeepRacer car in your garage", - "privilege": "UpdateCar", + "description": "Grants permission to transfer the contact to another queue or agent", + "privilege": "TransferContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "car*" + "resource_type": "contact*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" }, { "condition_keys": [ - "deepracer:UserToken", - "deepracer:MultiUser" + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:car/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "car" - }, - { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:evaluation_job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "evaluation_job" - }, - { - "arn": "arn:${Partition}:deepracer:${Region}::leaderboard/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "leaderboard" - }, - { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:leaderboard_evaluation_job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "leaderboard_evaluation_job" - }, - { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:model/reinforcement_learning/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "reinforcement_learning_model" - }, - { - "arn": "arn:${Partition}:deepracer:${Region}::track/${ResourceId}", - "condition_keys": [], - "resource": "track" - }, - { - "arn": "arn:${Partition}:deepracer:${Region}:${Account}:training_job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "training_job" - } - ], - "service_name": "AWS DeepRacer" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by specifying the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by specifying the tags associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by specifying the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "detective", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept an invitation to become a member of a behavior graph", - "privilege": "AcceptInvitation", + "description": "Grants permission to untag a contact in an Amazon Connect instance", + "privilege": "UntagContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the datasource package history for the specified member accounts in a behavior graph managed by this account", - "privilege": "BatchGetGraphMemberDatasources", + "access_level": "Tagging", + "description": "Grants permission to untag an Amazon Connect resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the datasource package history of the caller account for the specified graphs", - "privilege": "BatchGetMembershipDatasources", - "resource_types": [ + "resource_type": "agent-status" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-evaluation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow-module" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customer-managed-view" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation-form" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hierarchy-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hours-of-operation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration-association" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "phone-number" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prompt" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quick-connect" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "security-profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "use-case" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vocabulary" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "wildcard-phone-number" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a behavior graph and begin to aggregate security information", - "privilege": "CreateGraph", + "description": "Grants permission to update agent status in an Amazon Connect instance", + "privilege": "UpdateAgentStatus", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "agent-status*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60433,240 +61664,358 @@ }, { "access_level": "Write", - "description": "Grants permission to request the membership of one or more accounts in a behavior graph managed by this account", - "privilege": "CreateMembers", + "description": "Grants permission to update a contact in an Amazon Connect instance", + "privilege": "UpdateContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a behavior graph and stop aggregating security information", - "privilege": "DeleteGraph", + "description": "Grants permission to create or update the contact attributes associated with the specified contact", + "privilege": "UpdateContactAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove member accounts from a behavior graph managed by this account", - "privilege": "DeleteMembers", + "description": "Grants permission to update details about a contact evaluation in the specified Amazon Connect instance. A contact evaluation must be in the draft state. Answers included in the request are merged with existing answers for the given evaluation. An answer or note can be deleted by passing an empty object ( { }) to the question identifier", + "privilege": "UpdateContactEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "contact-evaluation*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations", - "privilege": "DescribeOrganizationConfiguration", + "access_level": "Write", + "description": "Grants permission to update contact flow content in an Amazon Connect instance", + "privilege": "UpdateContactFlowContent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], - "resource_type": "Graph*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization", - "privilege": "DisableOrganizationAdminAccount", + "description": "Grants permission to update the metadata of a contact flow in an Amazon Connect instance", + "privilege": "UpdateContactFlowMetadata", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the association of this account with a behavior graph", - "privilege": "DisassociateMembership", + "description": "Grants permission to update contact flow module content in an Amazon Connect instance", + "privilege": "UpdateContactFlowModuleContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization", - "privilege": "EnableOrganizationAdminAccount", + "description": "Grants permission to update the metadata of a contact flow module in an Amazon Connect instance", + "privilege": "UpdateContactFlowModuleMetadata", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "organizations:DescribeOrganization", - "organizations:EnableAWSServiceAccess", - "organizations:RegisterDelegatedAdministrator" + "dependent_actions": [], + "resource_type": "contact-flow-module*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period", - "privilege": "GetFreeTrialEligibility", + "access_level": "Write", + "description": "Grants permission to update the name and description of a contact flow in an Amazon Connect instance", + "privilege": "UpdateContactFlowName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "contact-flow*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the data ingestion state of a behavior graph", - "privilege": "GetGraphIngestState", + "access_level": "Write", + "description": "Grants permission to update routing properties on a contact in an Amazon Connect instance", + "privilege": "UpdateContactRoutingData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details on specified members of a behavior graph", - "privilege": "GetMembers", + "access_level": "Write", + "description": "Grants permission to update the schedule of a contact that is already scheduled in an Amazon Connect instance", + "privilege": "UpdateContactSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "contact*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about Amazon Detective's pricing", - "privilege": "GetPricingInformation", + "access_level": "Write", + "description": "Grants permission to update details about a specific evaluation form version in the specified Amazon Connect instance. Question and section identifiers cannot be duplicated within the same evaluation form", + "privilege": "UpdateEvaluationForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "evaluation-form*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list usage information of a behavior graph", - "privilege": "GetUsageInformation", + "access_level": "Write", + "description": "Grants permission to update hours of operation in an Amazon Connect instance", + "privilege": "UpdateHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "hours-of-operation*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list a graph's datasource package ingest states and timestamps for the most recent state changes in a behavior graph managed by this account", - "privilege": "ListDatasourcePackages", + "access_level": "Write", + "description": "Grants permission to update the attribute for an existing Amazon Connect instance", + "privilege": "UpdateInstanceAttribute", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ds:DescribeDirectories", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "logs:CreateLogGroup" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:AttributeType", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list behavior graphs managed by this account", - "privilege": "ListGraphs", + "access_level": "Write", + "description": "Grants permission to update the storage configuration for an existing Amazon Connect instance", + "privilege": "UpdateInstanceStorageConfig", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ds:DescribeDirectories", + "firehose:DescribeDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kinesis:DescribeStream", + "kms:CreateGrant", + "kms:DescribeKey", + "s3:GetBucketAcl", + "s3:GetBucketLocation" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:StorageResourceType", + "connect:InstanceId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve high volume entities whose relationships cannot be stored by Detective", - "privilege": "ListHighDegreeEntities", + "access_level": "Write", + "description": "Grants permission to update participant role configurations associated with a contact", + "privilege": "UpdateParticipantRoleConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve details on the behavior graphs to which this account has been invited to join", - "privilege": "ListInvitations", - "resource_types": [ + "resource_type": "contact*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve details on all members of a behavior graph", - "privilege": "ListMembers", + "access_level": "Write", + "description": "Grants permission to update phone number resources in an Amazon Connect instance or traffic distribution group", + "privilege": "UpdatePhoneNumber", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization", - "privilege": "ListOrganizationAdminAccount", - "resource_types": [ + "resource_type": "instance*" + }, { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "dependent_actions": [], + "resource_type": "phone-number*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tag values that are assigned to a behavior graph", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update the metadata of a phone number resource in an Amazon Connect instance or traffic distribution group", + "privilege": "UpdatePhoneNumberMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "phone-number*" }, { "condition_keys": [ @@ -60679,55 +62028,66 @@ }, { "access_level": "Write", - "description": "Grants permission to reject an invitation to become a member of a behavior graph", - "privilege": "RejectInvitation", + "description": "Grants permission to update a predefined attribute in an Amazon Connect instance", + "privilege": "UpdatePredefinedAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to search the data stored in a behavior graph", - "privilege": "SearchGraph", + "access_level": "Write", + "description": "Grants permission to update a prompt's name, description, and Amazon S3 URI in an Amazon Connect instance", + "privilege": "UpdatePrompt", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:Decrypt", + "s3:GetObject", + "s3:GetObjectAcl" + ], + "resource_type": "prompt*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED", - "privilege": "StartMonitoringMember", + "description": "Grants permission to update queue hours of operation in an Amazon Connect instance", + "privilege": "UpdateQueueHoursOfOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to assign tag values to a behavior graph", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "hours-of-operation*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "queue*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60735,18 +62095,19 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tag values from a behavior graph", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update queue capacity in an Amazon Connect instance", + "privilege": "UpdateQueueMaxContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" + "resource_type": "queue*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], "dependent_actions": [], "resource_type": "" @@ -60755,582 +62116,996 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable datasource package(s) in a behavior graph managed by this account", - "privilege": "UpdateDatasourcePackages", + "description": "Grants permission to update a queue name and description in an Amazon Connect instance", + "privilege": "UpdateQueueName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Graph*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations", - "privilege": "UpdateOrganizationConfiguration", - "resource_types": [ + "resource_type": "queue*" + }, { - "condition_keys": [], - "dependent_actions": [ - "organizations:DescribeOrganization" + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], - "resource_type": "Graph*" + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:detective:${Region}:${Account}:graph:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Graph" - } - ], - "service_name": "Amazon Detective" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", - "type": "ArrayOfString" - } - ], - "prefix": "devicefarm", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a device pool within a project", - "privilege": "CreateDevicePool", + "description": "Grants permission to update queue outbound caller config in an Amazon Connect instance", + "privilege": "UpdateQueueOutboundCallerConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a device instance profile", - "privilege": "CreateInstanceProfile", - "resource_types": [ + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "contact-flow" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "phone-number" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a network profile within a project", - "privilege": "CreateNetworkProfile", + "description": "Grants permission to update queue status in an Amazon Connect instance", + "privilege": "UpdateQueueStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a project for mobile testing", - "privilege": "CreateProject", - "resource_types": [ + "resource_type": "queue*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a remote access session to a device instance", - "privilege": "CreateRemoteAccessSession", + "description": "Grants permission to update the configuration of a quick connect in an Amazon Connect instance", + "privilege": "UpdateQuickConnectConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "quick-connect*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "contact-flow" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceinstance" + "resource_type": "queue" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload" + "resource_type": "user" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a project for desktop testing", - "privilege": "CreateTestGridProject", + "description": "Grants permission to update a quick connect name and description in an Amazon Connect instance", + "privilege": "UpdateQuickConnectName", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" + "dependent_actions": [], + "resource_type": "quick-connect*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to generate a new pre-signed url used to access our test grid service", - "privilege": "CreateTestGridUrl", + "description": "Grants permission to update a routing profile agent availability timer in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileAgentAvailabilityTimer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to upload a new file or app within a project", - "privilege": "CreateUpload", + "description": "Grants permission to update the concurrency in a routing profile in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileConcurrency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "CreateVPCEConfiguration", + "description": "Grants permission to update the outbound queue in a routing profile in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileDefaultOutboundQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user-generated device pool", - "privilege": "DeleteDevicePool", + "description": "Grants permission to update a routing profile name and description in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user-generated instance profile", - "privilege": "DeleteInstanceProfile", + "description": "Grants permission to update the queues in routing profile in an Amazon Connect instance", + "privilege": "UpdateRoutingProfileQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instanceprofile*" + "resource_type": "routing-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user-generated network profile", - "privilege": "DeleteNetworkProfile", + "description": "Grants permission to update a rule for an existing Amazon Connect instance", + "privilege": "UpdateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "networkprofile*" + "resource_type": "rule*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a mobile testing project", - "privilege": "DeleteProject", + "description": "Grants permission to update a security profile group for a user in an Amazon Connect instance", + "privilege": "UpdateSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "security-profile*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a completed remote access session and its results", - "privilege": "DeleteRemoteAccessSession", + "description": "Grants permission to update task template belonging to a Amazon Connect instance", + "privilege": "UpdateTaskTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "task-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a run", - "privilege": "DeleteRun", + "description": "Grants permission to update traffic distribution for a traffic distribution group", + "privilege": "UpdateTrafficDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "traffic-distribution-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a desktop testing project", - "privilege": "DeleteTestGridProject", + "description": "Grants permission to update a hierarchy group for a user in an Amazon Connect instance", + "privilege": "UpdateUserHierarchy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a user-uploaded file", - "privilege": "DeleteUpload", - "resource_types": [ + "resource_type": "user*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload*" + "resource_type": "hierarchy-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "DeleteVPCEConfiguration", + "description": "Grants permission to update a user hierarchy group name in an Amazon Connect instance", + "privilege": "UpdateUserHierarchyGroupName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpceconfiguration*" + "resource_type": "hierarchy-group*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the number of unmetered iOS and/or unmetered Android devices purchased by the account", - "privilege": "GetAccountSettings", + "access_level": "Write", + "description": "Grants permission to update user hierarchy structure in an Amazon Connect instance", + "privilege": "UpdateUserHierarchyStructure", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the information of a unique device type", - "privilege": "GetDevice", + "access_level": "Write", + "description": "Grants permission to update identity information for a user in an Amazon Connect instance", + "privilege": "UpdateUserIdentityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a device instance", - "privilege": "GetDeviceInstance", + "access_level": "Write", + "description": "Grants permission to update phone configuration settings for a user in an Amazon Connect instance", + "privilege": "UpdateUserPhoneConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceinstance*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a device pool", - "privilege": "GetDevicePool", + "access_level": "Write", + "description": "Grants permission to update user proficiencies from a user in an Amazon Connect instance", + "privilege": "UpdateUserProficiencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the compatibility of a test and/or app with a device pool", - "privilege": "GetDevicePoolCompatibility", + "access_level": "Write", + "description": "Grants permission to update a routing profile for a user in an Amazon Connect instance", + "privilege": "UpdateUserRoutingProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "routing-profile*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of an instance profile", - "privilege": "GetInstanceProfile", + "access_level": "Write", + "description": "Grants permission to update security profiles for a user in an Amazon Connect instance", + "privilege": "UpdateUserSecurityProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instanceprofile*" + "resource_type": "security-profile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a job", - "privilege": "GetJob", + "access_level": "Write", + "description": "Grants permission to update a view's content in an Amazon Connect instance", + "privilege": "UpdateViewContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a network profile", - "privilege": "GetNetworkProfile", + "access_level": "Write", + "description": "Grants permission to update a view's metadata in an Amazon Connect instance", + "privilege": "UpdateViewMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "networkprofile*" + "resource_type": "customer-managed-view*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "connect:InstanceId" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "instance" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current status and future status of all offerings purchased by an AWS account", - "privilege": "GetOfferingStatus", + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact/${ContactId}", + "condition_keys": [], + "resource": "contact" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent/${UserId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "user" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/routing-profile/${RoutingProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "routing-profile" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/security-profile/${SecurityProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "security-profile" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-group/${HierarchyGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "hierarchy-group" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/${QueueId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "queue" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/queue/*", + "condition_keys": [], + "resource": "wildcard-queue" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/${QuickConnectId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "quick-connect" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/transfer-destination/*", + "condition_keys": [], + "resource": "wildcard-quick-connect" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/${ContactFlowId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-flow" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/task-template/${TaskTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "task-template" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/flow-module/${ContactFlowModuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-flow-module" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-flow/*", + "condition_keys": [], + "resource": "wildcard-contact-flow" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/operating-hours/${HoursOfOperationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "hours-of-operation" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/${AgentStatusId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "agent-status" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent-state/*", + "condition_keys": [], + "resource": "wildcard-agent-status" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/${PhoneNumberId}", + "condition_keys": [], + "resource": "legacy-phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/phone-number/*", + "condition_keys": [], + "resource": "wildcard-legacy-phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/${PhoneNumberId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:phone-number/*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "wildcard-phone-number" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/integration-association/${IntegrationAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "integration-association" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/use-case/${UseCaseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "use-case" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/vocabulary/${VocabularyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "vocabulary" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:traffic-distribution-group/${TrafficDistributionGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "traffic-distribution-group" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/rule/${RuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rule" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/evaluation-form/${FormId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "evaluation-form" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/contact-evaluation/${EvaluationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "contact-evaluation" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/prompt/${PromptId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "prompt" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customer-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:aws:view/${ViewId}", + "condition_keys": [], + "resource": "aws-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}:${ViewQualifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "qualified-customer-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:aws:view/${ViewId}:${ViewQualifier}", + "condition_keys": [], + "resource": "qualified-aws-managed-view" + }, + { + "arn": "arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/view/${ViewId}:${ViewVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customer-managed-view-version" + } + ], + "service_name": "Amazon Connect" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "connect-campaigns", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a campaign", + "privilege": "CreateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a mobile testing project", - "privilege": "GetProject", + "access_level": "Write", + "description": "Grants permission to delete a campaign", + "privilege": "DeleteCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the link to a currently running remote access session", - "privilege": "GetRemoteAccessSession", + "access_level": "Write", + "description": "Grants permission to remove configuration information for an Amazon Connect instance", + "privilege": "DeleteConnectInstanceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of a run", - "privilege": "GetRun", + "access_level": "Write", + "description": "Grants permission to remove onboarding job for an Amazon Connect instance", + "privilege": "DeleteInstanceOnboardingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a testing suite", - "privilege": "GetSuite", + "description": "Grants permission to describe a specific campaign", + "privilege": "DescribeCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suite*" + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a test case", - "privilege": "GetTest", + "description": "Grants permission to get state of a campaign", + "privilege": "GetCampaignState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test*" + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a desktop testing project", - "privilege": "GetTestGridProject", + "description": "Grants permission to get state of campaigns", + "privilege": "GetCampaignStateBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of a test grid session", - "privilege": "GetTestGridSession", + "description": "Grants permission to get configuration information for an Amazon Connect instance", + "privilege": "GetConnectInstanceConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-session" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retireve the information of an uploaded file", - "privilege": "GetUpload", + "description": "Grants permission to get onboarding job status for an Amazon Connect instance", + "privilege": "GetInstanceOnboardingJobStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retireve the information of an Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "GetVPCEConfiguration", + "access_level": "List", + "description": "Grants permission to provide summary of all campaigns", + "privilege": "ListCampaigns", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "vpceconfiguration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to install an application to a device in a remote access session", - "privilege": "InstallToRemoteAccessSession", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "campaign" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "upload*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the artifacts in a project", - "privilege": "ListArtifacts", + "access_level": "Write", + "description": "Grants permission to pause a campaign", + "privilege": "PauseCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" - }, + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create dial requests for the specified campaign", + "privilege": "PutDialRequestBatch", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run" - }, + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to resume a campaign", + "privilege": "ResumeCampaign", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suite" - }, + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a campaign", + "privilege": "StartCampaign", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test" + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of device instances", - "privilege": "ListDeviceInstances", + "access_level": "Write", + "description": "Grants permission to start onboarding job for an Amazon Connect instance", + "privilege": "StartInstanceOnboardingJob", "resource_types": [ { "condition_keys": [], @@ -61340,93 +63115,125 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the information of device pools", - "privilege": "ListDevicePools", + "access_level": "Write", + "description": "Grants permission to stop a campaign", + "privilege": "StopCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of unique device types", - "privilege": "ListDevices", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of device instance profiles", - "privilege": "ListInstanceProfiles", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of jobs within a run", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to update the dialer configuration of a campaign", + "privilege": "UpdateCampaignDialerConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of network profiles within a project", - "privilege": "ListNetworkProfiles", + "access_level": "Write", + "description": "Grants permission to update the name of a campaign", + "privilege": "UpdateCampaignName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "campaign*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the offering promotions", - "privilege": "ListOfferingPromotions", + "access_level": "Write", + "description": "Grants permission to update the outbound call configuration of a campaign", + "privilege": "UpdateCampaignOutboundCallConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] - }, + } + ], + "resources": [ { - "access_level": "List", - "description": "Grants permission to list all of the historical purchases, renewals, and system renewal transactions for an AWS account", - "privilege": "ListOfferingTransactions", + "arn": "arn:${Partition}:connect-campaigns:${Region}:${Account}:campaign/${CampaignId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "campaign" + } + ], + "service_name": "High-volume outbound communications" + }, + { + "conditions": [], + "prefix": "consoleapp", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to retrieve the device identity for a Console Mobile App device", + "privilege": "GetDeviceIdentity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DeviceIdentity*" } ] }, { "access_level": "List", - "description": "Grants permission to list the products or offerings that the user can manage through the API", - "privilege": "ListOfferings", + "description": "Grants permission to retrieve a list of device identities", + "privilege": "ListDeviceIdentities", "resource_types": [ { "condition_keys": [], @@ -61434,11 +63241,25 @@ "resource_type": "" } ] - }, + } + ], + "resources": [ { - "access_level": "List", - "description": "Grants permission to list the information of mobile testing projects for an AWS account", - "privilege": "ListProjects", + "arn": "arn:${Partition}:consoleapp::${Account}:device/${DeviceId}/identity/${IdentityId}", + "condition_keys": [], + "resource": "DeviceIdentity" + } + ], + "service_name": "AWS Management Console Mobile App" + }, + { + "conditions": [], + "prefix": "consolidatedbilling", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get account role (Payer, Linked, Regular)", + "privilege": "GetAccountBillingRole", "resource_types": [ { "condition_keys": [], @@ -61449,118 +63270,121 @@ }, { "access_level": "List", - "description": "Grants permission to list the information of currently running remote access sessions", - "privilege": "ListRemoteAccessSessions", + "description": "Grants permission to get list of member/linked accounts", + "privilege": "ListLinkedAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Consolidated Billing" + }, + { + "conditions": [], + "prefix": "controlcatalog", + "privileges": [ { "access_level": "List", - "description": "Grants permission to list the information of runs within a project", - "privilege": "ListRuns", + "description": "Grants permission to return a paginated list of common controls from the AWS Control Catalog", + "privilege": "ListCommonControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the information of samples within a project", - "privilege": "ListSamples", + "description": "Grants permission to return a paginated list of domains from the AWS Control Catalog", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the information of testing suites within a job", - "privilege": "ListSuites", + "description": "Grants permission to return a paginated list of objectives from the AWS Control Catalog", + "privilege": "ListObjectives", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:controlcatalog:::common-control/${CommonControlId}", + "condition_keys": [], + "resource": "common-control" }, { - "access_level": "List", - "description": "Grants permission to list the tags of a resource", - "privilege": "ListTagsForResource", + "arn": "arn:${Partition}:controlcatalog:::domain/${DomainId}", + "condition_keys": [], + "resource": "domain" + }, + { + "arn": "arn:${Partition}:controlcatalog:::objective/${ObjectiveId}", + "condition_keys": [], + "resource": "objective" + } + ], + "service_name": "AWS Control Catalog" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "controltower", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a landing zone", + "privilege": "CreateLandingZone", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceinstance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "devicepool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instanceprofile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkprofile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "run" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "session" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-session" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vpceconfiguration" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "controltower:TagResource" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of desktop testing projects for an AWS account", - "privilege": "ListTestGridProjects", + "access_level": "Write", + "description": "Grants permission to create an account managed by AWS Control Tower", + "privilege": "CreateManagedAccount", "resource_types": [ { "condition_keys": [], @@ -61570,81 +63394,81 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the session actions performed during a test grid session", - "privilege": "ListTestGridSessionActions", + "access_level": "Write", + "description": "Grants permission to delete AWS Control Tower landing zone", + "privilege": "DeleteLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-session*" + "resource_type": "LandingZone*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the artifacts generated by a test grid session", - "privilege": "ListTestGridSessionArtifacts", + "access_level": "Write", + "description": "Grants permission to deregister an account created through the account factory from AWS Control Tower", + "privilege": "DeregisterManagedAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-session*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the sessions within a test grid project", - "privilege": "ListTestGridSessions", + "access_level": "Write", + "description": "Grants permission to deregister an organizational unit from AWS Control Tower management", + "privilege": "DeregisterOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "testgrid-project*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of tests within a testing suite", - "privilege": "ListTests", + "access_level": "Read", + "description": "Grants permission to describe the current account factory configuration", + "privilege": "DescribeAccountFactoryConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "suite*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of unique problems within a run", - "privilege": "ListUniqueProblems", + "access_level": "Read", + "description": "Grants permission to describe resources managed by core accounts in AWS Control Tower", + "privilege": "DescribeCoreService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of uploads within a project", - "privilege": "ListUploads", + "access_level": "Read", + "description": "Grants permission to describe a guardrail", + "privilege": "DescribeGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the information of Amazon Virtual Private Cloud (VPC) endpoint configurations", - "privilege": "ListVPCEConfigurations", + "access_level": "Read", + "description": "Grants permission to describe a guardrail for a organizational unit", + "privilege": "DescribeGuardrailForTarget", "resource_types": [ { "condition_keys": [], @@ -61654,9 +63478,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to purchase offerings for an AWS account", - "privilege": "PurchaseOffering", + "access_level": "Read", + "description": "Grants permission to describe the current Landing Zone configuration", + "privilege": "DescribeLandingZoneConfiguration", "resource_types": [ { "condition_keys": [], @@ -61666,9 +63490,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to set the quantity of devices to renew for an offering", - "privilege": "RenewOffering", + "access_level": "Read", + "description": "Grants permission to describe an account created through account factory", + "privilege": "DescribeManagedAccount", "resource_types": [ { "condition_keys": [], @@ -61678,195 +63502,109 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to schedule a run", - "privilege": "ScheduleRun", + "access_level": "Read", + "description": "Grants permission to describe an AWS Organizations organizational unit managed by AWS Control Tower", + "privilege": "DescribeManagedOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a Register Organizational Unit Operation", + "privilege": "DescribeRegisterOrganizationalUnitOperation", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the current AWS Control Tower IAM Identity Center configuration", + "privilege": "DescribeSingleSignOn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to terminate a running job", - "privilege": "StopJob", + "description": "Grants permission to disable a Baseline on a target", + "privilege": "DisableBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "EnabledBaseline*" } ] }, { "access_level": "Write", - "description": "Grants permission to terminate a running remote access session", - "privilege": "StopRemoteAccessSession", + "description": "Grants permission to remove a control from an organizational unit", + "privilege": "DisableControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "EnabledControl*" } ] }, { "access_level": "Write", - "description": "Grants permission to terminate a running test run", - "privilege": "StopRun", + "description": "Grants permission to disable a guardrail from an organizational unit", + "privilege": "DisableGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to enable a Baseline on a target", + "privilege": "EnableBaseline", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceinstance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "devicepool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instanceprofile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkprofile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "run" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "session" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-session" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vpceconfiguration" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "controltower:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to activate a control for an organizational unit", + "privilege": "EnableControl", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceinstance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "devicepool" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instanceprofile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "networkprofile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "run" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "session" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-project" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "testgrid-session" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vpceconfiguration" + "dependent_actions": [ + "controltower:TagResource" + ], + "resource_type": "EnabledControl" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -61876,258 +63614,104 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an existing device instance", - "privilege": "UpdateDeviceInstance", + "description": "Grants permission to enable a guardrail to an organizational unit", + "privilege": "EnableGuardrail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceinstance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "instanceprofile" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing device pool", - "privilege": "UpdateDevicePool", + "access_level": "Read", + "description": "Grants permission to describe an account email and validate that it exists", + "privilege": "GetAccountInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devicepool*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing instance profile", - "privilege": "UpdateInstanceProfile", + "access_level": "Read", + "description": "Grants permission to list available updates for the current AWS Control Tower deployment", + "privilege": "GetAvailableUpdates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instanceprofile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing network profile", - "privilege": "UpdateNetworkProfile", + "access_level": "Read", + "description": "Grants permission to get Baseline details", + "privilege": "GetBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "networkprofile*" + "resource_type": "Baseline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing mobile testing project", - "privilege": "UpdateProject", + "access_level": "Read", + "description": "Grants permission to get the current status of a particular Baseline operation", + "privilege": "GetBaselineOperation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify an existing desktop testing project", - "privilege": "UpdateTestGridProject", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "testgrid-project*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing upload", - "privilege": "UpdateUpload", + "access_level": "Read", + "description": "Grants permission to get the current status of a particular EnabledControl or DisableControl operation", + "privilege": "GetControlOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "upload*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify an existing Amazon Virtual Private Cloud (VPC) endpoint configuration", - "privilege": "UpdateVPCEConfiguration", + "access_level": "Read", + "description": "Grants permission to get an enabled Baseline", + "privilege": "GetEnabledBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpceconfiguration*" + "resource_type": "EnabledBaseline*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "project" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "run" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:job:${ResourceId}", - "condition_keys": [], - "resource": "job" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:suite:${ResourceId}", - "condition_keys": [], - "resource": "suite" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:test:${ResourceId}", - "condition_keys": [], - "resource": "test" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:upload:${ResourceId}", - "condition_keys": [], - "resource": "upload" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:artifact:${ResourceId}", - "condition_keys": [], - "resource": "artifact" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:sample:${ResourceId}", - "condition_keys": [], - "resource": "sample" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "networkprofile" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}::deviceinstance:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deviceinstance" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "session" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "devicepool" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}::device:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "device" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "instanceprofile" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "vpceconfiguration" - }, - { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:testgrid-project:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "testgrid-project" }, { - "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:testgrid-session:${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "testgrid-session" - } - ], - "service_name": "AWS Device Farm" - }, - { - "conditions": [ - { - "condition": "devops-guru:ServiceNames", - "description": "Filters access by API to restrict access to given AWS service names", - "type": "ArrayOfString" - } - ], - "prefix": "devops-guru", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add a notification channel to DevOps Guru", - "privilege": "AddNotificationChannel", + "access_level": "Read", + "description": "Grants permission to get an enabled control from an organizational unit", + "privilege": "GetEnabledControl", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sns:GetTopicAttributes", - "sns:SetTopicAttributes" - ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "EnabledControl*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete specified insight in your account", - "privilege": "DeleteInsight", + "access_level": "Read", + "description": "Grants permission to get the current compliance status of a guardrail", + "privilege": "GetGuardrailComplianceStatus", "resource_types": [ { "condition_keys": [], @@ -62138,8 +63722,8 @@ }, { "access_level": "Read", - "description": "Grants permission to view the health of operations in your AWS account", - "privilege": "DescribeAccountHealth", + "description": "Grants permission to get the home region of the AWS Control Tower setup", + "privilege": "GetHomeRegion", "resource_types": [ { "condition_keys": [], @@ -62150,20 +63734,20 @@ }, { "access_level": "Read", - "description": "Grants permission to view the health of operations within a time range in your AWS account", - "privilege": "DescribeAccountOverview", + "description": "Grants permission to get the current status of the landing zone setup", + "privilege": "GetLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LandingZone*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the details of a specified anomaly", - "privilege": "DescribeAnomaly", + "description": "Grants permission to get the current landing zone drift status", + "privilege": "GetLandingZoneDriftStatus", "resource_types": [ { "condition_keys": [], @@ -62174,8 +63758,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve details about event sources for DevOps Guru", - "privilege": "DescribeEventSourcesConfig", + "description": "Grants permission to get the current status of a particular landing zone operation", + "privilege": "GetLandingZoneOperation", "resource_types": [ { "condition_keys": [], @@ -62186,8 +63770,8 @@ }, { "access_level": "Read", - "description": "Grants permission to view the feedback details of a specified insight", - "privilege": "DescribeFeedback", + "description": "Grants permission to get the current status of the landing zone setup", + "privilege": "GetLandingZoneStatus", "resource_types": [ { "condition_keys": [], @@ -62197,9 +63781,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the details of a specified insight", - "privilege": "DescribeInsight", + "access_level": "List", + "description": "Grants permission to list Baselines", + "privilege": "ListBaselines", "resource_types": [ { "condition_keys": [], @@ -62209,9 +63793,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the health of operations in your organization", - "privilege": "DescribeOrganizationHealth", + "access_level": "List", + "description": "Grants permission to list the current directory groups available through IAM Identity Center", + "privilege": "ListDirectoryGroups", "resource_types": [ { "condition_keys": [], @@ -62222,8 +63806,8 @@ }, { "access_level": "Read", - "description": "Grants permission to view the health of operations within a time range in your organization", - "privilege": "DescribeOrganizationOverview", + "description": "Grants permission to list occurrences of drift in AWS Control Tower", + "privilege": "ListDriftDetails", "resource_types": [ { "condition_keys": [], @@ -62233,9 +63817,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the health of operations for each AWS CloudFormation stack or AWS Services or accounts specified in DevOps Guru in your organization", - "privilege": "DescribeOrganizationResourceCollectionHealth", + "access_level": "List", + "description": "Grants permission to list enabled Baselines", + "privilege": "ListEnabledBaselines", "resource_types": [ { "condition_keys": [], @@ -62245,9 +63829,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the health of operations for each AWS CloudFormation stack specified in DevOps Guru", - "privilege": "DescribeResourceCollectionHealth", + "access_level": "List", + "description": "Grants permission to list all enabled controls in a specified organizational unit", + "privilege": "ListEnabledControls", "resource_types": [ { "condition_keys": [], @@ -62257,9 +63841,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the integration status of services that can be integrated with DevOps Guru", - "privilege": "DescribeServiceIntegration", + "access_level": "List", + "description": "Grants permission to list currently enabled guardrails", + "privilege": "ListEnabledGuardrails", "resource_types": [ { "condition_keys": [], @@ -62269,9 +63853,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list service resource cost estimates", - "privilege": "GetCostEstimation", + "access_level": "List", + "description": "Grants permission to list Precheck details for an Organizational Unit", + "privilege": "ListExtendGovernancePrecheckDetails", "resource_types": [ { "condition_keys": [], @@ -62282,8 +63866,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list AWS CloudFormation stacks that DevOps Guru is configured to use", - "privilege": "GetResourceCollection", + "description": "Grants permission to list the compliance of external AWS Config rules", + "privilege": "ListExternalConfigRuleCompliance", "resource_types": [ { "condition_keys": [], @@ -62294,13 +63878,11 @@ }, { "access_level": "List", - "description": "Grants permission to list anomalies of a given insight in your account", - "privilege": "ListAnomaliesForInsight", + "description": "Grants permission to list existing guardrail violations", + "privilege": "ListGuardrailViolations", "resource_types": [ { - "condition_keys": [ - "devops-guru:ServiceNames" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -62308,8 +63890,8 @@ }, { "access_level": "List", - "description": "Grants permission to list log anomalies of a given insight in your account", - "privilege": "ListAnomalousLogGroups", + "description": "Grants permission to list all available guardrails", + "privilege": "ListGuardrails", "resource_types": [ { "condition_keys": [], @@ -62320,8 +63902,8 @@ }, { "access_level": "List", - "description": "Grants permission to list resource events that are evaluated by DevOps Guru", - "privilege": "ListEvents", + "description": "Grants permission to list guardrails and their current state for a organizational unit", + "privilege": "ListGuardrailsForTarget", "resource_types": [ { "condition_keys": [], @@ -62332,8 +63914,8 @@ }, { "access_level": "List", - "description": "Grants permission to list insights in your account", - "privilege": "ListInsights", + "description": "Grants permission to list all landing zones", + "privilege": "ListLandingZones", "resource_types": [ { "condition_keys": [], @@ -62344,8 +63926,8 @@ }, { "access_level": "List", - "description": "Grants permission to list resource monitored by DevOps Guru in your account", - "privilege": "ListMonitoredResources", + "description": "Grants permission to list accounts managed through AWS Control Tower", + "privilege": "ListManagedAccounts", "resource_types": [ { "condition_keys": [], @@ -62356,8 +63938,8 @@ }, { "access_level": "List", - "description": "Grants permission to list notification channels configured for DevOps Guru in your account", - "privilege": "ListNotificationChannels", + "description": "Grants permission to list managed accounts with a specified guardrail applied", + "privilege": "ListManagedAccountsForGuardrail", "resource_types": [ { "condition_keys": [], @@ -62368,8 +63950,8 @@ }, { "access_level": "List", - "description": "Grants permission to list insights in your organization", - "privilege": "ListOrganizationInsights", + "description": "Grants permission to list managed accounts under an organizational unit", + "privilege": "ListManagedAccountsForParent", "resource_types": [ { "condition_keys": [], @@ -62380,8 +63962,8 @@ }, { "access_level": "List", - "description": "Grants permission to list a specified insight's recommendations", - "privilege": "ListRecommendations", + "description": "Grants permission to list organizational units managed by AWS Control Tower", + "privilege": "ListManagedOrganizationalUnits", "resource_types": [ { "condition_keys": [], @@ -62391,9 +63973,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to submit a feedback to DevOps Guru", - "privilege": "PutFeedback", + "access_level": "List", + "description": "Grants permission to list managed organizational units that have a specified guardrail applied", + "privilege": "ListManagedOrganizationalUnitsForGuardrail", "resource_types": [ { "condition_keys": [], @@ -62403,62 +63985,31 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove a notification channel from DevOps Guru", - "privilege": "RemoveNotificationChannel", + "access_level": "Read", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sns:GetTopicAttributes", - "sns:SetTopicAttributes" - ], - "resource_type": "topic*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to search insights in your account", - "privilege": "SearchInsights", - "resource_types": [ - { - "condition_keys": [ - "devops-guru:ServiceNames" - ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to search insights in your organization", - "privilege": "SearchOrganizationInsights", - "resource_types": [ + "resource_type": "EnabledBaseline" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to start the creation of an estimate of the monthly cost", - "privilege": "StartCostEstimation", - "resource_types": [ + "resource_type": "EnabledControl" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LandingZone" } ] }, { "access_level": "Write", - "description": "Grants permission to update an event source for DevOps Guru", - "privilege": "UpdateEventSourcesConfig", + "description": "Grants permission to set up an organizational unit to be managed by AWS Control Tower", + "privilege": "ManageOrganizationalUnit", "resource_types": [ { "condition_keys": [], @@ -62468,9 +64019,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the list of AWS CloudFormation stacks that are used to specify which AWS resources in your account are analyzed by DevOps Guru", - "privilege": "UpdateResourceCollection", + "access_level": "Read", + "description": "Grants permission to perform validations in an account", + "privilege": "PerformPreLaunchChecks", "resource_types": [ { "condition_keys": [], @@ -62481,84 +64032,59 @@ }, { "access_level": "Write", - "description": "Grants permission to enable or disable a service that integrates with DevOps Guru", - "privilege": "UpdateServiceIntegration", + "description": "Grants permission to reset an enabled Baseline", + "privilege": "ResetEnabledBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "EnabledBaseline*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:sns:${Region}:${Account}:${TopicName}", - "condition_keys": [], - "resource": "topic" - } - ], - "service_name": "Amazon DevOps Guru" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "String" - } - ], - "prefix": "directconnect", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept a proposal request to attach a virtual private gateway to a Direct Connect gateway", - "privilege": "AcceptDirectConnectGatewayAssociationProposal", + "description": "Grants permission to reset a landing zone", + "privilege": "ResetLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway*" + "resource_type": "LandingZone*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a hosted connection on an interconnect", - "privilege": "AllocateConnectionOnInterconnect", + "description": "Grants permission to set up or update AWS Control Tower landing zone", + "privilege": "SetupLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new hosted connection between a AWS Direct Connect partner's network and a specific AWS Direct Connect location", - "privilege": "AllocateHostedConnection", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "EnabledBaseline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "EnabledControl" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LandingZone" }, { "condition_keys": [ @@ -62571,23 +64097,27 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to provision a private virtual interface to be owned by a different customer", - "privilege": "AllocatePrivateVirtualInterface", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "EnabledBaseline" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "EnabledControl" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LandingZone" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -62597,218 +64127,272 @@ }, { "access_level": "Write", - "description": "Grants permission to provision a public virtual interface to be owned by a different customer", - "privilege": "AllocatePublicVirtualInterface", + "description": "Grants permission to update the account factory configuration", + "privilege": "UpdateAccountFactoryConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to provision a transit virtual interface to be owned by a different customer", - "privilege": "AllocateTransitVirtualInterface", + "description": "Grants permission to update an enabled Baseline", + "privilege": "UpdateEnabledBaseline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "EnabledBaseline*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a connection with a LAG", - "privilege": "AssociateConnectionWithLag", + "description": "Grants permission to update an enabled control for an organizational unit", + "privilege": "UpdateEnabledControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag*" + "resource_type": "EnabledControl*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a hosted connection and its virtual interfaces with a link aggregation group (LAG) or interconnect", - "privilege": "AssociateHostedConnection", + "description": "Grants permission to update a landing zone", + "privilege": "UpdateLandingZone", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxcon" - }, + "resource_type": "LandingZone*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:controltower:${Region}:${Account}:enabledcontrol/${EnabledControlId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "EnabledControl" + }, + { + "arn": "arn:${Partition}:controltower:${Region}::baseline/${BaselineId}", + "condition_keys": [], + "resource": "Baseline" + }, + { + "arn": "arn:${Partition}:controltower:${Region}:${Account}:enabledbaseline/${EnabledBaselineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "EnabledBaseline" + }, + { + "arn": "arn:${Partition}:controltower:${Region}:${Account}:landingzone/${LandingZoneId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "LandingZone" + } + ], + "service_name": "AWS Control Tower" + }, + { + "conditions": [], + "prefix": "cost-optimization-hub", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get preferences", + "privilege": "GetPreferences", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a MAC Security (MACsec) Connection Key Name (CKN)/ Connectivity Association Key (CAK) pair with an AWS Direct Connect dedicated connection", - "privilege": "AssociateMacSecKey", + "access_level": "Read", + "description": "Grants permission to get resource configuration and estimated cost impact for a recommendation", + "privilege": "GetRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list enrollment statuses for the specified account or all members under a management account", + "privilege": "ListEnrollmentStatuses", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a virtual interface with a specified link aggregation group (LAG) or connection", - "privilege": "AssociateVirtualInterface", + "access_level": "List", + "description": "Grants permission to list recommendation summaries by group", + "privilege": "ListRecommendationSummaries", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxvif*" - }, + "dependent_actions": [ + "cost-optimization-hub:GetRecommendation" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list summary view of recommendations", + "privilege": "ListRecommendations", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxcon" - }, + "dependent_actions": [ + "cost-optimization-hub:GetRecommendation" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the enrollment status", + "privilege": "UpdateEnrollmentStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to confirm the creation of a hosted connection on an interconnect", - "privilege": "ConfirmConnection", + "description": "Grants permission to update preferences", + "privilege": "UpdatePreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Cost Optimization Hub" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "cur", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to confirm the the terms of agreement when creating the connection or link aggregation group (LAG)", - "privilege": "ConfirmCustomerAgreement", + "description": "Grants permission to delete Cost and Usage Report Definition", + "privilege": "DeleteReportDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cur*" } ] }, { - "access_level": "Write", - "description": "Grants permission to accept ownership of a private virtual interface created by another customer", - "privilege": "ConfirmPrivateVirtualInterface", + "access_level": "Read", + "description": "Grants permission to get Cost and Usage Report Definitions", + "privilege": "DescribeReportDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to accept ownership of a public virtual interface created by another customer", - "privilege": "ConfirmPublicVirtualInterface", + "access_level": "Read", + "description": "Grants permission to get Bills CSV report", + "privilege": "GetClassicReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to accept ownership of a transit virtual interface created by another customer", - "privilege": "ConfirmTransitVirtualInterface", + "access_level": "Read", + "description": "Grants permission to get the classic report enablement status for Usage Reports", + "privilege": "GetClassicReportPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a BGP peer on the specified virtual interface", - "privilege": "CreateBGPPeer", + "access_level": "Read", + "description": "Grants permission to get list of AWS services, usage type and operation for the Usage Report workflow. Allows or denies download of usage reports too", + "privilege": "GetUsageReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new connection between the customer network and a specific AWS Direct Connect location", - "privilege": "CreateConnection", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "cur*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -62817,54 +64401,55 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Direct Connect gateway, which is an intermediate object that enables you to connect a set of virtual interfaces and virtual private gateways", - "privilege": "CreateDirectConnectGateway", + "description": "Grants permission to modify Cost and Usage Report Definition", + "privilege": "ModifyReportDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cur*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an association between a Direct Connect gateway and a virtual private gateway", - "privilege": "CreateDirectConnectGatewayAssociation", + "description": "Grants permission to enable classic reports", + "privilege": "PutClassicReportPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a proposal to associate the specified virtual private gateway with the specified Direct Connect gateway", - "privilege": "CreateDirectConnectGatewayAssociationProposal", + "description": "Grants permission to write Cost and Usage Report Definition", + "privilege": "PutReportDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway*" + "resource_type": "cur*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new interconnect between a AWS Direct Connect partner's network and a specific AWS Direct Connect location", - "privilege": "CreateInterconnect", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "cur*" }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -62872,45 +64457,82 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a link aggregation group (LAG) with the specified number of bundled physical connections between the customer network and a specific AWS Direct Connect location", - "privilege": "CreateLag", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "cur*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Read", + "description": "Grants permission to validates if the s3 bucket exists with appropriate permissions for CUR delivery", + "privilege": "ValidateReportDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:cur:${Region}:${Account}:definition/${ReportName}", + "condition_keys": [], + "resource": "cur" + } + ], + "service_name": "AWS Cost and Usage Report" + }, + { + "conditions": [], + "prefix": "customer-verification", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a new private virtual interface", - "privilege": "CreatePrivateVirtualInterface", + "description": "Grants permission to create customer verification data", + "privilege": "CreateCustomerVerificationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get customer verification data", + "privilege": "GetCustomerVerificationDetails", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get customer verification eligibility", + "privilege": "GetCustomerVerificationEligibility", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -62918,19 +64540,57 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new public virtual interface", - "privilege": "CreatePublicVirtualInterface", + "description": "Grants permission to update customer verification data", + "privilege": "UpdateCustomerVerificationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Customer Verification Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "databrew", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to delete one or more recipe versions", + "privilege": "BatchDeleteRecipeVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" - }, + "resource_type": "Recipe*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a dataset", + "privilege": "CreateDataset", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -62943,19 +64603,9 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new transit virtual interface", - "privilege": "CreateTransitVirtualInterface", + "description": "Grants permission to create a profile job", + "privilege": "CreateProfileJob", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -62968,59 +64618,74 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified BGP peer on the specified virtual interface with the specified customer address and ASN", - "privilege": "DeleteBGPPeer", + "description": "Grants permission to create a project", + "privilege": "CreateProject", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the connection", - "privilege": "DeleteConnection", + "description": "Grants permission to create a recipe", + "privilege": "CreateRecipe", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Direct Connect gateway", - "privilege": "DeleteDirectConnectGateway", + "description": "Grants permission to create a recipe job", + "privilege": "CreateRecipeJob", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dx-gateway*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the association between the specified Direct Connect gateway and virtual private gateway", - "privilege": "DeleteDirectConnectGatewayAssociation", + "description": "Grants permission to create a ruleset", + "privilege": "CreateRuleset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dx-gateway*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the association proposal request between the specified Direct Connect gateway and virtual private gateway", - "privilege": "DeleteDirectConnectGatewayAssociationProposal", + "description": "Grants permission to create a schedule", + "privilege": "CreateSchedule", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -63028,210 +64693,200 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified interconnect", - "privilege": "DeleteInterconnect", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "Dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified link aggregation group (LAG)", - "privilege": "DeleteLag", + "description": "Grants permission to delete a job", + "privilege": "DeleteJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a virtual interface", - "privilege": "DeleteVirtualInterface", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "Project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the LOA-CFA for a Connection", - "privilege": "DescribeConnectionLoa", + "access_level": "Write", + "description": "Grants permission to delete a recipe version", + "privilege": "DeleteRecipeVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "Recipe*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all connections in this region", - "privilege": "DescribeConnections", + "access_level": "Write", + "description": "Grants permission to delete a ruleset", + "privilege": "DeleteRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "Ruleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a list of connections that have been provisioned on the given interconnect", - "privilege": "DescribeConnectionsOnInterconnect", + "access_level": "Write", + "description": "Grants permission to delete a schedule", + "privilege": "DeleteSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "Schedule*" } ] }, { "access_level": "Read", - "description": "Grants permission to view a list of customer agreements, along with their signed status and whether the customer is an NNIPartner, NNIPartnerV2, or a nonPartner", - "privilege": "DescribeCustomerMetadata", + "description": "Grants permission to view details about a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe one or more association proposals for connection between a virtual private gateway and a Direct Connect gateway", - "privilege": "DescribeDirectConnectGatewayAssociationProposals", + "description": "Grants permission to view details about a job", + "privilege": "DescribeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the associations between your Direct Connect gateways and virtual private gateways", - "privilege": "DescribeDirectConnectGatewayAssociations", + "description": "Grants permission to view details about job run for a given job", + "privilege": "DescribeJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the attachments between your Direct Connect gateways and virtual interfaces", - "privilege": "DescribeDirectConnectGatewayAttachments", + "description": "Grants permission to view details about a project", + "privilege": "DescribeProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway" + "resource_type": "Project*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe all your Direct Connect gateways or only the specified Direct Connect gateway", - "privilege": "DescribeDirectConnectGateways", + "description": "Grants permission to view details about a recipe", + "privilege": "DescribeRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway" + "resource_type": "Recipe*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the hosted connections that have been provisioned on the specified interconnect or link aggregation group (LAG)", - "privilege": "DescribeHostedConnections", + "description": "Grants permission to view details about a ruleset", + "privilege": "DescribeRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "Ruleset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the LOA-CFA for an Interconnect", - "privilege": "DescribeInterconnectLoa", + "description": "Grants permission to view details about a schedule", + "privilege": "DescribeSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "Schedule*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a list of interconnects owned by the AWS account", - "privilege": "DescribeInterconnects", + "description": "Grants permission to list datasets in your account", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe all your link aggregation groups (LAG) or the specified LAG", - "privilege": "DescribeLags", + "description": "Grants permission to list job runs for a given job", + "privilege": "ListJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the LOA-CFA for a connection, interconnect, or link aggregation group (LAG)", - "privilege": "DescribeLoa", + "description": "Grants permission to list jobs in your account", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the list of AWS Direct Connect locations in the current AWS region", - "privilege": "DescribeLocations", + "description": "Grants permission to list projects in your account", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], @@ -63242,42 +64897,44 @@ }, { "access_level": "Read", - "description": "Grants permission to describe Details about the router for a virtual interface", - "privilege": "DescribeRouterConfiguration", + "description": "Grants permission to list versions in your recipe", + "privilege": "ListRecipeVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "Recipe*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the tags associated with the specified AWS Direct Connect resources", - "privilege": "DescribeTags", + "description": "Grants permission to list recipes in your account", + "privilege": "ListRecipes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list rulesets in your account", + "privilege": "ListRulesets", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a list of virtual private gateways owned by the AWS account", - "privilege": "DescribeVirtualGateways", + "description": "Grants permission to list schedules in your account", + "privilege": "ListSchedules", "resource_types": [ { "condition_keys": [], @@ -63288,115 +64945,135 @@ }, { "access_level": "Read", - "description": "Grants permission to describe all virtual interfaces for an AWS account", - "privilege": "DescribeVirtualInterfaces", + "description": "Grants permission to retrieve tags associated with a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "Dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "Job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate a connection from a link aggregation group (LAG)", - "privilege": "DisassociateConnectionFromLag", - "resource_types": [ + "resource_type": "Project" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "Recipe" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag*" + "resource_type": "Ruleset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Schedule" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the association between a MAC Security (MACsec) security key and an AWS Direct Connect dedicated connection", - "privilege": "DisassociateMacSecKey", + "description": "Grants permission to publish a major verison of a recipe", + "privilege": "PublishRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "Recipe*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the virtual interface failover test history", - "privilege": "ListVirtualInterfaceTestHistory", + "access_level": "Write", + "description": "Grants permission to submit an action to the interactive session for a project", + "privilege": "SendProjectSessionAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the virtual interface failover test that verifies your configuration meets your resiliency requirements by placing the BGP peering session in the DOWN state. You can then send traffic to verify that there are no outages", - "privilege": "StartBgpFailoverTest", + "description": "Grants permission to start running a job", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the virtual interface failover test", - "privilege": "StopBgpFailoverTest", - "resource_types": [ + "description": "Grants permission to start an interactive session for a project", + "privilege": "StartProjectSession", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "Project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a job run for a job", + "privilege": "StopJobRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Job*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified AWS Direct Connect resource. Each resource can have a maximum of 50 tags", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "Dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "Job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif" + "resource_type": "Project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Recipe" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Schedule" }, { "condition_keys": [ @@ -63410,23 +65087,38 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified AWS Direct Connect resource", + "description": "Grants permission to remove tags associated with a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon" + "resource_type": "Dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag" + "resource_type": "Job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif" + "resource_type": "Project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Recipe" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Schedule" }, { "condition_keys": [ @@ -63439,145 +65131,203 @@ }, { "access_level": "Write", - "description": "Grants permission to update the AWS Direct Connect dedicated connection configuration. You can update the following parameters for a connection: The connection name or The connection's MAC Security (MACsec) encryption mode", - "privilege": "UpdateConnection", + "description": "Grants permission to modify a dataset", + "privilege": "UpdateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxcon*" + "resource_type": "Dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name of a Direct Connect gateway", - "privilege": "UpdateDirectConnectGateway", + "description": "Grants permission to modify a profile job", + "privilege": "UpdateProfileJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dx-gateway*" + "resource_type": "Job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the specified attributes of the Direct Connect gateway association", - "privilege": "UpdateDirectConnectGatewayAssociation", + "description": "Grants permission to modify a project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the attributes of the specified link aggregation group (LAG)", - "privilege": "UpdateLag", + "description": "Grants permission to modify a recipe", + "privilege": "UpdateRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxlag*" + "resource_type": "Recipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the specified attributes of the specified virtual private interface", - "privilege": "UpdateVirtualInterfaceAttributes", + "description": "Grants permission to modify a recipe job", + "privilege": "UpdateRecipeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dxvif*" + "resource_type": "Job*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a ruleset", + "privilege": "UpdateRuleset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Ruleset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a schedule", + "privilege": "UpdateSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Schedule*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:directconnect:${Region}:${Account}:dxcon/${ConnectionId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:project/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "dxcon" + "resource": "Project" }, { - "arn": "arn:${Partition}:directconnect:${Region}:${Account}:dxlag/${LagId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:dataset/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "dxlag" + "resource": "Dataset" }, { - "arn": "arn:${Partition}:directconnect:${Region}:${Account}:dxvif/${VirtualInterfaceId}", + "arn": "arn:${Partition}:databrew:${Region}:${Account}:ruleset/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "dxvif" + "resource": "Ruleset" }, { - "arn": "arn:${Partition}:directconnect::${Account}:dx-gateway/${DirectConnectGatewayId}", - "condition_keys": [], - "resource": "dx-gateway" + "arn": "arn:${Partition}:databrew:${Region}:${Account}:recipe/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Recipe" + }, + { + "arn": "arn:${Partition}:databrew:${Region}:${Account}:job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Job" + }, + { + "arn": "arn:${Partition}:databrew:${Region}:${Account}:schedule/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Schedule" } ], - "service_name": "AWS Direct Connect" + "service_name": "AWS Glue DataBrew" }, { "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the mandatory tags in the create request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag value associated with the resource", + "type": "String" + }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by the presence of mandatory tags in the create request", "type": "ArrayOfString" + }, + { + "condition": "dataexchange:JobType", + "description": "Filters access by the specified job type", + "type": "String" } ], - "prefix": "discovery", + "prefix": "dataexchange", "privileges": [ { "access_level": "Write", - "description": "Grants permission to AssociateConfigurationItemsToApplication API. AssociateConfigurationItemsToApplication associates one or more configuration items with an application", - "privilege": "AssociateConfigurationItemsToApplication", + "description": "Grants permission to cancel a job", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobs*" } ] }, { "access_level": "Write", - "description": "Grants permission to BatchDeleteImportData API. BatchDeleteImportData deletes one or more Migration Hub import tasks, each identified by their import ID. Each import task has a number of records, which can identify servers or applications", - "privilege": "BatchDeleteImportData", + "description": "Grants permission to create an asset (for example, in a Job)", + "privilege": "CreateAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions*" } ] }, { "access_level": "Write", - "description": "Grants permission to CreateApplication API. CreateApplication creates an application with the given name and description", - "privilege": "CreateApplication", + "description": "Grants permission to create a data set", + "privilege": "CreateDataSet", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to CreateTags API. CreateTags creates one or more tags for configuration items. Tags are metadata that help you categorize IT assets. This API accepts a list of multiple configuration items", - "privilege": "CreateTags", + "access_level": "Write", + "description": "Grants permission to create an event action", + "privilege": "CreateEventAction", "resource_types": [ { "condition_keys": [], @@ -63588,8 +65338,8 @@ }, { "access_level": "Write", - "description": "Grants permission to DeleteApplications API. DeleteApplications deletes a list of applications and their associations with configuration items", - "privilege": "DeleteApplications", + "description": "Grants permission to create a job to import or export assets", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], @@ -63599,12 +65349,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to DeleteTags API. DeleteTags deletes the association between configuration items and one or more tags. This API accepts a list of multiple configuration items", - "privilege": "DeleteTags", + "access_level": "Write", + "description": "Grants permission to create a revision", + "privilege": "CreateRevision", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-sets*" + }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -63613,153 +65369,154 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to DescribeAgents API. DescribeAgents lists agents or the Connector by ID or lists all agents/Connectors associated with your user if you did not specify an ID", - "privilege": "DescribeAgents", + "access_level": "Write", + "description": "Grants permission to delete an asset", + "privilege": "DeleteAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" } ] }, { - "access_level": "Read", - "description": "Grants permission to DescribeConfigurations API. DescribeConfigurations retrieves attributes for a list of configuration item IDs. All of the supplied IDs must be for the same asset type (server, application, process, or connection). Output fields are specific to the asset type selected. For example, the output for a server configuration item includes a list of attributes about the server, such as host name, operating system, and number of network cards", - "privilege": "DescribeConfigurations", + "access_level": "Write", + "description": "Grants permission to delete a data set", + "privilege": "DeleteDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-data-sets*" } ] }, { - "access_level": "Read", - "description": "Grants permission to DescribeContinuousExports API. DescribeContinuousExports lists exports as specified by ID. All continuous exports associated with your user can be listed if you call DescribeContinuousExports as is without passing any parameters", - "privilege": "DescribeContinuousExports", + "access_level": "Write", + "description": "Grants permission to delete an event action", + "privilege": "DeleteEventAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-actions*" } ] }, { - "access_level": "Read", - "description": "Grants permission to DescribeExportConfigurations API. DescribeExportConfigurations retrieves the status of a given export process. You can retrieve status from a maximum of 100 processes", - "privilege": "DescribeExportConfigurations", + "access_level": "Write", + "description": "Grants permission to delete a revision", + "privilege": "DeleteRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions*" } ] }, { "access_level": "Read", - "description": "Grants permission to DescribeExportTasks API. DescribeExportTasks retrieve status of one or more export tasks. You can retrieve the status of up to 100 export tasks", - "privilege": "DescribeExportTasks", + "description": "Grants permission to get information about an asset and to export it (for example, in a Job)", + "privilege": "GetAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to DescribeImportTasks API. DescribeImportTasks returns an array of import tasks for your user, including status information, times, IDs, the Amazon S3 Object URL for the import file, and more", - "privilege": "DescribeImportTasks", - "resource_types": [ + "resource_type": "assets*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entitled-assets*" } ] }, { "access_level": "Read", - "description": "Grants permission to DescribeTags API. DescribeTags retrieves a list of configuration items that are tagged with a specific tag. Or retrieves a list of all tags assigned to a specific configuration item", - "privilege": "DescribeTags", + "description": "Grants permission to get information about a data set", + "privilege": "GetDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to DisassociateConfigurationItemsFromApplication API. DisassociateConfigurationItemsFromApplication disassociates one or more configuration items from an application", - "privilege": "DisassociateConfigurationItemsFromApplication", - "resource_types": [ + "resource_type": "data-sets*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entitled-data-sets*" } ] }, { - "access_level": "Write", - "description": "Grants permission to ExportConfigurations API. ExportConfigurations exports all discovered configuration data to an Amazon S3 bucket or an application that enables you to view and evaluate the data. Data includes tags and tag associations, processes, connections, servers, and system performance", - "privilege": "ExportConfigurations", + "access_level": "Read", + "description": "Grants permission to get an event action", + "privilege": "GetEventAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-actions*" } ] }, { "access_level": "Read", - "description": "Grants permission to GetDiscoverySummary API. GetDiscoverySummary retrieves a short summary of discovered assets", - "privilege": "GetDiscoverySummary", + "description": "Grants permission to get information about a job", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobs*" } ] }, { "access_level": "Read", - "description": "Grants permission to GetNetworkConnectionGraph API. GetNetworkConnectionGraph accepts input list of one of - Ip Addresses, server ids or node ids. Returns a list of nodes and edges which help customer visualize network connection graph. This API is used for visualize network graph functionality in MigrationHub console", - "privilege": "GetNetworkConnectionGraph", + "description": "Grants permission to get information about a revision", + "privilege": "GetRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entitled-revisions*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions*" } ] }, { "access_level": "List", - "description": "Grants permission to ListConfigurations API. ListConfigurations retrieves a list of configuration items according to criteria you specify in a filter. The filter criteria identify relationship requirements", - "privilege": "ListConfigurations", + "description": "Grants permission to list the revisions of a data set", + "privilege": "ListDataSetRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entitled-data-sets*" } ] }, { "access_level": "List", - "description": "Grants permission to ListServerNeighbors API. ListServerNeighbors retrieves a list of servers which are one network hop away from a specified server", - "privilege": "ListServerNeighbors", + "description": "Grants permission to list data sets for the account", + "privilege": "ListDataSets", "resource_types": [ { "condition_keys": [], @@ -63769,26 +65526,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to StartContinuousExport API. StartContinuousExport start the continuous flow of agent's discovered data into Amazon Athena", - "privilege": "StartContinuousExport", + "access_level": "List", + "description": "Grants permission to list event actions for the account", + "privilege": "ListEventActions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AttachRolePolicy", - "iam:CreatePolicy", - "iam:CreateRole", - "iam:CreateServiceLinkedRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to StartDataCollectionByAgentIds API. StartDataCollectionByAgentIds instructs the specified agents or Connectors to start collecting data", - "privilege": "StartDataCollectionByAgentIds", + "access_level": "List", + "description": "Grants permission to list jobs for the account", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], @@ -63798,168 +65550,126 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to StartExportTask API. StartExportTask export the configuration data about discovered configuration items and relationships to an S3 bucket in a specified format", - "privilege": "StartExportTask", + "access_level": "List", + "description": "Grants permission to get list the assets of a revision", + "privilege": "ListRevisionAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to StartImportTask API. StartImportTask starts an import task. The Migration Hub import feature allows you to import details of your on-premises environment directly into AWS without having to use the Application Discovery Service (ADS) tools such as the Discovery Connector or Discovery Agent. This gives you the option to perform migration assessment and planning directly from your imported data including the ability to group your devices as applications and track their migration status", - "privilege": "StartImportTask", - "resource_types": [ + "resource_type": "entitled-revisions*" + }, { "condition_keys": [], - "dependent_actions": [ - "discovery:AssociateConfigurationItemsToApplication", - "discovery:CreateApplication", - "discovery:CreateTags", - "discovery:GetDiscoverySummary", - "discovery:ListConfigurations", - "s3:GetObject" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "revisions*" } ] }, { - "access_level": "Write", - "description": "Grants permission to StopContinuousExport API. StopContinuousExport stops the continuous flow of agent's discovered data into Amazon Athena", - "privilege": "StopContinuousExport", + "access_level": "List", + "description": "Grants permission to list the tags that you associated with the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to StopDataCollectionByAgentIds API. StopDataCollectionByAgentIds instructs the specified agents or Connectors to stop collecting data", - "privilege": "StopDataCollectionByAgentIds", - "resource_types": [ + "resource_type": "data-sets" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions" } ] }, { "access_level": "Write", - "description": "Grants permission to UpdateApplication API. UpdateApplication updates metadata about an application", - "privilege": "UpdateApplication", + "description": "Grants permission to publish a data set", + "privilege": "PublishDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-sets*" } ] - } - ], - "resources": [], - "service_name": "AWS Application Discovery Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "dlm", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a data lifecycle policy to manage the scheduled creation and retention of Amazon EBS snapshots. You may have up to 100 policies", - "privilege": "CreateLifecyclePolicy", + "description": "Grants permission to revoke subscriber access to a revision", + "privilege": "RevokeRevision", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "revisions*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing data lifecycle policy. In addition, this action halts the creation and deletion of snapshots that the policy specified. Existing snapshots are not affected", - "privilege": "DeleteLifecyclePolicy", + "description": "Grants permission to send a request to an API asset", + "privilege": "SendApiAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to returns a list of summary descriptions of data lifecycle policies", - "privilege": "GetLifecyclePolicies", - "resource_types": [ + "resource_type": "assets*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entitled-assets*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a complete description of a single data lifecycle policy", - "privilege": "GetLifecyclePolicy", + "access_level": "Write", + "description": "Grants permission to send a notification to subscribers of a data set", + "privilege": "SendDataSetNotification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "data-sets*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags associated with a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to start a job", + "privilege": "StartJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" + "dependent_actions": [ + "dataexchange:CreateAsset", + "dataexchange:DeleteDataSet", + "dataexchange:GetAsset", + "dataexchange:GetDataSet", + "dataexchange:GetRevision", + "dataexchange:PublishDataSet", + "redshift:AuthorizeDataShare" + ], + "resource_type": "jobs*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add or update tags of a resource", + "description": "Grants permission to add one or more tags to a specified resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "data-sets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions" }, { "condition_keys": [ @@ -63973,17 +65683,21 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", + "description": "Grants permission to remove one or more tags from a specified resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "data-sets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "revisions" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -63993,173 +65707,256 @@ }, { "access_level": "Write", - "description": "Grants permission to update an existing data lifecycle policy", - "privilege": "UpdateLifecyclePolicy", + "description": "Grants permission to get update information about an asset", + "privilege": "UpdateAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "assets*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update information about a data set", + "privilege": "UpdateDataSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-sets*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update information for an event action", + "privilege": "UpdateEventAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-actions*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update information about a revision", + "privilege": "UpdateRevision", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "dataexchange:PublishDataSet" + ], + "resource_type": "revisions*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:dlm:${Region}:${Account}:policy/${ResourceName}", + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:jobs/${JobId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "dataexchange:JobType" ], - "resource": "policy" - } - ], - "service_name": "Amazon Data Lifecycle Manager" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs attached to the resource", - "type": "String" + "resource": "jobs" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "data-sets" }, { - "condition": "dms:cert-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for Certificate", - "type": "String" + "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}", + "condition_keys": [], + "resource": "entitled-data-sets" }, { - "condition": "dms:data-migration-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for DataMigration", - "type": "String" + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "revisions" }, { - "condition": "dms:data-provider-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for DataProvider", - "type": "String" + "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}", + "condition_keys": [], + "resource": "entitled-revisions" }, { - "condition": "dms:endpoint-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for Endpoint", - "type": "String" + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", + "condition_keys": [], + "resource": "assets" }, { - "condition": "dms:es-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for EventSubscription", - "type": "String" + "arn": "arn:${Partition}:dataexchange:${Region}::data-sets/${DataSetId}/revisions/${RevisionId}/assets/${AssetId}", + "condition_keys": [], + "resource": "entitled-assets" }, { - "condition": "dms:instance-profile-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for InstanceProfile", - "type": "String" - }, + "arn": "arn:${Partition}:dataexchange:${Region}:${Account}:event-actions/${EventActionId}", + "condition_keys": [], + "resource": "event-actions" + } + ], + "service_name": "AWS Data Exchange" + }, + { + "conditions": [ { - "condition": "dms:migration-project-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for MigrationProject", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { - "condition": "dms:rep-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationInstance", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { - "condition": "dms:replication-config-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationConfig", - "type": "String" + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" }, { - "condition": "dms:req-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the given request", - "type": "String" + "condition": "datapipeline:PipelineCreator", + "description": "Filters access by the IAM user that created the pipeline", + "type": "ArrayOfString" }, { - "condition": "dms:subgrp-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationSubnetGroup", - "type": "String" + "condition": "datapipeline:Tag", + "description": "Filters access by customer-specified key/value pair that can be attached to a resource", + "type": "ArrayOfString" }, { - "condition": "dms:task-tag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationTask", - "type": "String" + "condition": "datapipeline:workerGroup", + "description": "Filters access by the name of a worker group for which a Task Runner retrieves work", + "type": "ArrayOfString" } ], - "prefix": "dms", + "prefix": "datapipeline", "privileges": [ { - "access_level": "Tagging", - "description": "Grants permission to add metadata tags to DMS resources, including replication instances, endpoints, security groups, and migration tasks", - "privilege": "AddTagsToResource", + "access_level": "Write", + "description": "Grants permission to validate the specified pipeline and starts processing pipeline tasks. If the pipeline does not pass validation, activation fails", + "privilege": "ActivatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Certificate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataMigration" + "resource_type": "pipeline*" }, { - "condition_keys": [], + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "datapipeline:workerGroup" + ], "dependent_actions": [], - "resource_type": "DataProvider" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add or modify tags for the specified pipeline", + "privilege": "AddTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint" + "resource_type": "pipeline*" }, { - "condition_keys": [], + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "EventSubscription" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new, empty pipeline", + "privilege": "CreatePipeline", + "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceProfile" - }, + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "datapipeline:Tag" + ], + "dependent_actions": [ + "datapipeline:AddTags" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Deactivate the specified running pipeline", + "privilege": "DeactivatePipeline", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject" + "resource_type": "pipeline*" }, { - "condition_keys": [], + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "datapipeline:workerGroup" + ], "dependent_actions": [], - "resource_type": "ReplicationConfig" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a pipeline, its pipeline definition, and its run history", + "privilege": "DeletePipeline", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance" + "resource_type": "pipeline*" }, { - "condition_keys": [], + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag" + ], "dependent_actions": [], - "resource_type": "ReplicationSubnetGroup" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the object definitions for a set of objects associated with the pipeline", + "privilege": "DescribeObjects", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask" + "resource_type": "pipeline*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "datapipeline:PipelineCreator", + "datapipeline:Tag" ], "dependent_actions": [], "resource_type": "" @@ -64167,35 +65964,49 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to apply a pending maintenance action to a resource (for example, to a replication instance)", - "privilege": "ApplyPendingMaintenanceAction", + "access_level": "Read", + "description": "Grants permission to retrieves metadata about one or more pipelines", + "privilege": "DescribePipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a extension pack", - "privilege": "AssociateExtensionPack", + "access_level": "Read", + "description": "Grants permission to task runners to call EvaluateExpression, to evaluate a string in the context of the specified object", + "privilege": "EvaluateExpression", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:StartExtensionPackAssociation" + "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag" ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the analysis of up to 20 source databases to recommend target engines for each source database", - "privilege": "BatchStartRecommendations", + "access_level": "List", + "description": "Grants permission to call GetAccountLimits", + "privilege": "GetAccountLimits", "resource_types": [ { "condition_keys": [], @@ -64205,68 +66016,79 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a single metadata model assessment run", - "privilege": "CancelMetadataModelAssessment", + "access_level": "Read", + "description": "Grants permission to gets the definition of the specified pipeline", + "privilege": "GetPipelineDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "datapipeline:workerGroup" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a single metadata model conversion run", - "privilege": "CancelMetadataModelConversion", + "access_level": "List", + "description": "Grants permission to list the pipeline identifiers for all active pipelines that you have permission to access", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a single metadata model export run", - "privilege": "CancelMetadataModelExport", + "description": "Grants permission to task runners to call PollForTask, to receive a task to perform from AWS Data Pipeline", + "privilege": "PollForTask", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "datapipeline:workerGroup" + ], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a single premigration assessment run", - "privilege": "CancelReplicationTaskAssessmentRun", + "description": "Grants permission to call PutAccountLimits", + "privilege": "PutAccountLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTaskAssessmentRun*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a database migration using the provided settings", - "privilege": "CreateDataMigration", + "description": "Grants permission to add tasks, schedules, and preconditions to the specified pipeline", + "privilege": "PutPipelineDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "pipeline*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "datapipeline:workerGroup" ], "dependent_actions": [], "resource_type": "" @@ -64274,15 +66096,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an data provider using the provided settings", - "privilege": "CreateDataProvider", + "access_level": "Read", + "description": "Grants permission to query the specified pipeline for the names of objects that match the specified set of conditions", + "privilege": "QueryObjects", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "datapipeline:PipelineCreator", + "datapipeline:Tag" ], "dependent_actions": [], "resource_type": "" @@ -64290,15 +66116,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an endpoint using the provided settings", - "privilege": "CreateEndpoint", + "access_level": "Tagging", + "description": "Grants permission to remove existing tags from the specified pipeline", + "privilege": "RemoveTags", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", + "datapipeline:PipelineCreator", + "datapipeline:Tag", "aws:TagKeys", - "dms:req-tag/${TagKey}" + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -64307,24 +66139,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS DMS event notification subscription", - "privilege": "CreateEventSubscription", + "description": "Grants permission to task runners to call ReportTaskProgress, when they are assigned a task to acknowledge that it has the task", + "privilege": "ReportTaskProgress", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Fleet Advisor collector using the specified parameters", - "privilege": "CreateFleetAdvisorCollector", + "description": "Grants permission to task runners to call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational", + "privilege": "ReportTaskRunnerHeartbeat", "resource_types": [ { "condition_keys": [], @@ -64335,14 +66163,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create an instance profile using the provided settings", - "privilege": "CreateInstanceProfile", + "description": "Grants permission to requests that the status of the specified physical or logical pipeline objects be updated in the specified pipeline", + "privilege": "SetStatus", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "datapipeline:PipelineCreator", + "datapipeline:Tag" ], "dependent_actions": [], "resource_type": "" @@ -64351,45 +66183,84 @@ }, { "access_level": "Write", - "description": "Grants permission to create an migration project using the provided settings", - "privilege": "CreateMigrationProject", + "description": "Grants permission to task runners to call SetTaskStatus to notify AWS Data Pipeline that a task is completed and provide information about the final status", + "privilege": "SetTaskStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataProvider*" - }, + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to validate the specified pipeline definition to ensure that it is well formed and can be run without error", + "privilege": "ValidatePipelineDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "InstanceProfile*" + "resource_type": "pipeline*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "datapipeline:PipelineCreator", + "datapipeline:Tag", + "datapipeline:workerGroup" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:datapipeline:${Region}:${Account}:pipeline/${PipelineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + } + ], + "service_name": "AWS Data Pipeline" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "datasync", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a replication config using the provided settings", - "privilege": "CreateReplicationConfig", + "description": "Grants permission to create a storage system", + "privilege": "AddStorageSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint*" + "resource_type": "agent*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -64398,14 +66269,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a replication instance using the specified parameters", - "privilege": "CreateReplicationInstance", + "description": "Grants permission to cancel execution of a sync task", + "privilege": "CancelTaskExecution", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "taskexecution*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -64414,14 +66288,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a replication subnet group given a list of the subnet IDs in a VPC", - "privilege": "CreateReplicationSubnetGroup", + "description": "Grants permission to activate an agent that you have deployed on your host", + "privilege": "CreateAgent", "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -64430,24 +66303,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a replication task using the specified parameters", - "privilege": "CreateReplicationTask", + "description": "Grants permission to create an endpoint for a Microsoft Azure Blob Storage container", + "privilege": "CreateLocationAzureBlob", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationInstance*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "dms:req-tag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -64456,88 +66318,104 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified certificate", - "privilege": "DeleteCertificate", + "description": "Grants permission to create an endpoint for an Amazon EFS file system", + "privilege": "CreateLocationEfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Certificate*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified connection between a replication instance and an endpoint", - "privilege": "DeleteConnection", + "description": "Grants permission to create an endpoint for an Amazon Fsx Lustre", + "privilege": "CreateLocationFsxLustre", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Endpoint*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified database migration", - "privilege": "DeleteDataMigration", + "description": "Grants permission to create an endpoint for Amazon FSx for ONTAP", + "privilege": "CreateLocationFsxOntap", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "DataMigration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified data provider", - "privilege": "DeleteDataProvider", + "description": "Grants permission to create an endpoint for Amazon FSx for OpenZFS", + "privilege": "CreateLocationFsxOpenZfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "DataProvider*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified endpoint", - "privilege": "DeleteEndpoint", + "description": "Grants permission to create an endpoint for an Amazon FSx Windows File Server file system", + "privilege": "CreateLocationFsxWindows", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Endpoint*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS DMS event subscription", - "privilege": "DeleteEventSubscription", + "description": "Grants permission to create an endpoint for an Amazon Hdfs", + "privilege": "CreateLocationHdfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "EventSubscription*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified Fleet Advisor collector", - "privilege": "DeleteFleetAdvisorCollector", + "description": "Grants permission to create an endpoint for a NFS file system", + "privilege": "CreateLocationNfs", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -64545,11 +66423,14 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified Fleet Advisor databases", - "privilege": "DeleteFleetAdvisorDatabases", + "description": "Grants permission to create an endpoint for a self-managed object storage bucket", + "privilege": "CreateLocationObjectStorage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -64557,471 +66438,433 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified instance profile", - "privilege": "DeleteInstanceProfile", + "description": "Grants permission to create an endpoint for an Amazon S3 bucket", + "privilege": "CreateLocationS3", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "InstanceProfile*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified migration project", - "privilege": "DeleteMigrationProject", + "description": "Grants permission to create an endpoint for an SMB file system", + "privilege": "CreateLocationSmb", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified replication config", - "privilege": "DeleteReplicationConfig", + "description": "Grants permission to create a sync task", + "privilege": "CreateTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfig*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the specified replication instance", - "privilege": "DeleteReplicationInstance", - "resource_types": [ + "resource_type": "location*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "agent" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deletes a subnet group", - "privilege": "DeleteReplicationSubnetGroup", + "description": "Grants permission to delete an agent", + "privilege": "DeleteAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationSubnetGroup*" + "resource_type": "agent*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified replication task", - "privilege": "DeleteReplicationTask", + "description": "Grants permission to delete a location used by AWS DataSync", + "privilege": "DeleteLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "location*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the record of a single premigration assessment run", - "privilege": "DeleteReplicationTaskAssessmentRun", + "description": "Grants permission to delete a sync task", + "privilege": "DeleteTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTaskAssessmentRun*" + "resource_type": "task*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all of the AWS DMS attributes for a customer account", - "privilege": "DescribeAccountAttributes", + "description": "Grants permission to view metadata such as name, network interfaces, and the status (that is, whether the agent is running or not) about a sync agent", + "privilege": "DescribeAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { "access_level": "Read", - "description": "Grants permission to list individual assessments that you can specify for a new premigration assessment run", - "privilege": "DescribeApplicableIndividualAssessments", + "description": "Grants permission to describe metadata about a discovery job", + "privilege": "DescribeDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationTask" + "resource_type": "discoveryjob*" } ] }, { "access_level": "Read", - "description": "Grants permission to provide a description of the certificate", - "privilege": "DescribeCertificates", + "description": "Grants permission to view metadata, such as the path information about an Azure Blob Storage sync location", + "privilege": "DescribeLocationAzureBlob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the status of the connections that have been made between the replication instance and an endpoint", - "privilege": "DescribeConnections", + "description": "Grants permission to view metadata, such as the path information about an Amazon EFS sync location", + "privilege": "DescribeLocationEfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about DMS Schema Conversion project configuration", - "privilege": "DescribeConversionConfiguration", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Lustre sync location", + "privilege": "DescribeLocationFsxLustre", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about database migrations for your account in the specified region", - "privilege": "DescribeDataMigrations", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx for ONTAP sync location", + "privilege": "DescribeLocationFsxOntap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a data providers. Note. This action should be added along with ListDataProviders, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeDataProviders", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx OpenZFS sync location", + "privilege": "DescribeLocationFsxOpenZfs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListDataProviders" - ], - "resource_type": "DataProvider" + "dependent_actions": [], + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the possible endpoint settings available when you create an endpoint for a specific database engine", - "privilege": "DescribeEndpointSettings", + "description": "Grants permission to view metadata, such as the path information about an Amazon FSx Windows sync location", + "privilege": "DescribeLocationFsxWindows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the type of endpoints available", - "privilege": "DescribeEndpointTypes", + "description": "Grants permission to view metadata, such as the path information about an Amazon HDFS sync location", + "privilege": "DescribeLocationHdfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the endpoints for your account in the current region", - "privilege": "DescribeEndpoints", + "description": "Grants permission to view metadata, such as the path information, about a NFS sync location", + "privilege": "DescribeLocationNfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to list categories for all event source types, or, if specified, for a specified source type", - "privilege": "DescribeEventCategories", + "description": "Grants permission to view metadata about a self-managed object storage server location", + "privilege": "DescribeLocationObjectStorage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the event subscriptions for a customer account", - "privilege": "DescribeEventSubscriptions", + "description": "Grants permission to view metadata, such as bucket name, about an Amazon S3 bucket sync location", + "privilege": "DescribeLocationS3", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to list events for a given source identifier and source type", - "privilege": "DescribeEvents", + "description": "Grants permission to view metadata, such as the path information, about an SMB sync location", + "privilege": "DescribeLocationSmb", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "location*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for extension packs. Note. This action should be added along with ListExtensionPacks, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeExtensionPackAssociations", + "description": "Grants permission to view metadata about a storage system", + "privilege": "DescribeStorageSystem", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListExtensionPacks" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "storagesystem*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of Fleet Advisor collectors in your account based on filter settings", - "privilege": "DescribeFleetAdvisorCollectors", + "access_level": "List", + "description": "Grants permission to describe resource metrics collected by a discovery job", + "privilege": "DescribeStorageSystemResourceMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of Fleet Advisor databases in your account based on filter settings", - "privilege": "DescribeFleetAdvisorDatabases", + "access_level": "List", + "description": "Grants permission to describe resources identified by a discovery job", + "privilege": "DescribeStorageSystemResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a paginated list of descriptions of large-scale assessment (LSA) analyses produced by your Fleet Advisor collectors", - "privilege": "DescribeFleetAdvisorLsaAnalysis", + "description": "Grants permission to view metadata about a sync task", + "privilege": "DescribeTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "task*" } ] }, { "access_level": "Read", - "description": "Grants permission to return a paginated list of descriptions of schemas discovered by your Fleet Advisor collectors based on filter settings", - "privilege": "DescribeFleetAdvisorSchemaObjectSummary", + "description": "Grants permission to view metadata about a sync task that is being executed", + "privilege": "DescribeTaskExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return a paginated list of schemas discovered by your Fleet Advisor collectors based on filter settings", - "privilege": "DescribeFleetAdvisorSchemas", - "resource_types": [ + "resource_type": "taskexecution*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a instance profiles. Note. This action should be added along with ListInstanceProfiles, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeInstanceProfiles", + "access_level": "Write", + "description": "Grants permission to generate recommendations for a resource identified by a discovery job", + "privilege": "GenerateRecommendations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListInstanceProfiles" - ], - "resource_type": "InstanceProfile" + "dependent_actions": [], + "resource_type": "discoveryjob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for metadata model assessments. Note. This action should be added along with ListMetadataModelAssessments, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelAssessments", + "access_level": "List", + "description": "Grants permission to list agents owned by an AWS account in a region specified in the request", + "privilege": "ListAgents", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelAssessments" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model conversions. Note. This action should be added along with ListMetadataModelConversions, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelConversions", + "access_level": "List", + "description": "Grants permission to list discovery jobs", + "privilege": "ListDiscoveryJobs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelConversions" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelExportsAsScript", + "access_level": "List", + "description": "Grants permission to list source and destination sync locations", + "privilege": "ListLocations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelExports" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMetadataModelExportsToTarget", + "access_level": "List", + "description": "Grants permission to list storage systems", + "privilege": "ListStorageSystems", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ListMetadataModelExports" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about start metadata model import operations for a migration project", - "privilege": "DescribeMetadataModelImports", + "description": "Grants permission to list tags that have been added to the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a migration projects. Note. This action should be added along with ListMigrationProjects, but does not currently authorize the described Schema Conversion operation", - "privilege": "DescribeMigrationProjects", - "resource_types": [ + "resource_type": "agent" + }, { "condition_keys": [], - "dependent_actions": [ - "dms:ListMigrationProjects" - ], - "resource_type": "DataProvider" + "dependent_actions": [], + "resource_type": "discoveryjob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "InstanceProfile" + "resource_type": "location" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return information about the replication instance types that can be created in the specified region", - "privilege": "DescribeOrderableReplicationInstances", - "resource_types": [ + "resource_type": "storagesystem" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return information about pending maintenance actions", - "privilege": "DescribePendingMaintenanceActions", - "resource_types": [ + "resource_type": "task" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "taskexecution" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of descriptions of limitations for recommendations of target AWS engines", - "privilege": "DescribeRecommendationLimitations", + "access_level": "List", + "description": "Grants permission to list executed sync tasks", + "privilege": "ListTaskExecutions", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of descriptions of target engine recommendations for your source databases", - "privilege": "DescribeRecommendations", + "access_level": "List", + "description": "Grants permission to list of all the sync tasks", + "privilege": "ListTasks", "resource_types": [ { "condition_keys": [], @@ -65031,41 +66874,42 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to returns the status of the RefreshSchemas operation", - "privilege": "DescribeRefreshSchemasStatus", + "access_level": "Write", + "description": "Grants permission to delete a storage system", + "privilege": "RemoveStorageSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint*" + "resource_type": "storagesystem*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe replication configs", - "privilege": "DescribeReplicationConfigs", + "access_level": "Write", + "description": "Grants permission to start a discovery job for a storage system", + "privilege": "StartDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storagesystem*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the task logs for the specified task", - "privilege": "DescribeReplicationInstanceTaskLogs", + "access_level": "Write", + "description": "Grants permission to start a specific invocation of a sync task", + "privilege": "StartTaskExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "task*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], @@ -65075,435 +66919,439 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return information about replication instances for your account in the current region", - "privilege": "DescribeReplicationInstances", + "access_level": "Write", + "description": "Grants permission to stop a discovery job", + "privilege": "StopDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the replication subnet groups", - "privilege": "DescribeReplicationSubnetGroups", + "access_level": "Tagging", + "description": "Grants permission to apply a key-value pair to an AWS resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe replication table statistics", - "privilege": "DescribeReplicationTableStatistics", - "resource_types": [ + "resource_type": "agent" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfig*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the latest task assessment results from Amazon S3", - "privilege": "DescribeReplicationTaskAssessmentResults", - "resource_types": [ + "resource_type": "discoveryjob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return a paginated list of premigration assessment runs based on filter settings", - "privilege": "DescribeReplicationTaskAssessmentRuns", - "resource_types": [ + "resource_type": "location" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance" + "resource_type": "storagesystem" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask" + "resource_type": "task" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTaskAssessmentRun" + "resource_type": "taskexecution" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a paginated list of individual assessments based on filter settings", - "privilege": "DescribeReplicationTaskIndividualAssessments", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask" + "resource_type": "agent" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTaskAssessmentRun" + "resource_type": "discoveryjob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagesystem" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "taskexecution" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about replication tasks for your account in the current region", - "privilege": "DescribeReplicationTasks", + "access_level": "Write", + "description": "Grants permission to update the name of an agent", + "privilege": "UpdateAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "agent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe replications", - "privilege": "DescribeReplications", + "access_level": "Write", + "description": "Grants permission to update a discovery job", + "privilege": "UpdateDiscoveryJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "discoveryjob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the schema for the specified endpoint", - "privilege": "DescribeSchemas", + "access_level": "Write", + "description": "Grants permission to update an Azure Blob Storage sync location", + "privilege": "UpdateLocationAzureBlob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint*" + "resource_type": "location*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return table statistics on the database migration task, including table name, rows inserted, rows updated, and rows deleted", - "privilege": "DescribeTableStatistics", + "access_level": "Write", + "description": "Grants permission to update an HDFS sync Location", + "privilege": "UpdateLocationHdfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "location*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a extension pack", - "privilege": "DisassociateExtensionPack", + "description": "Grants permission to update an NFS sync Location", + "privilege": "UpdateLocationNfs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "location*" } ] }, { "access_level": "Write", - "description": "Grants permission to export the specified metadata model assessment", - "privilege": "ExportMetadataModelAssessment", + "description": "Grants permission to update a self-managed object storage server location", + "privilege": "UpdateLocationObjectStorage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject" + "resource_type": "location*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all of the AWS DMS attributes for a metadata model", - "privilege": "GetMetadataModel", + "access_level": "Write", + "description": "Grants permission to update a SMB sync location", + "privilege": "UpdateLocationSmb", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject" + "resource_type": "location*" } ] }, { "access_level": "Write", - "description": "Grants permission to upload the specified certificate", - "privilege": "ImportCertificate", + "description": "Grants permission to update a storage system", + "privilege": "UpdateStorageSystem", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storagesystem*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a data providers", - "privilege": "ListDataProviders", + "access_level": "Write", + "description": "Grants permission to update metadata associated with a sync task", + "privilege": "UpdateTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeDataProviders" - ], - "resource_type": "DataProvider" + "dependent_actions": [], + "resource_type": "task*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a extension packs", - "privilege": "ListExtensionPacks", + "access_level": "Write", + "description": "Grants permission to update execution of a sync task", + "privilege": "UpdateTaskExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeExtensionPackAssociations" + "dependent_actions": [], + "resource_type": "taskexecution*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "MigrationProject" + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:agent/${AgentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "agent" }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a instance profiles", - "privilege": "ListInstanceProfiles", + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "location" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "task" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}/execution/${ExecutionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "taskexecution" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "storagesystem" + }, + { + "arn": "arn:${Partition}:datasync:${Region}:${AccountId}:system/${StorageSystemId}/job/${DiscoveryJobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "discoveryjob" + } + ], + "service_name": "AWS DataSync" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "datazone", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept prediction", + "privilege": "AcceptPredictions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeInstanceProfiles" - ], - "resource_type": "InstanceProfile" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model assessment action items", - "privilege": "ListMetadataModelAssessmentActionItems", + "access_level": "Write", + "description": "Grants permission to approve a subscription request for a Data Asset", + "privilege": "AcceptSubscriptionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model assessments", - "privilege": "ListMetadataModelAssessments", + "access_level": "Write", + "description": "Grants permission to add a policy grant", + "privilege": "AddPolicyGrant", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMetadataModelAssessments" - ], - "resource_type": "MigrationProject" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model conversions", - "privilege": "ListMetadataModelConversions", + "access_level": "Write", + "description": "Grants permission to cancel metadata generation run", + "privilege": "CancelMetadataGenerationRun", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMetadataModelConversions" - ], - "resource_type": "MigrationProject" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a metadata model exports", - "privilege": "ListMetadataModelExports", + "access_level": "Write", + "description": "Grants permission to revoke or unsubscribe an approved subscription to Data Asset", + "privilege": "CancelSubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMetadataModelExportsAsScript", - "dms:DescribeMetadataModelExportsToTarget" - ], - "resource_type": "MigrationProject" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the AWS DMS attributes for a migration projects", - "privilege": "ListMigrationProjects", + "access_level": "Write", + "description": "Grants permission to create asset", + "privilege": "CreateAsset", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dms:DescribeMigrationProjects" - ], - "resource_type": "DataProvider" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceProfile" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags for an AWS DMS resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create new revision of an asset", + "privilege": "CreateAssetRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Certificate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataMigration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataProvider" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EventSubscription" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationConfig" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationInstance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationSubnetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationTask" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a conversion configuration. Note. This action should be added along with UpdateConversionConfiguration, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyConversionConfiguration", + "description": "Grants permission to create an asset type", + "privilege": "CreateAssetType", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:UpdateConversionConfiguration" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the specified database migration", - "privilege": "ModifyDataMigration", + "description": "Grants permission to create a new DataSource", + "privilege": "CreateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataMigration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the specified data provider. Note. This action should be added along with UpdateDataProvider, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyDataProvider", + "description": "Grants permission to provision a domain which is a top level entity that contains other Amazon DataZone resources", + "privilege": "CreateDomain", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "dms:UpdateDataProvider" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "DataProvider*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the specified endpoint", - "privilege": "ModifyEndpoint", + "description": "Grants permission to create a collection of configurated resources used to publish and subscribe to data", + "privilege": "CreateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Certificate" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify an existing AWS DMS event notification subscription", - "privilege": "ModifyEventSubscription", + "description": "Grants permission to create a custom Environment Blueprint that allow user to add Environments to their Project", + "privilege": "CreateEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], @@ -65514,8 +67362,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the name and description of the specified Fleet Advisor collector", - "privilege": "ModifyFleetAdvisorCollector", + "description": "Grants permission to create a template from a Blueprint that can be used to create a Environment", + "privilege": "CreateEnvironmentProfile", "resource_types": [ { "condition_keys": [], @@ -65526,8 +67374,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the status of the specified Fleet Advisor collector", - "privilege": "ModifyFleetAdvisorCollectorStatuses", + "description": "Grants permission to create a form type or a new revision of it", + "privilege": "CreateFormType", "resource_types": [ { "condition_keys": [], @@ -65538,60 +67386,56 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified instance profile. Note. This action should be added along with UpdateInstanceProfile, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyInstanceProfile", + "description": "Grants permission to create a business glossary", + "privilege": "CreateGlossary", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:UpdateInstanceProfile" - ], - "resource_type": "InstanceProfile*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the specified migration project. Note. This action should be added along with UpdateMigrationProject, but does not currently authorize the described Schema Conversion operation", - "privilege": "ModifyMigrationProject", + "description": "Grants permission to create a glossary term", + "privilege": "CreateGlossaryTerm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:UpdateMigrationProject" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the specified replication config", - "privilege": "ModifyReplicationConfig", + "description": "Grants permission to create a DataZone group profile for an IAM Identity Center group", + "privilege": "CreateGroupProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfig*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the replication instance to apply new settings", - "privilege": "ModifyReplicationInstance", + "description": "Grants permission to create listing change set", + "privilege": "CreateListingChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the settings for the specified replication subnet group", - "privilege": "ModifyReplicationSubnetGroup", + "description": "Grants permission to create a Project to enable your team to publish and subscribe to data", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], @@ -65602,159 +67446,92 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified replication task", - "privilege": "ModifyReplicationTask", + "description": "Grants permission to add a user to a Project", + "privilege": "CreateProjectMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to move the specified replication task to a different replication instance", - "privilege": "MoveReplicationTask", + "description": "Grants permission to create a grant for an approved subscription on a subscription target", + "privilege": "CreateSubscriptionGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reboot a replication instance. Rebooting results in a momentary outage, until the replication instance becomes available again", - "privilege": "RebootReplicationInstance", + "description": "Grants permission to create a subscription request for a Data Asset", + "privilege": "CreateSubscriptionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to populate the schema for the specified endpoint", - "privilege": "RefreshSchemas", + "description": "Grants permission to create a subscription target for a Environment in the project", + "privilege": "CreateSubscriptionTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reload the target database table with the source for a replication", - "privilege": "ReloadReplicationTables", + "description": "Grants permission to create a user profile for an existing user in the customers IAM Identity Center", + "privilege": "CreateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfig*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reload the target database table with the source data", - "privilege": "ReloadTables", + "description": "Grants permission to delete an asset", + "privilege": "DeleteAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove metadata tags from a DMS resource", - "privilege": "RemoveTagsFromResource", + "access_level": "Write", + "description": "Grants permission to delete an asset type", + "privilege": "DeleteAssetType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Certificate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataMigration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataProvider" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EventSubscription" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MigrationProject" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationConfig" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationInstance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationSubnetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationTask" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to run a large-scale assessment (LSA) analysis on every Fleet Advisor collector in your account", - "privilege": "RunFleetAdvisorLsaAnalysis", + "description": "Grants permission to update existing DataSource", + "privilege": "DeleteDataSource", "resource_types": [ { "condition_keys": [], @@ -65765,110 +67542,104 @@ }, { "access_level": "Write", - "description": "Grants permission to start the database migration", - "privilege": "StartDataMigration", + "description": "Grants permission to delete a provisioned domain", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataMigration*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an extension pack. Note. This action should be added along with AssociateExtensionPack, but does not currently authorize the described Schema Conversion operation", - "privilege": "StartExtensionPackAssociation", + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy for a DataZone Domain", + "privilege": "DeleteDomainSharingPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:AssociateExtensionPack" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new assessment of metadata model", - "privilege": "StartMetadataModelAssessment", + "description": "Grants permission to Delete Environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new conversion of metadata model", - "privilege": "StartMetadataModelConversion", + "description": "Grants permission to delete Environment Blueprint", + "privilege": "DeleteEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new export of metadata model as script. Note. This action should be added along with StartMetadataModelExportAsScripts, but does not currently authorize the described Schema Conversion operation", - "privilege": "StartMetadataModelExportAsScript", + "description": "Grants permission to delete environment blueprint configuration", + "privilege": "DeleteEnvironmentBlueprintConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:StartMetadataModelExportAsScripts" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new export of metadata model as script", - "privilege": "StartMetadataModelExportAsScripts", + "description": "Grants permission to delete Environment Profile", + "privilege": "DeleteEnvironmentProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:StartMetadataModelExportAsScript" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new export of metadata model to target", - "privilege": "StartMetadataModelExportToTarget", + "description": "Grants permission to delete a form type", + "privilege": "DeleteFormType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new import of metadata model", - "privilege": "StartMetadataModelImport", + "description": "Grants permission to delete a business glossary", + "privilege": "DeleteGlossary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MigrationProject*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start the analysis of your source database to provide recommendations of target engines", - "privilege": "StartRecommendations", + "description": "Grants permission to delete a glossary term", + "privilege": "DeleteGlossaryTerm", "resource_types": [ { "condition_keys": [], @@ -65879,165 +67650,152 @@ }, { "access_level": "Write", - "description": "Grants permission to start a replication", - "privilege": "StartReplication", + "description": "Grants permission to delete listing", + "privilege": "DeleteListing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfig*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start the replication task", - "privilege": "StartReplicationTask", + "description": "Grants permission to delete a Project that enables your team to publish and subscribe to data", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start the replication task assessment for unsupported data types in the source database", - "privilege": "StartReplicationTaskAssessment", + "description": "Grants permission to remove a user from a project", + "privilege": "DeleteProjectMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new premigration assessment run for one or more individual assessments of a migration task", - "privilege": "StartReplicationTaskAssessmentRun", + "description": "Grants permission to delete a subscription grant from a subscription target", + "privilege": "DeleteSubscriptionGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the database migration", - "privilege": "StopDataMigration", + "description": "Grants permission to delete a pending subscription request for a Data Asset", + "privilege": "DeleteSubscriptionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataMigration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a replication", - "privilege": "StopReplication", + "description": "Grants permission to delete a subscription target from a Environment in the project", + "privilege": "DeleteSubscriptionTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfig*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the replication task", - "privilege": "StopReplicationTask", + "description": "Grants permission to delete existing TimeSeriesDataPoints", + "privilege": "DeleteTimeSeriesDataPoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationTask*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to test the connection between the replication instance and the endpoint", - "privilege": "TestConnection", + "description": "Grants permission to retrieve an asset", + "privilege": "GetAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Endpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationInstance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a conversion configuration", - "privilege": "UpdateConversionConfiguration", + "access_level": "Read", + "description": "Grants permission to get an asset type", + "privilege": "GetAssetType", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyConversionConfiguration" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the specified data provider", - "privilege": "UpdateDataProvider", + "access_level": "Read", + "description": "Grants permission to Get a existing DataSource in Amazon DataZone using its identifier", + "privilege": "GetDataSource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyDataProvider" - ], - "resource_type": "DataProvider*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the specified instance profile", - "privilege": "UpdateInstanceProfile", + "access_level": "Read", + "description": "Grants permission to get DataSource run job in Amazon DataZone using it's identifier", + "privilege": "GetDataSourceRun", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyInstanceProfile" - ], - "resource_type": "InstanceProfile*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the specified migration project", - "privilege": "UpdateMigrationProject", + "access_level": "Read", + "description": "Grants permission to retrieve information about a domain", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "dms:ModifyMigrationProject" - ], - "resource_type": "MigrationProject*" + "dependent_actions": [], + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to migrate DMS subcriptions to Eventbridge", - "privilege": "UpdateSubscriptionsToEventBridge", + "access_level": "Read", + "description": "Grants permission to retrieve a resource policy for a DataZone Domain", + "privilege": "GetDomainSharingPolicy", "resource_types": [ { "condition_keys": [], @@ -66047,9 +67805,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to upload files to your Amazon S3 bucket", - "privilege": "UploadFileMetadataList", + "access_level": "Read", + "description": "Grants permission to get Environment details", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], @@ -66057,257 +67815,50 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:cert:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:cert-tag/${TagKey}" - ], - "resource": "Certificate" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:data-provider:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:data-provider-tag/${TagKey}" - ], - "resource": "DataProvider" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:data-migration:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:data-migration-tag/${TagKey}" - ], - "resource": "DataMigration" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:endpoint:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:endpoint-tag/${TagKey}" - ], - "resource": "Endpoint" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:es:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:es-tag/${TagKey}" - ], - "resource": "EventSubscription" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:instance-profile:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:instance-profile-tag/${TagKey}" - ], - "resource": "InstanceProfile" }, { - "arn": "arn:${Partition}:dms:${Region}:${Account}:migration-project:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:migration-project-tag/${TagKey}" - ], - "resource": "MigrationProject" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:replication-config:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:replication-config-tag/${TagKey}" - ], - "resource": "ReplicationConfig" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:rep:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:rep-tag/${TagKey}" - ], - "resource": "ReplicationInstance" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:subgrp:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:subgrp-tag/${TagKey}" - ], - "resource": "ReplicationSubnetGroup" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:task:*", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "dms:task-tag/${TagKey}" - ], - "resource": "ReplicationTask" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:assessment-run:*", - "condition_keys": [], - "resource": "ReplicationTaskAssessmentRun" - }, - { - "arn": "arn:${Partition}:dms:${Region}:${Account}:individual-assessment:*", - "condition_keys": [], - "resource": "ReplicationTaskIndividualAssessment" - } - ], - "service_name": "AWS Database Migration Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the set of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the set of tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the set of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "docdb-elastic", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a new Amazon DocDB-Elastic cluster", - "privilege": "CreateCluster", + "access_level": "Read", + "description": "Grants permission to get environment action link", + "privilege": "GetEnvironmentActionLink", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyVpcEndpoint", - "iam:CreateServiceLinkedRole", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:ListSecrets" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Amazon DocDB-Elastic cluster snapshot", - "privilege": "CreateClusterSnapshot", + "access_level": "Read", + "description": "Grants permission to get Environment Blueprint details", + "privilege": "GetEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyVpcEndpoint", - "iam:CreateServiceLinkedRole", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:ListSecrets" - ], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a cluster", - "privilege": "DeleteCluster", + "access_level": "Read", + "description": "Grants permission to get environment blueprint configuration", + "privilege": "GetEnvironmentBlueprintConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyVpcEndpoint" - ], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a cluster snapshot", - "privilege": "DeleteClusterSnapshot", + "access_level": "Read", + "description": "Grants permission to get short term credentials that assume the Environment user role", + "privilege": "GetEnvironmentCredentials", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyVpcEndpoint" - ], - "resource_type": "cluster-snapshot*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -66315,46 +67866,32 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about a cluster", - "privilege": "GetCluster", + "description": "Grants permission to get Environment Profile details", + "privilege": "GetEnvironmentProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a cluster snapshot", - "privilege": "GetClusterSnapshot", + "description": "Grants permission to get a form type", + "privilege": "GetFormType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster-snapshot*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the cluster snapshots in your account", - "privilege": "ListClusterSnapshots", + "access_level": "Read", + "description": "Grants permission to get a business glossary", + "privilege": "GetGlossary", "resource_types": [ { "condition_keys": [], @@ -66364,9 +67901,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the clusters in your account", - "privilege": "ListClusters", + "access_level": "Read", + "description": "Grants permission to get a glossary term", + "privilege": "GetGlossaryTerm", "resource_types": [ { "condition_keys": [], @@ -66376,271 +67913,129 @@ ] }, { - "access_level": "List", - "description": "Grants permission to lists tag for an DocumentDB Elastic resource", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to retrieve an existing DataZone group profile", + "privilege": "GetGroupProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster-snapshot" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore cluster from a Amazon DocDB-Elastic cluster snapshot", - "privilege": "RestoreClusterFromSnapshot", + "access_level": "Permissions management", + "description": "Grants permission to an IAM principal to log into the DataZone Portal", + "privilege": "GetIamPortalLoginUrl", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyVpcEndpoint", - "iam:CreateServiceLinkedRole", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:ListSecrets" - ], - "resource_type": "cluster-snapshot*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an DocumentDB Elastic resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get listing", + "privilege": "GetListing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster-snapshot" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a DocumentDB Elastic resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get metadata generation run", + "privilege": "GetMetadataGenerationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get Project details", + "privilege": "GetProject", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster-snapshot" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a cluster", - "privilege": "UpdateCluster", + "access_level": "Read", + "description": "Grants permission to retrieve a subscription", + "privilege": "GetSubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyVpcEndpoint", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:GenerateDataKey", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:ListSecrets" - ], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:docdb-elastic:${Region}:${Account}:cluster/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster" - }, - { - "arn": "arn:${Partition}:docdb-elastic:${Region}:${Account}:cluster-snapshot/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster-snapshot" - } - ], - "service_name": "Amazon DocumentDB Elastic Clusters" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "drs:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" }, { - "condition": "drs:EC2InstanceARN", - "description": "Filters access by the EC2 instance the request originated from", - "type": "String" - } - ], - "prefix": "drs", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to get associate failback client to recovery instance", - "privilege": "AssociateFailbackClientToRecoveryInstanceForDrs", + "access_level": "Read", + "description": "Grants permission to get subscription eligibilty", + "privilege": "GetSubscriptionEligibility", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate CloudFormation stack with source network", - "privilege": "AssociateSourceNetworkStack", + "access_level": "Read", + "description": "Grants permission to retireve a subscription grant", + "privilege": "GetSubscriptionGrant", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStacks", - "drs:GetLaunchConfiguration", - "ec2:CreateLaunchTemplateVersion", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:ModifyLaunchTemplate" - ], - "resource_type": "SourceNetworkResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch create volume snapshot group", - "privilege": "BatchCreateVolumeSnapshotGroupForDrs", + "access_level": "Read", + "description": "Grants permission to reject a subscription request for a Data Asset", + "privilege": "GetSubscriptionRequestDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve details of subscription target", + "privilege": "GetSubscriptionTarget", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch delete snapshot request", - "privilege": "BatchDeleteSnapshotRequestForDrs", + "access_level": "Read", + "description": "Grants permission to get an existing TimeSeriesDataPoints in Amazon DataZone using its identifier", + "privilege": "GetTimeSeriesDataPoint", "resource_types": [ { "condition_keys": [], @@ -66650,222 +68045,177 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create converted snapshot", - "privilege": "CreateConvertedSnapshotForDrs", + "access_level": "Read", + "description": "Grants permission to retrieve a user profile for an existing user in the DataZone Domain", + "privilege": "GetUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to extend a source server", - "privilege": "CreateExtendedSourceServer", + "access_level": "List", + "description": "Grants permission to list Environments across all domains in an AWS Account", + "privilege": "ListAccountEnvironments", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "drs:DescribeSourceServers", - "drs:GetReplicationConfiguration" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create launch configuration template", - "privilege": "CreateLaunchConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list revisions of an asset", + "privilege": "ListAssetRevisions", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create recovery instance", - "privilege": "CreateRecoveryInstanceForDrs", + "access_level": "List", + "description": "Grants permission to list DataSource runs job's activities on Asset", + "privilege": "ListDataSourceRunActivities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create replication configuration template", - "privilege": "CreateReplicationConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list DataSource runs job", + "privilege": "ListDataSourceRuns", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetEbsDefaultKmsKeyId", - "ec2:GetEbsEncryptionByDefault", - "kms:CreateGrant", - "kms:DescribeKey" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a source network", - "privilege": "CreateSourceNetwork", + "access_level": "List", + "description": "Grants permission to list existing DataSources", + "privilege": "ListDataSources", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:DescribeInstances", - "ec2:DescribeVpcs" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a source server", - "privilege": "CreateSourceServerForDrs", + "access_level": "List", + "description": "Grants permission to retrieve all domains", + "privilege": "ListDomains", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job", - "privilege": "DeleteJob", + "access_level": "List", + "description": "Grants permission to list environment blueprint configuration summaries", + "privilege": "ListEnvironmentBlueprintConfigurationSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete launch configuration template", - "privilege": "DeleteLaunchConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list environment blueprint configurations", + "privilege": "ListEnvironmentBlueprintConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete recovery instance", - "privilege": "DeleteRecoveryInstance", + "access_level": "List", + "description": "Grants permission to list Domain for Environment Blueprints", + "privilege": "ListEnvironmentBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete replication configuration template", - "privilege": "DeleteReplicationConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list Domain for Environment Profiles", + "privilege": "ListEnvironmentProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete source network", - "privilege": "DeleteSourceNetwork", + "access_level": "List", + "description": "Grants permission to show Environments in the Domain", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceNetworkResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete source server", - "privilege": "DeleteSourceServer", + "access_level": "List", + "description": "Grants permission to list all the DataZone group profiles that the DataZone user profile is a member of", + "privilege": "ListGroupsForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe job log items", - "privilege": "DescribeJobLogItems", + "access_level": "List", + "description": "Grants permission to list metadata generation runs", + "privilege": "ListMetadataGenerationRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe jobs", - "privilege": "DescribeJobs", + "access_level": "List", + "description": "Grants permission to list notifications and events for a datazone user", + "privilege": "ListNotifications", "resource_types": [ { "condition_keys": [], @@ -66875,9 +68225,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe launch configuration template", - "privilege": "DescribeLaunchConfigurationTemplates", + "access_level": "List", + "description": "Grants permission to list policy grants", + "privilege": "ListPolicyGrants", "resource_types": [ { "condition_keys": [], @@ -66887,36 +68237,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe recovery instances", - "privilege": "DescribeRecoveryInstances", + "access_level": "List", + "description": "Grants permission to list Project Members", + "privilege": "ListProjectMemberships", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "drs:DescribeSourceServers", - "ec2:DescribeInstances" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe recovery snapshots", - "privilege": "DescribeRecoverySnapshots", + "access_level": "List", + "description": "Grants permission to list Projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe replication configuration template", - "privilege": "DescribeReplicationConfigurationTemplates", + "access_level": "List", + "description": "Grants permission to List subscription grants for a subscribed principal", + "privilege": "ListSubscriptionGrants", "resource_types": [ { "condition_keys": [], @@ -66926,9 +68273,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe replication server associations", - "privilege": "DescribeReplicationServerAssociationsForDrs", + "access_level": "List", + "description": "Grants permission to list subscription requests", + "privilege": "ListSubscriptionRequests", "resource_types": [ { "condition_keys": [], @@ -66938,9 +68285,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe snapshot requests", - "privilege": "DescribeSnapshotRequestsForDrs", + "access_level": "List", + "description": "Grants permission to list subscription targets", + "privilege": "ListSubscriptionTargets", "resource_types": [ { "condition_keys": [], @@ -66950,9 +68297,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe source networks", - "privilege": "DescribeSourceNetworks", + "access_level": "List", + "description": "Grants permission to list subscriptions", + "privilege": "ListSubscriptions", "resource_types": [ { "condition_keys": [], @@ -66963,102 +68310,80 @@ }, { "access_level": "Read", - "description": "Grants permission to describe source servers", - "privilege": "DescribeSourceServers", + "description": "Grants permission to retrieve all tags associated with a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect recovery instance", - "privilege": "DisconnectRecoveryInstance", + "access_level": "List", + "description": "Grants permission to list existing TimeSeriesDataPoints", + "privilege": "ListTimeSeriesDataPoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect source server", - "privilege": "DisconnectSourceServer", + "access_level": "List", + "description": "Grants permission to list available Manager Secrets", + "privilege": "ListWarehouseMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export CloudFormation template which contains source network resources", - "privilege": "ExportSourceNetworkCfnTemplate", + "description": "Grants permission to post a new TimeSeriesDataPoints", + "privilege": "PostTimeSeriesDataPoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetBucketLocation", - "s3:GetObject", - "s3:PutObject" - ], - "resource_type": "SourceNetworkResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent command", - "privilege": "GetAgentCommandForDrs", + "access_level": "Write", + "description": "Grants permission to provision domain with default project setup", + "privilege": "ProvisionDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent confirmed resume info", - "privilege": "GetAgentConfirmedResumeInfoForDrs", + "access_level": "Permissions management", + "description": "Grants permission to add a resource policy for a DataZone Domain", + "privilege": "PutDomainSharingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent installation assets", - "privilege": "GetAgentInstallationAssetsForDrs", + "access_level": "Write", + "description": "Grants permission to put environment blueprint configuration", + "privilege": "PutEnvironmentBlueprintConfiguration", "resource_types": [ { "condition_keys": [], @@ -67068,60 +68393,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get agent replication info", - "privilege": "GetAgentReplicationInfoForDrs", + "access_level": "Write", + "description": "Grants permission to refresh token", + "privilege": "RefreshToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent runtime configuration", - "privilege": "GetAgentRuntimeConfigurationForDrs", + "access_level": "Write", + "description": "Grants permission to reject prediction", + "privilege": "RejectPredictions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent snapshot credits", - "privilege": "GetAgentSnapshotCreditsForDrs", + "access_level": "Write", + "description": "Grants permission to reject a subscription request for a Data Asset", + "privilege": "RejectSubscriptionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get channel commands", - "privilege": "GetChannelCommandsForDrs", + "access_level": "Write", + "description": "Grants permission to remove a policy grant", + "privilege": "RemovePolicyGrant", "resource_types": [ { "condition_keys": [], @@ -67131,129 +68441,117 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get failback command", - "privilege": "GetFailbackCommandForDrs", + "access_level": "Write", + "description": "Grants permission to revoke a subscription", + "privilege": "RevokeSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get failback launch requested", - "privilege": "GetFailbackLaunchRequestedForDrs", + "access_level": "List", + "description": "Grants permission to search datazone entities", + "privilege": "Search", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get failback replication configuration", - "privilege": "GetFailbackReplicationConfiguration", + "access_level": "List", + "description": "Grants permission to search DataZone group profiles and IAM Identity Center groups", + "privilege": "SearchGroupProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get launch configuration", - "privilege": "GetLaunchConfiguration", + "access_level": "List", + "description": "Grants permission to search listings", + "privilege": "SearchListings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get replication configuration", - "privilege": "GetReplicationConfiguration", + "access_level": "List", + "description": "Grants permission to search types such asset types and form types in a domain", + "privilege": "SearchTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get suggested failback client device mapping", - "privilege": "GetSuggestedFailbackClientDeviceMappingForDrs", + "access_level": "List", + "description": "Grants permission to search DataZone user profiles, IAM Identity Center users, and DataZone IAM principal profiles", + "privilege": "SearchUserProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to initialize service", - "privilege": "InitializeService", + "description": "Grants permission to login using SSO", + "privilege": "SsoLogin", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AddRoleToInstanceProfile", - "iam:CreateInstanceProfile", - "iam:CreateServiceLinkedRole", - "iam:GetInstanceProfile" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to issue an agent certificate", - "privilege": "IssueAgentCertificateForDrs", + "description": "Grants permission to logout as SSO user", + "privilege": "SsoLogout", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list extensible source servers", - "privilege": "ListExtensibleSourceServers", + "access_level": "Write", + "description": "Grants permission to start a DataSource run job", + "privilege": "StartDataSourceRun", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "drs:DescribeSourceServers" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list staging accounts", - "privilege": "ListStagingAccounts", + "access_level": "Write", + "description": "Grants permission to start metadata generation run", + "privilege": "StartMetadataGenerationRun", "resource_types": [ { "condition_keys": [], @@ -67263,9 +68561,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to stop metadata generation run", + "privilege": "StopMetadataGenerationRun", "resource_types": [ { "condition_keys": [], @@ -67275,140 +68573,123 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to notify agent authentication", - "privilege": "NotifyAgentAuthenticationForDrs", + "access_level": "Tagging", + "description": "Grants permission to add or update tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "domain*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to notify agent is connected", - "privilege": "NotifyAgentConnectedForDrs", + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "domain*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to notify agent is disconnected", - "privilege": "NotifyAgentDisconnectedForDrs", + "description": "Grants permission to update existing DataSource", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to notify agent replication progress", - "privilege": "NotifyAgentReplicationProgressForDrs", + "description": "Grants permission to update data source run activities", + "privilege": "UpdateDataSourceRunActivities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to notify consistency attained", - "privilege": "NotifyConsistencyAttainedForDrs", + "description": "Grants permission to update information for a domain", + "privilege": "UpdateDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify replication server authentication", - "privilege": "NotifyReplicationServerAuthenticationForDrs", + "description": "Grants permission to update Environment settings", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to notify replicator volume events", - "privilege": "NotifyVolumeEventForDrs", + "description": "Grants permission to update Environment Blueprint settings", + "privilege": "UpdateEnvironmentBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to retry data replication", - "privilege": "RetryDataReplication", + "description": "Grants permission to update environment configuration", + "privilege": "UpdateEnvironmentConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reverse replication", - "privilege": "ReverseReplication", + "description": "Grants permission to update status of the Environment deployment", + "privilege": "UpdateEnvironmentDeploymentStatus", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "drs:DescribeReplicationConfigurationTemplates", - "drs:DescribeSourceServers", - "ec2:DescribeInstances" - ], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } @@ -67416,42 +68697,56 @@ }, { "access_level": "Write", - "description": "Grants permission to send agent logs", - "privilege": "SendAgentLogsForDrs", + "description": "Grants permission to update EnvironmentProfile configuration", + "privilege": "UpdateEnvironmentProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a business glossary", + "privilege": "UpdateGlossary", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send agent metrics", - "privilege": "SendAgentMetricsForDrs", + "description": "Grants permission to update a glossary term", + "privilege": "UpdateGlossaryTerm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a DataZone group profile", + "privilege": "UpdateGroupProfile", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send channel command result", - "privilege": "SendChannelCommandResultForDrs", + "description": "Grants permission to update a Project that enables your team to publish and subscribe to data", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], @@ -67462,8 +68757,8 @@ }, { "access_level": "Write", - "description": "Grants permission to send client logs", - "privilege": "SendClientLogsForDrs", + "description": "Grants permission to update a subscription grant status for custom grants", + "privilege": "UpdateSubscriptionGrantStatus", "resource_types": [ { "condition_keys": [], @@ -67474,8 +68769,8 @@ }, { "access_level": "Write", - "description": "Grants permission to send client metrics", - "privilege": "SendClientMetricsForDrs", + "description": "Grants permission to update business reason for subscription request for a Data Asset", + "privilege": "UpdateSubscriptionRequest", "resource_types": [ { "condition_keys": [], @@ -67486,297 +68781,340 @@ }, { "access_level": "Write", - "description": "Grants permission to send volume throughput statistics", - "privilege": "SendVolumeStatsForDrs", + "description": "Grants permission to update a subscription target", + "privilege": "UpdateSubscriptionTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start failback launch", - "privilege": "StartFailbackLaunch", + "description": "Grants permission to update a DataZone user profile", + "privilege": "UpdateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start recovery", - "privilege": "StartRecovery", + "description": "Grants permission to validate pass role", + "privilege": "ValidatePassRole", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "drs:CreateRecoveryInstanceForDrs", - "drs:ListTagsForResource", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:CreateSnapshot", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteLaunchTemplateVersions", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyLaunchTemplate", - "ec2:RevokeSecurityGroupEgress", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "iam:PassRole" - ], - "resource_type": "SourceServerResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:datazone:${Region}:${Account}:domain/${DomainId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain" + } + ], + "service_name": "Amazon DataZone" + }, + { + "conditions": [ + { + "condition": "dax:EnclosingOperation", + "description": "Used to block Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", + "type": "String" + } + ], + "prefix": "dax", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to return the attributes of one or more items from one or more tables", + "privilege": "BatchGetItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] }, { "access_level": "Write", - "description": "Grants permission to start replication", - "privilege": "StartReplication", + "description": "Grants permission to put or delete multiple items in one or more tables", + "privilege": "BatchWriteItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to the ConditionCheckItem operation that checks the existence of a set of attributes for the item with the given primary key", + "privilege": "ConditionCheckItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to start network recovery", - "privilege": "StartSourceNetworkRecovery", + "description": "Grants permission to create a DAX cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "cloudformation:CreateStack", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStacks", - "cloudformation:UpdateStack", - "drs:GetLaunchConfiguration", - "ec2:CreateLaunchTemplateVersion", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", + "dax:CreateParameterGroup", + "dax:CreateSubnetGroup", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", - "ec2:ModifyLaunchTemplate", - "s3:GetObject", - "s3:PutObject" - ], - "resource_type": "SourceNetworkResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iam:GetRole", + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to start network replication", - "privilege": "StartSourceNetworkReplication", + "description": "Grants permission to create a parameter group", + "privilege": "CreateParameterGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceNetworkResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop failback", - "privilege": "StopFailback", + "description": "Grants permission to create a subnet group", + "privilege": "CreateSubnetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop replication", - "privilege": "StopReplication", + "description": "Grants permission to remove one or more nodes from a DAX cluster", + "privilege": "DecreaseReplicationFactor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop network replication", - "privilege": "StopSourceNetworkReplication", + "description": "Grants permission to delete a previously provisioned DAX cluster", + "privilege": "DeleteCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceNetworkResource*" + "resource_type": "application*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign a resource tag", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a single item in a table by primary key", + "privilege": "DeleteItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobResource" + "resource_type": "application*" }, { - "condition_keys": [], + "condition_keys": [ + "dax:EnclosingOperation" + ], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified parameter group", + "privilege": "DeleteParameterGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a subnet group", + "privilege": "DeleteSubnetGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return information about all provisioned DAX clusters", + "privilege": "DescribeClusters", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceNetworkResource" - }, + "resource_type": "application" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return the default system parameter information for DAX", + "privilege": "DescribeDefaultParameters", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return events related to DAX clusters and parameter groups", + "privilege": "DescribeEvents", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "drs:CreateAction" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to terminate recovery instances", - "privilege": "TerminateRecoveryInstances", + "access_level": "List", + "description": "Grants permission to return a list of parameter group descriptions", + "privilege": "DescribeParameterGroups", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "drs:DescribeSourceServers", - "ec2:DeleteVolume", - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "ec2:TerminateInstances" - ], - "resource_type": "RecoveryInstanceResource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to return the detailed parameter list for a particular parameter group", + "privilege": "DescribeParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of subnet group descriptions", + "privilege": "DescribeSubnetGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", + "privilege": "GetItem", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource" + "resource_type": "application*" }, + { + "condition_keys": [ + "dax:EnclosingOperation" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add one or more nodes to a DAX cluster", + "privilege": "IncreaseReplicationFactor", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a list all of the tags for a DAX cluster", + "privilege": "ListTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceNetworkResource" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new item, or replace an old item with a new item", + "privilege": "PutItem", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource" + "resource_type": "application*" }, { "condition_keys": [ - "aws:TagKeys" + "dax:EnclosingOperation" ], "dependent_actions": [], "resource_type": "" @@ -67784,326 +69122,444 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update agent backlog", - "privilege": "UpdateAgentBacklogForDrs", + "access_level": "Read", + "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", + "privilege": "Query", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reboot a single node of a DAX cluster", + "privilege": "RebootNode", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent conversion info", - "privilege": "UpdateAgentConversionInfoForDrs", + "access_level": "Read", + "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", + "privilege": "Scan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to associate a set of tags with a DAX resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent replication info", - "privilege": "UpdateAgentReplicationInfoForDrs", + "access_level": "Tagging", + "description": "Grants permission to remove the association of tags from a DAX resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the settings for a DAX cluster", + "privilege": "UpdateCluster", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update agent replication process state", - "privilege": "UpdateAgentReplicationProcessStateForDrs", + "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", + "privilege": "UpdateItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "application*" }, { - "condition_keys": [], + "condition_keys": [ + "dax:EnclosingOperation" + ], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update agent source properties", - "privilege": "UpdateAgentSourcePropertiesForDrs", + "description": "Grants permission to modify the parameters of a parameter group", + "privilege": "UpdateParameterGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing subnet group", + "privilege": "UpdateSubnetGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:dax:${Region}:${Account}:cache/${ClusterName}", + "condition_keys": [], + "resource": "application" + } + ], + "service_name": "Amazon DynamoDB Accelerator (DAX)" + }, + { + "conditions": [], + "prefix": "dbqms", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to update failback client device mapping", - "privilege": "UpdateFailbackClientDeviceMappingForDrs", + "description": "Grants permission to create a new favorite query", + "privilege": "CreateFavoriteQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update failback client last seen", - "privilege": "UpdateFailbackClientLastSeenForDrs", + "description": "Grants permission to add a query to the history", + "privilege": "CreateQueryHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update failback replication configuration", - "privilege": "UpdateFailbackReplicationConfiguration", + "description": "Grants permission to create a new query tab", + "privilege": "CreateTab", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update launch configuration", - "privilege": "UpdateLaunchConfiguration", + "description": "Grants permission to delete saved queries", + "privilege": "DeleteFavoriteQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update launch configuration", - "privilege": "UpdateLaunchConfigurationTemplate", + "description": "Grants permission to delete a historical query", + "privilege": "DeleteQueryHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a replication certificate", - "privilege": "UpdateReplicationCertificateForDrs", + "description": "Grants permission to delete query tab", + "privilege": "DeleteTab", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RecoveryInstanceResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update replication configuration", - "privilege": "UpdateReplicationConfiguration", + "access_level": "List", + "description": "Grants permission to list saved queries and associated metadata", + "privilege": "DescribeFavoriteQueries", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetEbsDefaultKmsKeyId", - "ec2:GetEbsEncryptionByDefault", - "kms:CreateGrant", - "kms:DescribeKey" - ], - "resource_type": "SourceServerResource*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update replication configuration template", - "privilege": "UpdateReplicationConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list history of queries that were run", + "privilege": "DescribeQueryHistory", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetEbsDefaultKmsKeyId", - "ec2:GetEbsEncryptionByDefault", - "kms:CreateGrant", - "kms:DescribeKey" - ], - "resource_type": "ReplicationConfigurationTemplateResource*" + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:drs:${Region}:${Account}:job/${JobID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "JobResource" }, { - "arn": "arn:${Partition}:drs:${Region}:${Account}:recovery-instance/${RecoveryInstanceID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "drs:EC2InstanceARN" - ], - "resource": "RecoveryInstanceResource" + "access_level": "List", + "description": "Grants permission to list query tabs and associated metadata", + "privilege": "DescribeTabs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:drs:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ReplicationConfigurationTemplateResource" + "access_level": "Read", + "description": "Grants permission to retrieve favorite or history query string by id", + "privilege": "GetQueryString", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:drs:${Region}:${Account}:launch-configuration-template/${LaunchConfigurationTemplateID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "LaunchConfigurationTemplateResource" + "access_level": "Write", + "description": "Grants permission to update saved query and description", + "privilege": "UpdateFavoriteQuery", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:drs:${Region}:${Account}:source-server/${SourceServerID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "SourceServerResource" + "access_level": "Write", + "description": "Grants permission to update the query history", + "privilege": "UpdateQueryHistory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:drs:${Region}:${Account}:source-network/${SourceNetworkID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "SourceNetworkResource" + "access_level": "Write", + "description": "Grants permission to update query tab", + "privilege": "UpdateTab", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], - "service_name": "AWS Elastic Disaster Recovery" + "resources": [], + "service_name": "Database Query Metadata Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the value of the request to AWS DS", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the AWS DS Resource being acted upon", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" + }, + { + "condition": "deadline:AssociatedMembershipLevel", + "description": "Filters access by the associated membership level of the principal provided in the request", + "type": "String" + }, + { + "condition": "deadline:FarmMembershipLevels", + "description": "Filters access by membership levels on the farm", + "type": "ArrayOfString" + }, + { + "condition": "deadline:FleetMembershipLevels", + "description": "Filters access by membership levels on the fleet", + "type": "ArrayOfString" + }, + { + "condition": "deadline:JobMembershipLevels", + "description": "Filters access by membership levels on the job", + "type": "ArrayOfString" + }, + { + "condition": "deadline:MembershipLevel", + "description": "Filters access by the membership level passed in the request", + "type": "String" + }, + { + "condition": "deadline:PrincipalId", + "description": "Filters access by the principle ID provided in the request", + "type": "String" + }, + { + "condition": "deadline:QueueMembershipLevels", + "description": "Filters access by membership levels on the queue", + "type": "ArrayOfString" + }, + { + "condition": "deadline:RequesterPrincipalId", + "description": "Filters access by the user calling the Deadline Cloud API", + "type": "String" } ], - "prefix": "ds", + "prefix": "deadline", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to accept a directory sharing request that was sent from the directory owner account", - "privilege": "AcceptSharedDirectory", + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a farm", + "privilege": "AssociateMemberToFarm", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services", - "privilege": "AddIpRoutes", + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a fleet", + "privilege": "AssociateMemberToFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DescribeSecurityGroups" + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "directory*" + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add two domain controllers in the specified Region for the specified directory", - "privilege": "AddRegion", + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a job", + "privilege": "AssociateMemberToJob", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite one or more tags for the specified Amazon Directory Services directory", - "privilege": "AddTagsToResource", + "access_level": "Permissions management", + "description": "Grants permission to associate a member to a queue", + "privilege": "AssociateMemberToQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "directory*" + "resource_type": "queue*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "deadline:AssociatedMembershipLevel", + "deadline:MembershipLevel" ], "dependent_actions": [], "resource_type": "" @@ -68112,129 +69568,150 @@ }, { "access_level": "Write", - "description": "Grants permission to authorize an application for your AWS Directory", - "privilege": "AuthorizeApplication", + "description": "Grants permission to assume a fleet role for read-only access", + "privilege": "AssumeFleetRoleForRead", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an in-progress schema extension to a Microsoft AD directory", - "privilege": "CancelSchemaExtension", + "description": "Grants permission to assume a fleet role for a worker", + "privilege": "AssumeFleetRoleForWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "worker*" } ] }, { - "access_level": "Read", - "description": "Grants permission to verify that the alias is available for use", - "privilege": "CheckAlias", + "access_level": "Write", + "description": "Grants permission to assume a queue role for read-only access", + "privilege": "AssumeQueueRoleForRead", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AD Connector to connect to an on-premises directory", - "privilege": "ConnectDirectory", + "description": "Grants permission to assume a queue role for a user", + "privilege": "AssumeQueueRoleForUser", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "" + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an alias for a directory and assigns the alias to the directory", - "privilege": "CreateAlias", + "description": "Grants permission to assume a queue role for a worker", + "privilege": "AssumeQueueRoleForWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "queue*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "worker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a computer account in the specified directory, and joins the computer to the directory", - "privilege": "CreateComputer", + "access_level": "Read", + "description": "Grants permission to get a job entity for a worker", + "privilege": "BatchGetJobEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "worker*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a conditional forwarder associated with your AWS directory", - "privilege": "CreateConditionalForwarder", + "description": "Grants permission to copy a job template to an Amazon S3 bucket", + "privilege": "CopyJobTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember", + "s3:PutObject" + ], + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Simple AD directory", - "privilege": "CreateDirectory", + "description": "Grants permission to create a budget", + "privilege": "CreateBudget", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a farm", + "privilege": "CreateFarm", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "farm*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an IdentityPool Directory in the AWS cloud", - "privilege": "CreateIdentityPoolDirectory", + "description": "Grants permission to create a fleet", + "privilege": "CreateFleet", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember", + "logs:CreateLogGroup" + ], + "resource_type": "fleet*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -68247,293 +69724,380 @@ }, { "access_level": "Write", - "description": "Grants permission to create a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account", - "privilege": "CreateLogSubscription", + "description": "Grants permission to create a job", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Microsoft AD in the AWS cloud", - "privilege": "CreateMicrosoftAD", + "description": "Grants permission to create a license endpoint for licensed software or products", + "privilege": "CreateLicenseEndpoint", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateTags", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "license-endpoint*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud", - "privilege": "CreateSnapshot", + "description": "Grants permission to create a monitor", + "privilege": "CreateMonitor", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "iam:PassRole", + "sso:CreateApplication", + "sso:DeleteApplication", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" + ], + "resource_type": "monitor*" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain", - "privilege": "CreateTrust", + "description": "Grants permission to create a queue", + "privilege": "CreateQueue", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember", + "logs:CreateLogGroup", + "s3:ListBucket" + ], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a conditional forwarder that has been set up for your AWS directory", - "privilege": "DeleteConditionalForwarder", + "description": "Grants permission to create a queue environment", + "privilege": "CreateQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Directory Service directory", - "privilege": "DeleteDirectory", + "description": "Grants permission to create a queue-fleet association", + "privilege": "CreateQueueFleetAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeNetworkInterfaces", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "directory*" + "resource_type": "fleet*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified log subscription", - "privilege": "DeleteLogSubscription", + "description": "Grants permission to create a storage profile for a farm", + "privilege": "CreateStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a directory snapshot", - "privilege": "DeleteSnapshot", + "description": "Grants permission to create a worker", + "privilege": "CreateWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "worker*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain", - "privilege": "DeleteTrust", + "description": "Grants permission to delete a budget", + "privilege": "DeleteBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete from the system the certificate that was registered for a secured LDAP connection", - "privilege": "DeregisterCertificate", + "description": "Grants permission to delete a farm", + "privilege": "DeleteFarm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the specified directory as a publisher to the specified SNS topic", - "privilege": "DeregisterEventTopic", + "description": "Grants permission to delete a fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to display information about the certificate registered for a secured LDAP connection", - "privilege": "DescribeCertificate", + "access_level": "Write", + "description": "Grants permission to delete a license endpoint", + "privilege": "DeleteLicenseEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "license-endpoint*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported", - "privilege": "DescribeClientAuthenticationSettings", + "access_level": "Write", + "description": "Grants permission to delete a metered product", + "privilege": "DeleteMeteredProduct", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "metered-product*" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about the conditional forwarders for this account", - "privilege": "DescribeConditionalForwarders", + "access_level": "Write", + "description": "Grants permission to delete a monitor", + "privilege": "DeleteMonitor", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "sso:DeleteApplication" + ], + "resource_type": "monitor*" } ] }, { - "access_level": "List", - "description": "Grants permission to obtain information about the directories that belong to this account", - "privilege": "DescribeDirectories", + "access_level": "Write", + "description": "Grants permission to delete a queue", + "privilege": "DeleteQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide information about any domain controllers in your directory", - "privilege": "DescribeDomainControllers", + "access_level": "Write", + "description": "Grants permission to delete a queue environment", + "privilege": "DeleteQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about which SNS topics receive status messages from the specified directory", - "privilege": "DescribeEventTopics", + "access_level": "Write", + "description": "Grants permission to delete a queue-fleet association", + "privilege": "DeleteQueueFleetAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the status of LDAP security for the specified directory", - "privilege": "DescribeLDAPSSettings", + "access_level": "Write", + "description": "Grants permission to delete a storage profile", + "privilege": "DeleteStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide information about the Regions that are configured for multi-Region replication", - "privilege": "DescribeRegions", + "access_level": "Write", + "description": "Grants permission to delete a worker", + "privilege": "DeleteWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "worker*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the configurable settings for the specified directory", - "privilege": "DescribeSettings", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a farm", + "privilege": "DisassociateMemberFromFarm", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the shared directories in your account", - "privilege": "DescribeSharedDirectories", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a fleet", + "privilege": "DisassociateMemberFromFleet", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about the directory snapshots that belong to this account", - "privilege": "DescribeSnapshots", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a job", + "privilege": "DisassociateMemberFromJob", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about the trust relationships for this account", - "privilege": "DescribeTrusts", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a member from a queue", + "privilege": "DisassociateMemberFromQueue", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "deadline:AssociatedMembershipLevel" + ], "dependent_actions": [], "resource_type": "" } @@ -68541,298 +70105,361 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the updates of a directory for a particular update type", - "privilege": "DescribeUpdateDirectory", + "description": "Grants permission to get the latest version of an application", + "privilege": "GetApplicationVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable alternative client authentication methods for the specified directory", - "privilege": "DisableClientAuthentication", + "access_level": "Read", + "description": "Grants permission to get a budget", + "privilege": "GetBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deactivate LDAP secure calls for the specified directory", - "privilege": "DisableLDAPS", + "access_level": "Read", + "description": "Grants permission to get a farm", + "privilege": "GetFarm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory", - "privilege": "DisableRadius", + "access_level": "Read", + "description": "Grants permission to get a fleet", + "privilege": "GetFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable single-sign on for a directory", - "privilege": "DisableSso", + "access_level": "Read", + "description": "Grants permission to get a job", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable alternative client authentication methods for the specified directory", - "privilege": "EnableClientAuthentication", + "access_level": "Read", + "description": "Grants permission to get a license endpoint", + "privilege": "GetLicenseEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "license-endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate the switch for the specific directory to always use LDAP secure calls", - "privilege": "EnableLDAPS", + "access_level": "Read", + "description": "Grants permission to get a monitor", + "privilege": "GetMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory", - "privilege": "EnableRadius", + "access_level": "Read", + "description": "Grants permission to get a queue", + "privilege": "GetQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable single-sign on for a directory", - "privilege": "EnableSso", + "access_level": "Read", + "description": "Grants permission to get a queue environment", + "privilege": "GetQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the details of the authorized applications on a directory", - "privilege": "GetAuthorizedApplicationDetails", + "description": "Grants permission to get a queue-fleet association", + "privilege": "GetQueueFleetAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "queue*" } ] }, { "access_level": "Read", - "description": "Grants permission to obtain directory limit information for the current region", - "privilege": "GetDirectoryLimits", + "description": "Grants permission to get a session for a job", + "privilege": "GetSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to obtain the manual snapshot limits for a directory", - "privilege": "GetSnapshotLimits", + "description": "Grants permission to get a session action for a job", + "privilege": "GetSessionAction", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to obtain the AWS applications authorized for a directory", - "privilege": "ListAuthorizedApplications", + "description": "Grants permission to get all collected statistics for sessions", + "privilege": "GetSessionsStatisticsAggregation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the certificates registered for a secured LDAP connection, for the specified directory", - "privilege": "ListCertificates", + "access_level": "Read", + "description": "Grants permission to get a step in a job", + "privilege": "GetStep", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the address blocks that you have added to a directory", - "privilege": "ListIpRoutes", + "description": "Grants permission to get a storage profile", + "privilege": "GetStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the active log subscriptions for the AWS account", - "privilege": "ListLogSubscriptions", + "description": "Grants permission to get a storage profile for a queue", + "privilege": "GetStorageProfileForQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all schema extensions applied to a Microsoft AD Directory", - "privilege": "ListSchemaExtensions", + "access_level": "Read", + "description": "Grants permission to get a job task", + "privilege": "GetTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all tags on an Amazon Directory Services directory", - "privilege": "ListTagsForResource", + "description": "Grants permission to get a worker", + "privilege": "GetWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "worker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register a certificate for secured LDAP connection", - "privilege": "RegisterCertificate", + "access_level": "List", + "description": "Grants permission to list all available metered products within a license endpoint", + "privilege": "ListAvailableMeteredProducts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a directory with an SNS topic", - "privilege": "RegisterEventTopic", + "access_level": "List", + "description": "Grants permission to list all budgets for a farm", + "privilege": "ListBudgets", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "sns:GetTopicAttributes" + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "directory*" + "resource_type": "budget*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reject a directory sharing request that was sent from the directory owner account", - "privilege": "RejectSharedDirectory", + "access_level": "List", + "description": "Grants permission to list all members of a farm", + "privilege": "ListFarmMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove IP address blocks from a directory", - "privilege": "RemoveIpRoutes", + "access_level": "List", + "description": "Grants permission to list all farms", + "privilege": "ListFarms", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" + }, + { + "condition_keys": [ + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation", - "privilege": "RemoveRegion", + "access_level": "List", + "description": "Grants permission to list all members of a fleet", + "privilege": "ListFleetMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon Directory Services directory", - "privilege": "RemoveTagsFromResource", + "access_level": "List", + "description": "Grants permission to list all fleets", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:DeleteTags" + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" ], - "resource_type": "directory*" + "resource_type": "fleet*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -68840,843 +70467,977 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reset the password for any user in your AWS Managed Microsoft AD or Simple AD directory", - "privilege": "ResetUserPassword", + "access_level": "List", + "description": "Grants permission to list all members of a job", + "privilege": "ListJobMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore a directory using an existing directory snapshot", - "privilege": "RestoreFromSnapshot", + "access_level": "List", + "description": "Grants permission to list all jobs in a queue", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" + }, + { + "condition_keys": [ + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to share a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region", - "privilege": "ShareDirectory", + "access_level": "List", + "description": "Grants permission to list all license endpoints", + "privilege": "ListLicenseEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "license-endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to apply a schema extension to a Microsoft AD directory", - "privilege": "StartSchemaExtension", + "access_level": "List", + "description": "Grants permission to list all metered products in a license endpoint", + "privilege": "ListMeteredProducts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "metered-product*" } ] }, { - "access_level": "Write", - "description": "Grants permission to unauthorize an application from your AWS Directory", - "privilege": "UnauthorizeApplication", + "access_level": "List", + "description": "Grants permission to list all monitors", + "privilege": "ListMonitors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop the directory sharing between the directory owner and consumer accounts", - "privilege": "UnshareDirectory", + "access_level": "List", + "description": "Grants permission to list all queue environments to which a queue is associated", + "privilege": "ListQueueEnvironments", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a conditional forwarder that has been set up for your AWS directory", - "privilege": "UpdateConditionalForwarder", + "access_level": "List", + "description": "Grants permission to list all queue-fleet associations", + "privilege": "ListQueueFleetAssociations", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the directory for a particular update type", - "privilege": "UpdateDirectorySetup", + "access_level": "List", + "description": "Grants permission to list all members in a queue", + "privilege": "ListQueueMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add or remove domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request", - "privilege": "UpdateNumberOfDomainControllers", + "access_level": "List", + "description": "Grants permission to list all queues on a farm", + "privilege": "ListQueues", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "identitystore:DescribeGroup", + "identitystore:DescribeUser", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" + }, + { + "condition_keys": [ + "deadline:PrincipalId", + "deadline:RequesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "directory*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory", - "privilege": "UpdateRadius", + "access_level": "List", + "description": "Grants permission to list all session actions for a job", + "privilege": "ListSessionActions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configurable settings for the specified directory", - "privilege": "UpdateSettings", + "access_level": "List", + "description": "Grants permission to list all sessions for a job", + "privilege": "ListSessions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory", - "privilege": "UpdateTrust", + "access_level": "List", + "description": "Grants permission to list all sessions for a worker", + "privilege": "ListSessionsForWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "worker*" } ] }, { - "access_level": "Read", - "description": "Grants permission to verify a trust relationship between your Microsoft AD in the AWS cloud and an external domain", - "privilege": "VerifyTrust", + "access_level": "List", + "description": "Grants permission to list the step consumers for a job step", + "privilege": "ListStepConsumers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "directory*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "directory" - } - ], - "service_name": "AWS Directory Service" - }, - { - "conditions": [ - { - "condition": "dynamodb:Attributes", - "description": "Filters access by attribute (field or column) names of the table", - "type": "ArrayOfString" - }, - { - "condition": "dynamodb:EnclosingOperation", - "description": "Filters access by blocking Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", - "type": "String" - }, - { - "condition": "dynamodb:FullTableScan", - "description": "Filters access by blocking full table scan", - "type": "Bool" - }, - { - "condition": "dynamodb:LeadingKeys", - "description": "Filters access by the partition key of the table", - "type": "ArrayOfString" - }, - { - "condition": "dynamodb:ReturnConsumedCapacity", - "description": "Filters access by the ReturnConsumedCapacity parameter of a request. Contains either \"TOTAL\" or \"NONE\"", - "type": "String" - }, - { - "condition": "dynamodb:ReturnValues", - "description": "Filters access by the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\"", - "type": "String" }, { - "condition": "dynamodb:Select", - "description": "Filters access by the Select parameter of a Query or Scan request", - "type": "String" - } - ], - "prefix": "dynamodb", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to return the attributes of one or more items from one or more tables", - "privilege": "BatchGetItem", + "access_level": "List", + "description": "Grants permission to list dependencies for a job step", + "privilege": "ListStepDependencies", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:Select" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put or delete multiple items in one or more tables", - "privilege": "BatchWriteItem", + "access_level": "List", + "description": "Grants permission to list all steps for a job", + "privilege": "ListSteps", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to the ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key", - "privilege": "ConditionCheckItem", + "access_level": "List", + "description": "Grants permission to list all storage profiles in a farm", + "privilege": "ListStorageProfiles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "farm*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a backup for an existing table", - "privilege": "CreateBackup", + "access_level": "List", + "description": "Grants permission to list all storage profiles in a queue", + "privilege": "ListStorageProfilesForQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a global table from an existing table", - "privilege": "CreateGlobalTable", + "access_level": "List", + "description": "Grants permission to list all tags on specified Deadline Cloud resources", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" + "resource_type": "farm" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" } ] }, { - "access_level": "Write", - "description": "Grants permission to the CreateTable operation adds a new table to your account", - "privilege": "CreateTable", + "access_level": "List", + "description": "Grants permission to list all tasks for a job", + "privilege": "ListTasks", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a new replica table", - "privilege": "CreateTableReplica", + "access_level": "List", + "description": "Grants permission to list all workers in a fleet", + "privilege": "ListWorkers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "worker*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing backup of a table", - "privilege": "DeleteBackup", + "description": "Grants permission to add a metered product to a license endpoint", + "privilege": "PutMeteredProduct", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "backup*" + "resource_type": "metered-product*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deletes a single item in a table by primary key", - "privilege": "DeleteItem", + "access_level": "List", + "description": "Grants permission to search for jobs in multiple queues", + "privilege": "SearchJobs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "queue*" } ] }, { - "access_level": "Write", - "description": "Grants permission to the DeleteTable operation which deletes a table and all of its items", - "privilege": "DeleteTable", + "access_level": "List", + "description": "Grants permission to search the steps within a single job or to search the steps for multiple queues", + "privilege": "SearchSteps", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "queue" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a replica table and all of its items", - "privilege": "DeleteTableReplica", + "access_level": "List", + "description": "Grants permission to search the tasks within a single job or to search the tasks for multiple queues", + "privilege": "SearchTasks", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "queue" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an existing backup of a table", - "privilege": "DescribeBackup", + "access_level": "List", + "description": "Grants permission to search for workers in multiple fleets", + "privilege": "SearchWorkers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to check the status of the backup restore settings on the specified table", - "privilege": "DescribeContinuousBackups", + "description": "Grants permission to get all collected statistics for sessions", + "privilege": "StartSessionsStatisticsAggregation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "queue" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the contributor insights status and related details for a given table or global secondary index", - "privilege": "DescribeContributorInsights", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for the specified Deadline Cloud resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "farm" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return the regional endpoint information", - "privilege": "DescribeEndpoints", - "resource_types": [ + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-endpoint" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "queue" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an existing Export of a table", - "privilege": "DescribeExport", + "access_level": "Tagging", + "description": "Grants permission to disassociate one or more tags from the specified Deadline Cloud resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "export*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return information about the specified global table", - "privilege": "DescribeGlobalTable", - "resource_types": [ + "resource_type": "farm" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to return settings information about the specified global table", - "privilege": "DescribeGlobalTableSettings", - "resource_types": [ + "resource_type": "fleet" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" + "resource_type": "license-endpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "queue" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an existing import", - "privilege": "DescribeImport", + "access_level": "Write", + "description": "Grants permission to update a budget", + "privilege": "UpdateBudget", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "import*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "budget*" } ] }, { - "access_level": "Read", - "description": "Grants permission to grant permission to describe the status of Kinesis streaming and related details for a given table", - "privilege": "DescribeKinesisStreamingDestination", + "access_level": "Write", + "description": "Grants permission to update a farm", + "privilege": "UpdateFarm", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there", - "privilege": "DescribeLimits", + "access_level": "Write", + "description": "Grants permission to update a fleet", + "privilege": "UpdateFleet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe one or more of the Reserved Capacity purchased", - "privilege": "DescribeReservedCapacity", + "access_level": "Write", + "description": "Grants permission to update a job", + "privilege": "UpdateJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe Reserved Capacity offerings that are available for purchase", - "privilege": "DescribeReservedCapacityOfferings", + "access_level": "Write", + "description": "Grants permission to update a monitor", + "privilege": "UpdateMonitor", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole", + "sso:PutApplicationGrant", + "sso:UpdateApplication" + ], + "resource_type": "monitor*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table", - "privilege": "DescribeStream", + "access_level": "Write", + "description": "Grants permission to update a queue", + "privilege": "UpdateQueue", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream*" + "dependent_actions": [ + "iam:PassRole", + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the table", - "privilege": "DescribeTable", + "access_level": "Write", + "description": "Grants permission to update a queue environment", + "privilege": "UpdateQueueEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the auto scaling settings across all replicas of the global table", - "privilege": "DescribeTableReplicaAutoScaling", + "access_level": "Write", + "description": "Grants permission to update a queue-fleet association", + "privilege": "UpdateQueueFleetAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to give a description of the Time to Live (TTL) status on the specified table", - "privilege": "DescribeTimeToLive", + "access_level": "Write", + "description": "Grants permission to update a session for a job", + "privilege": "UpdateSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to grant permission to stop replication from the DynamoDB table to the Kinesis data stream", - "privilege": "DisableKinesisStreamingDestination", + "description": "Grants permission to update a step for a job", + "privilege": "UpdateStep", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to grant permission to start table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow", - "privilege": "EnableKinesisStreamingDestination", + "description": "Grants permission to update a storage profile for a farm", + "privilege": "UpdateStorageProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "farm*" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate an Export of a DynamoDB table to S3", - "privilege": "ExportTableToPointInTime", + "description": "Grants permission to update a task", + "privilege": "UpdateTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "dependent_actions": [ + "identitystore:ListGroupMembershipsForMember" + ], + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", - "privilege": "GetItem", + "access_level": "Write", + "description": "Grants permission to update a worker", + "privilege": "UpdateWorker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:Select" + "dependent_actions": [ + "logs:CreateLogStream" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "worker*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the stream records from a given shard", - "privilege": "GetRecords", + "access_level": "Write", + "description": "Grants permission to update the schedule for a worker", + "privilege": "UpdateWorkerSchedule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream*" + "dependent_actions": [ + "logs:CreateLogStream" + ], + "resource_type": "worker*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/budget/${BudgetId}", + "condition_keys": [ + "deadline:FarmMembershipLevels" + ], + "resource": "budget" }, { - "access_level": "Read", - "description": "Grants permission to return a shard iterator", - "privilege": "GetShardIterator", + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels" + ], + "resource": "farm" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels", + "deadline:FleetMembershipLevels" + ], + "resource": "fleet" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}/job/${JobId}", + "condition_keys": [ + "deadline:FarmMembershipLevels", + "deadline:JobMembershipLevels", + "deadline:QueueMembershipLevels" + ], + "resource": "job" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "license-endpoint" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:license-endpoint/${LicenseEndpointId}/metered-product/${ProductId}", + "condition_keys": [], + "resource": "metered-product" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:monitor/${MonitorId}", + "condition_keys": [], + "resource": "monitor" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/queue/${QueueId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deadline:FarmMembershipLevels", + "deadline:QueueMembershipLevels" + ], + "resource": "queue" + }, + { + "arn": "arn:${Partition}:deadline:${Region}:${Account}:farm/${FarmId}/fleet/${FleetId}/worker/${WorkerId}", + "condition_keys": [ + "deadline:FarmMembershipLevels", + "deadline:FleetMembershipLevels" + ], + "resource": "worker" + } + ], + "service_name": "AWS Deadline Cloud" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "deepcomposer", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a DeepComposer coupon (or DSN) with the account associated with the sender of the request", + "privilege": "AssociateCoupon", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate an import from S3 to a DynamoDB table", - "privilege": "ImportTable", + "description": "Grants permission to create an audio file by converting the midi composition into a wav or mp3 file", + "privilege": "CreateAudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "audio*" } ] }, { - "access_level": "List", - "description": "Grants permission to list backups associated with the account and endpoint", - "privilege": "ListBackups", + "access_level": "Write", + "description": "Grants permission to create a multi-track midi composition", + "privilege": "CreateComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "composition*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the ContributorInsightsSummary for all tables and global secondary indexes associated with the current account and endpoint", - "privilege": "ListContributorInsights", + "access_level": "Write", + "description": "Grants permission to start creating/training a generative-model that is able to perform inference against the user-provided piano-melody to create a multi-track midi composition", + "privilege": "CreateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list exports associated with the account and endpoint", - "privilege": "ListExports", + "access_level": "Write", + "description": "Grants permission to delete the composition", + "privilege": "DeleteComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "composition*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all global tables that have a replica in the specified region", - "privilege": "ListGlobalTables", + "access_level": "Write", + "description": "Grants permission to delete the model", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list imports associated with the account and endpoint", - "privilege": "ListImports", + "access_level": "Read", + "description": "Grants permission to get information about the composition", + "privilege": "GetComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "composition*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return an array of stream ARNs associated with the current account and endpoint", - "privilege": "ListStreams", + "description": "Grants permission to get information about the model", + "privilege": "GetModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return an array of table names associated with the current account and endpoint", - "privilege": "ListTables", + "access_level": "Read", + "description": "Grants permission to get information about the sample/pre-trained DeepComposer model", + "privilege": "GetSampleModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags on an Amazon DynamoDB resource", - "privilege": "ListTagsOfResource", + "access_level": "List", + "description": "Grants permission to list all the compositions owned by the sender of the request", + "privilege": "ListCompositions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "composition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a single item in a table by primary key", - "privilege": "PartiQLDelete", + "access_level": "List", + "description": "Grants permission to list all the models owned by the sender of the request", + "privilege": "ListModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys", - "dynamodb:ReturnValues" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new item, if an item with same primary key does not exist in the table", - "privilege": "PartiQLInsert", + "access_level": "List", + "description": "Grants permission to list all the sample/pre-trained models provided by the DeepComposer service", + "privilege": "ListSampleModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to read a set of attributes for items from a table or index", - "privilege": "PartiQLSelect", + "access_level": "List", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "composition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" + "resource_type": "model" }, { "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:FullTableScan", - "dynamodb:LeadingKeys", - "dynamodb:Select" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -69684,56 +71445,37 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to edit an existing item's attributes", - "privilege": "PartiQLUpdate", + "access_level": "List", + "description": "Grants permission to list all the training options or topic for creating/training a model", + "privilege": "ListTrainingTopics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, - { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys", - "dynamodb:ReturnValues" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to purchases reserved capacity for use with your account", - "privilege": "PurchaseReservedCapacityOfferings", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new item, or replace an old item with a new item", - "privilege": "PutItem", - "resource_types": [ + "resource_type": "composition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "model" }, { "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues" + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -69741,27 +71483,24 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", - "privilege": "Query", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "composition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" + "resource_type": "model" }, { "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues", - "dynamodb:Select" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -69770,83 +71509,111 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new table from recovery point on AWS Backup", - "privilege": "RestoreTableFromAwsBackup", + "description": "Grants permission to modify the mutable properties associated with a composition", + "privilege": "UpdateComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "composition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new table from an existing backup", - "privilege": "RestoreTableFromBackup", + "description": "Grants permission to to modify the mutable properties associated with a model", + "privilege": "UpdateModel", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dynamodb:BatchWriteItem", - "dynamodb:DeleteItem", - "dynamodb:GetItem", - "dynamodb:PutItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:UpdateItem" - ], - "resource_type": "backup*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "model*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:model/${ModelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model" }, { - "access_level": "Write", - "description": "Grants permission to restore a table to a point in time", - "privilege": "RestoreTableToPointInTime", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "dynamodb:BatchWriteItem", - "dynamodb:DeleteItem", - "dynamodb:GetItem", - "dynamodb:PutItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:UpdateItem" - ], - "resource_type": "table*" + "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:composition/${CompositionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "composition" + }, + { + "arn": "arn:${Partition}:deepcomposer:${Region}:${Account}:audio/${AudioId}", + "condition_keys": [], + "resource": "audio" + } + ], + "service_name": "AWS DeepComposer" + }, + { + "conditions": [], + "prefix": "deeplens", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Associates the user's account with IAM roles controlling various permissions needed by AWS DeepLens for proper functionality.", + "privilege": "AssociateServiceRoleToAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", - "privilege": "Scan", + "description": "Retrieves a list of AWS DeepLens devices.", + "privilege": "BatchGetDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "device*" + } + ] + }, + { + "access_level": "Read", + "description": "Retrieves a list of AWS DeepLens Models.", + "privilege": "BatchGetModel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" - }, + "resource_type": "model*" + } + ] + }, + { + "access_level": "Read", + "description": "Retrieves a list of AWS DeepLens Projects.", + "privilege": "BatchGetProject", + "resource_types": [ { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues", - "dynamodb:Select" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Creates a certificate package that is used to successfully authenticate and Register an AWS DeepLens device.", + "privilege": "CreateDeviceCertificates", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -69854,267 +71621,301 @@ }, { "access_level": "Write", - "description": "Grants permission to create a backup on AWS Backup with advanced features enabled", - "privilege": "StartAwsBackupJob", + "description": "Creates a new AWS DeepLens Model.", + "privilege": "CreateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate a set of tags with an Amazon DynamoDB resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Creates a new AWS DeepLens Project.", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the association of tags from an Amazon DynamoDB resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Deletes an AWS DeepLens Model.", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "model*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable or disable continuous backups", - "privilege": "UpdateContinuousBackups", + "description": "Deletes an AWS DeepLens Project.", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status for contributor insights for a specific table or global secondary index", - "privilege": "UpdateContributorInsights", + "description": "Deploys an AWS DeepLens project to a registered AWS DeepLens device.", + "privilege": "DeployProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "device*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or remove replicas in the specified global table", - "privilege": "UpdateGlobalTable", + "description": "Begins a device de-registration workflow for a registered AWS DeepLens device.", + "privilege": "DeregisterDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" - }, + "resource_type": "device*" + } + ] + }, + { + "access_level": "Read", + "description": "Retrieves the account level resources associated with the user's account.", + "privilege": "GetAssociatedResources", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update settings of the specified global table", - "privilege": "UpdateGlobalTableSettings", + "access_level": "Read", + "description": "Retrieves the the deployment status of a particular AWS DeepLens device, along with any associated metadata.", + "privilege": "GetDeploymentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Retrieves information about an AWS DeepLens device.", + "privilege": "GetDevice", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "device*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update version of the specified global table", - "privilege": "UpdateGlobalTableVersion", + "access_level": "Read", + "description": "Retrieves an AWS DeepLens Model.", + "privilege": "GetModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-table*" - }, + "resource_type": "model*" + } + ] + }, + { + "access_level": "Read", + "description": "Retrieves an AWS DeepLens Project.", + "privilege": "GetProject", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", - "privilege": "UpdateItem", + "description": "Creates a new AWS DeepLens project from a sample project template.", + "privilege": "ImportProjectFromTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Retrieves a list of AWS DeepLens Deployment identifiers.", + "privilege": "ListDeployments", + "resource_types": [ { - "condition_keys": [ - "dynamodb:Attributes", - "dynamodb:EnclosingOperation", - "dynamodb:LeadingKeys", - "dynamodb:ReturnConsumedCapacity", - "dynamodb:ReturnValues" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table", - "privilege": "UpdateTable", + "access_level": "List", + "description": "Retrieves a list of AWS DeepLens device identifiers.", + "privilege": "ListDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update auto scaling settings on your replica table", - "privilege": "UpdateTableReplicaAutoScaling", + "access_level": "List", + "description": "Retrieves a list of AWS DeepLens Model identifiers.", + "privilege": "ListModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable TTL for the specified table", - "privilege": "UpdateTimeToLive", + "access_level": "List", + "description": "Retrieves a list of AWS DeepLens Project identifiers.", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/index/${IndexName}", - "condition_keys": [], - "resource": "index" }, { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/stream/${StreamLabel}", - "condition_keys": [], - "resource": "stream" + "access_level": "Write", + "description": "Begins a device registration workflow for an AWS DeepLens device.", + "privilege": "RegisterDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}", - "condition_keys": [], - "resource": "table" + "access_level": "Write", + "description": "Removes a deployed AWS DeepLens project from an AWS DeepLens device.", + "privilege": "RemoveProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] }, { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/backup/${BackupName}", - "condition_keys": [], - "resource": "backup" - }, + "access_level": "Write", + "description": "Updates an existing AWS DeepLens Project.", + "privilege": "UpdateProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + } + ], + "resources": [ { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/export/${ExportName}", + "arn": "arn:${Partition}:deeplens:${Region}:${Account}:device/${DeviceName}", "condition_keys": [], - "resource": "export" + "resource": "device" }, { - "arn": "arn:${Partition}:dynamodb::${Account}:global-table/${GlobalTableName}", + "arn": "arn:${Partition}:deeplens:${Region}:${Account}:project/${ProjectName}", "condition_keys": [], - "resource": "global-table" + "resource": "project" }, { - "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/import/${ImportName}", + "arn": "arn:${Partition}:deeplens:${Region}:${Account}:model/${ModelName}", "condition_keys": [], - "resource": "import" + "resource": "model" } ], - "service_name": "Amazon DynamoDB" + "service_name": "AWS DeepLens" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", + "description": "Filters actions by tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", + "description": "Filters actions by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", + "description": "Filters actions by tag keys in the request", "type": "ArrayOfString" }, { - "condition": "ebs:Description", - "description": "Filters access by the description of the snapshot being created", - "type": "String" + "condition": "deepracer:MultiUser", + "description": "Filters access by multiuser flag", + "type": "Bool" }, { - "condition": "ebs:ParentSnapshot", - "description": "Filters access by the ID of the parent snapshot", + "condition": "deepracer:UserToken", + "description": "Filters access by user token in the request", "type": "String" - }, - { - "condition": "ebs:VolumeSize", - "description": "Filters access by the size of the volume for the snapshot being created, in GiB", - "type": "Numeric" } ], - "prefix": "ebs", + "prefix": "deepracer", "privileges": [ { "access_level": "Write", - "description": "Grants permission to seal and complete the snapshot after all of the required blocks of data have been written to it", - "privilege": "CompleteSnapshot", + "description": "Grants permission to add access for a private leaderboard", + "privilege": "AddLeaderboardAccessPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "leaderboard*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70123,18 +71924,23 @@ }, { "access_level": "Read", - "description": "Grants permission to return the data of a block in an Amazon Elastic Block Store (EBS) snapshot", - "privilege": "GetSnapshotBlock", + "description": "Grants permission to get current admin multiuser configuration for this account", + "privilege": "AdminGetAccountConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all deepracer users with their associated resources created under this account", + "privilege": "AdminListAssociatedResources", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -70142,17 +71948,61 @@ }, { "access_level": "Read", - "description": "Grants permission to list the blocks that are different between two Amazon Elastic Block Store (EBS) snapshots of the same volume/snapshot lineage", - "privilege": "ListChangedBlocks", + "description": "Grants permission to list user data for all users associated with this account", + "privilege": "AdminListAssociatedUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to manage a user associated with this account", + "privilege": "AdminManageUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set configuration options for this account", + "privilege": "AdminSetAccountConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to clone an existing DeepRacer model", + "privilege": "CloneReinforcementLearningModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "track*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70160,18 +72010,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot", - "privilege": "ListSnapshotBlocks", + "access_level": "Write", + "description": "Grants permission to create a DeepRacer car in your garage", + "privilege": "CreateCar", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], "dependent_actions": [], - "resource_type": "snapshot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a leaderboard", + "privilege": "CreateLeaderboard", + "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70180,17 +72045,18 @@ }, { "access_level": "Write", - "description": "Grants permission to write a block of data to a snapshot created by the StartSnapshot operation", - "privilege": "PutSnapshotBlock", + "description": "Grants permission to create an access token for a private leaderboard", + "privilege": "CreateLeaderboardAccessToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "leaderboard*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70199,616 +72065,577 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new EBS snapshot", - "privilege": "StartSnapshot", + "description": "Grants permission to submit a DeepRacer model to be evaluated for leaderboards", + "privilege": "CreateLeaderboardSubmission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "leaderboard*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", "aws:TagKeys", - "ebs:Description", - "ebs:ParentSnapshot", - "ebs:VolumeSize" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ebs:Description", - "ebs:ParentSnapshot", - "ebs:VolumeSize" - ], - "resource": "snapshot" - } - ], - "service_name": "Amazon Elastic Block Store" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to create ra einforcement learning model for DeepRacer", + "privilege": "CreateReinforcementLearningModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "track*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" + "access_level": "Write", + "description": "Grants permission to delete a leaderboard", + "privilege": "DeleteLeaderboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AccepterVpc", - "description": "Filters access by the ARN of an accepter VPC in a VPC peering connection", - "type": "ARN" + "access_level": "Write", + "description": "Grants permission to delete a DeepRacer model", + "privilege": "DeleteModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:Add/group", - "description": "Filters access by the group being added to a snapshot", - "type": "String" + "access_level": "Write", + "description": "Grants permission to edit a leaderboard", + "privilege": "EditLeaderboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:Add/userId", - "description": "Filters access by the account id being added to a snapshot", - "type": "String" + "access_level": "Read", + "description": "Grants permission to get current multiuser configuration for this account", + "privilege": "GetAccountConfig", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AllocationId", - "description": "Filters access by the allocation ID of the Elastic IP address", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve the user's alias for submitting a DeepRacer model to leaderboards", + "privilege": "GetAlias", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AssociatePublicIpAddress", - "description": "Filters access by whether the user wants to associate a public IP address with the instance", - "type": "Bool" + "access_level": "Read", + "description": "Grants permission to download artifacts for an existing DeepRacer model", + "privilege": "GetAssetUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:Attribute", - "description": "Filters access by an attribute of a resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve a specific DeepRacer car from your garage", + "privilege": "GetCar", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "car*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:Attribute/${AttributeName}", - "description": "Filters access by an attribute being set on a resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to view all the DeepRacer cars in your garage", + "privilege": "GetCars", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AuthenticationType", - "description": "Filters access by the authentication type for the VPN tunnel endpoints", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve information about an existing DeepRacer model's evaluation jobs", + "privilege": "GetEvaluation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation_job*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AuthorizedService", - "description": "Filters access by the AWS service that has permission to use a resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve information about how the latest submitted DeepRacer model for a user performed on a leaderboard", + "privilege": "GetLatestUserSubmission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AuthorizedUser", - "description": "Filters access by an IAM principal that has permission to use a resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve information about leaderboards", + "privilege": "GetLeaderboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AutoPlacement", - "description": "Filters access by the Auto Placement properties of a Dedicated Host", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve information about an existing DeepRacer model", + "privilege": "GetModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:AvailabilityZone", - "description": "Filters access by the name of an Availability Zone in an AWS Region", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve information about private leaderboards", + "privilege": "GetPrivateLeaderboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:CapacityReservationFleet", - "description": "Filters access by the ARN of the Capacity Reservation Fleet", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to retrieve information about the performance of a user's DeepRacer model that got placed on a leaderboard", + "privilege": "GetRankedUserSubmission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:ClientRootCertificateChainArn", - "description": "Filters access by the ARN of the client root certificate chain", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to retrieve information about DeepRacer tracks", + "privilege": "GetTrack", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "track*" + } + ] }, { - "condition": "ec2:CloudwatchLogGroupArn", - "description": "Filters access by the ARN of the CloudWatch Logs log group", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to retrieve information about an existing DeepRacer model's training job", + "privilege": "GetTrainingJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "training_job*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:CloudwatchLogStreamArn", - "description": "Filters access by the ARN of the CloudWatch Logs log stream", - "type": "ARN" + "access_level": "Write", + "description": "Grants permission to import a reinforcement learning model for DeepRacer", + "privilege": "ImportModel", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" + "access_level": "Read", + "description": "Grants permission to list a DeepRacer model's evaluation jobs", + "privilege": "ListEvaluations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:DPDTimeoutSeconds", - "description": "Filters access by the duration after which DPD timeout occurs on a VPN tunnel", - "type": "Numeric" + "access_level": "Read", + "description": "Grants permission to list all the user's leaderboard evaluation jobs for a leaderboard", + "privilege": "ListLeaderboardEvaluations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:DhcpOptionsID", - "description": "Filters access by the ID of a dynamic host configuration protocol (DHCP) options set", - "type": "String" + "access_level": "Read", + "description": "Grants permission to list all the DeepRacer model submissions of a user on a leaderboard", + "privilege": "ListLeaderboardSubmissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:DirectoryArn", - "description": "Filters access by the ARN of the directory", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to list all the available leaderboards", + "privilege": "ListLeaderboards", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:Domain", - "description": "Filters access by the domain of the Elastic IP address", - "type": "String" + "access_level": "Read", + "description": "Grants permission to list all existing DeepRacer models", + "privilege": "ListModels", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:EbsOptimized", - "description": "Filters access by whether the instance is enabled for EBS optimization", - "type": "Bool" + "access_level": "Read", + "description": "Grants permission to retrieve participant information about private leaderboards", + "privilege": "ListPrivateLeaderboardParticipants", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard*" + }, + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:ElasticGpuType", - "description": "Filters access by the type of Elastic Graphics accelerator", - "type": "String" + "access_level": "Read", + "description": "Grants permission to list all the available private leaderboards", + "privilege": "ListPrivateLeaderboards", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:Encrypted", - "description": "Filters access by whether the EBS volume is encrypted", - "type": "Bool" + "access_level": "Read", + "description": "Grants permission to list all the subscribed private leaderboards", + "privilege": "ListSubscribedPrivateLeaderboards", + "resource_types": [ + { + "condition_keys": [ + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:GatewayType", - "description": "Filters access by the gateway type for a VPN endpoint on the AWS side of a VPN connection", - "type": "String" + "access_level": "Read", + "description": "Grants permission to lists tag for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "car" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation_job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard_evaluation_job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "training_job" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "deepracer:UserToken", + "deepracer:MultiUser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:HostRecovery", - "description": "Filters access by whether host recovery is enabled for a Dedicated Host", - "type": "String" + "access_level": "Read", + "description": "Grants permission to list all DeepRacer tracks", + "privilege": "ListTracks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2:IKEVersions", - "description": "Filters access by the internet key exchange (IKE) versions that are permitted for a VPN tunnel", - "type": "ArrayOfString" - }, - { - "condition": "ec2:ImageID", - "description": "Filters access by the ID of an image", - "type": "String" - }, - { - "condition": "ec2:ImageType", - "description": "Filters access by the type of image (machine, aki, or ari)", - "type": "String" - }, - { - "condition": "ec2:InsideTunnelCidr", - "description": "Filters access by the range of inside IP addresses for a VPN tunnel", - "type": "String" - }, - { - "condition": "ec2:InsideTunnelIpv6Cidr", - "description": "Filters access by a range of inside IPv6 addresses for a VPN tunnel", - "type": "String" - }, - { - "condition": "ec2:InstanceAutoRecovery", - "description": "Filters access by whether the instance type supports auto recovery", - "type": "String" - }, - { - "condition": "ec2:InstanceID", - "description": "Filters access by the ID of an instance", - "type": "String" - }, - { - "condition": "ec2:InstanceMarketType", - "description": "Filters access by the market or purchasing option of an instance (on-demand or spot)", - "type": "String" - }, - { - "condition": "ec2:InstanceMetadataTags", - "description": "Filters access by whether the instance allows access to instance tags from the instance metadata", - "type": "String" - }, - { - "condition": "ec2:InstanceProfile", - "description": "Filters access by the ARN of an instance profile", - "type": "ARN" - }, - { - "condition": "ec2:InstanceType", - "description": "Filters access by the type of instance", - "type": "String" - }, - { - "condition": "ec2:InternetGatewayID", - "description": "Filters access by the ID of an internet gateway", - "type": "String" - }, - { - "condition": "ec2:Ipv4IpamPoolId", - "description": "Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation", - "type": "String" - }, - { - "condition": "ec2:Ipv6IpamPoolId", - "description": "Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation", - "type": "String" - }, - { - "condition": "ec2:IsLaunchTemplateResource", - "description": "Filters access by whether users are able to override resources that are specified in the launch template", - "type": "Bool" - }, - { - "condition": "ec2:KeyPairName", - "description": "Filters access by the name of a key pair", - "type": "String" - }, - { - "condition": "ec2:KeyPairType", - "description": "Filters access by the type of a key pair", - "type": "String" - }, - { - "condition": "ec2:KmsKeyId", - "description": "Filters access by the ID of an AWS KMS key", - "type": "String" - }, - { - "condition": "ec2:LaunchTemplate", - "description": "Filters access by the ARN of a launch template", - "type": "ARN" - }, - { - "condition": "ec2:MetadataHttpEndpoint", - "description": "Filters access by whether the HTTP endpoint is enabled for the instance metadata service", - "type": "String" - }, - { - "condition": "ec2:MetadataHttpPutResponseHopLimit", - "description": "Filters access by the allowed number of hops when calling the instance metadata service", - "type": "Numeric" - }, - { - "condition": "ec2:MetadataHttpTokens", - "description": "Filters access by whether tokens are required when calling the instance metadata service (optional or required)", - "type": "String" - }, - { - "condition": "ec2:NetworkAclID", - "description": "Filters access by the ID of a network access control list (ACL)", - "type": "String" - }, - { - "condition": "ec2:NetworkInterfaceID", - "description": "Filters access by the ID of an elastic network interface", - "type": "String" - }, - { - "condition": "ec2:NewInstanceProfile", - "description": "Filters access by the ARN of the instance profile being attached", - "type": "ARN" - }, - { - "condition": "ec2:OutpostArn", - "description": "Filters access by the ARN of the Outpost", - "type": "ARN" - }, - { - "condition": "ec2:Owner", - "description": "Filters access by the owner of the resource (amazon, aws-marketplace, or an AWS account ID)", - "type": "String" - }, - { - "condition": "ec2:ParentSnapshot", - "description": "Filters access by the ARN of the parent snapshot", - "type": "ARN" - }, - { - "condition": "ec2:ParentVolume", - "description": "Filters access by the ARN of the parent volume from which the snapshot was created", - "type": "ARN" - }, - { - "condition": "ec2:Permission", - "description": "Filters access by the type of permission for a resource (INSTANCE-ATTACH or EIP-ASSOCIATE)", - "type": "String" - }, - { - "condition": "ec2:Phase1DHGroup", - "description": "Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 1 IKE negotiations", - "type": "ArrayOfString" - }, - { - "condition": "ec2:Phase1EncryptionAlgorithms", - "description": "Filters access by the encryption algorithms that are permitted for a VPN tunnel for the phase 1 IKE negotiations", - "type": "ArrayOfString" - }, - { - "condition": "ec2:Phase1IntegrityAlgorithms", - "description": "Filters access by the integrity algorithms that are permitted for a VPN tunnel for the phase 1 IKE negotiations", - "type": "ArrayOfString" - }, - { - "condition": "ec2:Phase1LifetimeSeconds", - "description": "Filters access by the lifetime in seconds for phase 1 of the IKE negotiations for a VPN tunnel", - "type": "Numeric" - }, - { - "condition": "ec2:Phase2DHGroup", - "description": "Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 2 IKE negotiations", - "type": "ArrayOfString" - }, - { - "condition": "ec2:Phase2EncryptionAlgorithms", - "description": "Filters access by the encryption algorithms that are permitted for a VPN tunnel for the phase 2 IKE negotiations", - "type": "ArrayOfString" - }, - { - "condition": "ec2:Phase2IntegrityAlgorithms", - "description": "Filters access by the integrity algorithms that are permitted for a VPN tunnel for the phase 2 IKE negotiations", - "type": "ArrayOfString" - }, - { - "condition": "ec2:Phase2LifetimeSeconds", - "description": "Filters access by the lifetime in seconds for phase 2 of the IKE negotiations for a VPN tunnel", - "type": "Numeric" - }, - { - "condition": "ec2:PlacementGroup", - "description": "Filters access by the ARN of the placement group", - "type": "ARN" - }, - { - "condition": "ec2:PlacementGroupName", - "description": "Filters access by the name of a placement group", - "type": "String" - }, - { - "condition": "ec2:PlacementGroupStrategy", - "description": "Filters access by the instance placement strategy used by the placement group (cluster, spread, or partition)", - "type": "String" - }, - { - "condition": "ec2:PreSharedKeys", - "description": "Filters access by the pre-shared key (PSK) used to establish the initial IKE security association between a virtual private gateway and a customer gateway", - "type": "String" - }, - { - "condition": "ec2:ProductCode", - "description": "Filters access by the product code that is associated with the AMI", - "type": "String" - }, - { - "condition": "ec2:Public", - "description": "Filters access by whether the image has public launch permissions", - "type": "Bool" - }, - { - "condition": "ec2:PublicIpAddress", - "description": "Filters access by a public IP address", - "type": "String" - }, - { - "condition": "ec2:Quantity", - "description": "Filters access by the number of Dedicated Hosts in a request", - "type": "Numeric" - }, - { - "condition": "ec2:Region", - "description": "Filters access by the name of the AWS Region", - "type": "String" - }, - { - "condition": "ec2:RekeyFuzzPercentage", - "description": "Filters access by the percentage of increase of the rekey window (determined by the rekey margin time) within which the rekey time is randomly selected for a VPN tunnel", - "type": "Numeric" - }, - { - "condition": "ec2:RekeyMarginTimeSeconds", - "description": "Filters access by the margin time before the phase 2 lifetime expires for a VPN tunnel", - "type": "Numeric" - }, - { - "condition": "ec2:Remove/group", - "description": "Filters access by the group being removed from a snapshot", - "type": "String" - }, - { - "condition": "ec2:Remove/userId", - "description": "Filters access by the account id being removed from a snapshot", - "type": "String" - }, - { - "condition": "ec2:ReplayWindowSizePackets", - "description": "Filters access by the number of packets in an IKE replay window", - "type": "String" - }, - { - "condition": "ec2:RequesterVpc", - "description": "Filters access by the ARN of a requester VPC in a VPC peering connection", - "type": "ARN" - }, - { - "condition": "ec2:ReservedInstancesOfferingType", - "description": "Filters access by the payment option of the Reserved Instance offering (No Upfront, Partial Upfront, or All Upfront)", - "type": "String" - }, - { - "condition": "ec2:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "ec2:RoleDelivery", - "description": "Filters access by the version of the instance metadata service for retrieving IAM role credentials for EC2", - "type": "Numeric" - }, - { - "condition": "ec2:RootDeviceType", - "description": "Filters access by the root device type of the instance (ebs or instance-store)", - "type": "String" - }, - { - "condition": "ec2:RouteTableID", - "description": "Filters access by the ID of a route table", - "type": "String" - }, - { - "condition": "ec2:RoutingType", - "description": "Filters access by the routing type for the VPN connection", - "type": "String" - }, - { - "condition": "ec2:SamlProviderArn", - "description": "Filters access by the ARN of the IAM SAML identity provider", - "type": "ARN" - }, - { - "condition": "ec2:SecurityGroupID", - "description": "Filters access by the ID of a security group", - "type": "String" - }, - { - "condition": "ec2:ServerCertificateArn", - "description": "Filters access by the ARN of the server certificate", - "type": "ARN" - }, - { - "condition": "ec2:SnapshotID", - "description": "Filters access by the ID of a snapshot", - "type": "String" - }, - { - "condition": "ec2:SnapshotTime", - "description": "Filters access by the initiation time of a snapshot", - "type": "String" - }, - { - "condition": "ec2:SourceInstanceARN", - "description": "Filters access by the ARN of the instance from which the request originated", - "type": "ARN" - }, - { - "condition": "ec2:SourceOutpostArn", - "description": "Filters access by the ARN of the Outpost from which the request originated", - "type": "ARN" - }, - { - "condition": "ec2:Subnet", - "description": "Filters access by the ARN of the subnet", - "type": "ARN" - }, - { - "condition": "ec2:SubnetID", - "description": "Filters access by the ID of a subnet", - "type": "String" - }, - { - "condition": "ec2:Tenancy", - "description": "Filters access by the tenancy of the VPC or instance (default, dedicated, or host)", - "type": "String" - }, - { - "condition": "ec2:VolumeID", - "description": "Filters access by the ID of a volume", - "type": "String" - }, - { - "condition": "ec2:VolumeIops", - "description": "Filters access by the the number of input/output operations per second (IOPS) provisioned for the volume", - "type": "Numeric" - }, - { - "condition": "ec2:VolumeSize", - "description": "Filters access by the size of the volume, in GiB", - "type": "Numeric" - }, - { - "condition": "ec2:VolumeThroughput", - "description": "Filters access by the throughput of the volume, in MiBps", - "type": "Numeric" - }, - { - "condition": "ec2:VolumeType", - "description": "Filters access by the type of volume (gp2, gp3, io1, io2, st1, sc1, or standard)", - "type": "String" - }, - { - "condition": "ec2:Vpc", - "description": "Filters access by the ARN of the VPC", - "type": "ARN" - }, - { - "condition": "ec2:VpcID", - "description": "Filters access by the ID of a virtual private cloud (VPC)", - "type": "String" - }, - { - "condition": "ec2:VpcPeeringConnectionID", - "description": "Filters access by the ID of a VPC peering connection", - "type": "String" - }, - { - "condition": "ec2:VpceServiceName", - "description": "Filters access by the name of the VPC endpoint service", - "type": "String" - }, - { - "condition": "ec2:VpceServiceOwner", - "description": "Filters access by the service owner of the VPC endpoint service (amazon, aws-marketplace, or an AWS account ID)", - "type": "String" - }, - { - "condition": "ec2:VpceServicePrivateDnsName", - "description": "Filters access by the private DNS name of the VPC endpoint service", - "type": "String" - } - ], - "prefix": "ec2", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to accept an Elastic IP address transfer", - "privilege": "AcceptAddressTransfer", + "access_level": "Read", + "description": "Grants permission to list a DeepRacer model's training jobs", + "privilege": "ListTrainingJobs", "resource_types": [ { - "condition_keys": [ - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "elastic-ip*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70817,13 +72644,11 @@ }, { "access_level": "Write", - "description": "Grants permission to accept a Convertible Reserved Instance exchange quote", - "privilege": "AcceptReservedInstancesExchangeQuote", + "description": "Grants permission to migrate previous reinforcement learning models for DeepRacer", + "privilege": "MigrateModels", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -70831,28 +72656,18 @@ }, { "access_level": "Write", - "description": "Grants permission to accept a request to associate subnets with a transit gateway multicast domain", - "privilege": "AcceptTransitGatewayMulticastDomainAssociations", + "description": "Grants permission to performs the leaderboard operation mentioned in the operation attribute", + "privilege": "PerformLeaderboardOperation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" + "resource_type": "leaderboard" }, { "condition_keys": [ - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70861,20 +72676,18 @@ }, { "access_level": "Write", - "description": "Grants permission to accept a transit gateway peering attachment request", - "privilege": "AcceptTransitGatewayPeeringAttachment", + "description": "Grants permission to remove access for a private leaderboard", + "privilege": "RemoveLeaderboardAccessPermission", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" + "resource_type": "leaderboard*" }, { "condition_keys": [ - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70883,20 +72696,13 @@ }, { "access_level": "Write", - "description": "Grants permission to accept a request to attach a VPC to a transit gateway", - "privilege": "AcceptTransitGatewayVpcAttachment", + "description": "Grants permission to set the user's alias for submitting a DeepRacer model to leaderboards", + "privilege": "SetAlias", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70905,20 +72711,25 @@ }, { "access_level": "Write", - "description": "Grants permission to accept one or more interface VPC endpoint connections to your VPC endpoint service", - "privilege": "AcceptVpcEndpointConnections", + "description": "Grants permission to evaluate a DeepRacer model in a simulated environment", + "privilege": "StartEvaluation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" + "resource_type": "reinforcement_learning_model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "track*" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70927,33 +72738,18 @@ }, { "access_level": "Write", - "description": "Grants permission to accept a VPC peering connection request", - "privilege": "AcceptVpcPeeringConnection", + "description": "Grants permission to stop DeepRacer model evaluations", + "privilege": "StopEvaluation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-peering-connection*" + "resource_type": "evaluation_job*" }, { "condition_keys": [ - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70962,12 +72758,18 @@ }, { "access_level": "Write", - "description": "Grants permission to advertise an IP address range that is provisioned for use in AWS through bring your own IP addresses (BYOIP)", - "privilege": "AdvertiseByoipCidr", + "description": "Grants permission to stop training a DeepRacer model", + "privilege": "StopTrainingReinforcementLearningModel", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model*" + }, { "condition_keys": [ - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -70975,30 +72777,47 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to allocate an Elastic IP address (EIP) to your account", - "privilege": "AllocateAddress", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "elastic-ip*" + "dependent_actions": [], + "resource_type": "car" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipv4pool-ec2" + "resource_type": "evaluation_job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "leaderboard_evaluation_job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reinforcement_learning_model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "training_job" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys", - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -71007,95 +72826,56 @@ }, { "access_level": "Write", - "description": "Grants permission to allocate a Dedicated Host to your account", - "privilege": "AllocateHosts", + "description": "Grants permission to test reward functions for correctness", + "privilege": "TestRewardFunction", "resource_types": [ { - "condition_keys": [ - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "dedicated-host*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "AllocateIpamPoolCidr", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "car" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to apply a security group to the association between a Client VPN endpoint and a target network", - "privilege": "ApplySecurityGroupsToClientVpnTargetNetwork", - "resource_types": [ + "resource_type": "evaluation_job" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "leaderboard" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group*" + "resource_type": "leaderboard_evaluation_job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" + "resource_type": "reinforcement_learning_model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "training_job" }, { "condition_keys": [ - "ec2:Region" + "aws:TagKeys", + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" @@ -71104,73 +72884,127 @@ }, { "access_level": "Write", - "description": "Grants permission to assign one or more IPv6 addresses to a network interface", - "privilege": "AssignIpv6Addresses", + "description": "Grants permission to update a DeepRacer car in your garage", + "privilege": "UpdateCar", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "car*" }, { "condition_keys": [ - "ec2:Region" + "deepracer:UserToken", + "deepracer:MultiUser" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:car/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "car" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:evaluation_job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "evaluation_job" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}::leaderboard/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "leaderboard" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:leaderboard_evaluation_job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "leaderboard_evaluation_job" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:model/reinforcement_learning/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "reinforcement_learning_model" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}::track/${ResourceId}", + "condition_keys": [], + "resource": "track" + }, + { + "arn": "arn:${Partition}:deepracer:${Region}:${Account}:training_job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "training_job" + } + ], + "service_name": "AWS DeepRacer" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by specifying the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by specifying the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by specifying the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "detective", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to assign one or more secondary private IP addresses to a network interface", - "privilege": "AssignPrivateIpAddresses", + "description": "Grants permission to accept an invitation to become a member of a behavior graph", + "privilege": "AcceptInvitation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to assign one or more secondary private IP addresses to a private NAT gateway", - "privilege": "AssignPrivateNatGatewayAddress", + "access_level": "Read", + "description": "Grants permission to retrieve the datasource package history for the specified member accounts in a behavior graph managed by this account", + "privilege": "BatchGetGraphMemberDatasources", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "natgateway*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the datasource package history of the caller account for the specified graphs", + "privilege": "BatchGetMembershipDatasources", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -71178,215 +73012,93 @@ }, { "access_level": "Write", - "description": "Grants permission to associate an Elastic IP address (EIP) with an instance or a network interface", - "privilege": "AssociateAddress", + "description": "Grants permission to create a behavior graph and begin to aggregate security information", + "privilege": "CreateGraph", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "elastic-ip" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "detective:TagResource" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a target network with a Client VPN endpoint", - "privilege": "AssociateClientVpnTargetNetwork", + "description": "Grants permission to request the membership of one or more accounts in a behavior graph managed by this account", + "privilege": "CreateMembers", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" - ], - "dependent_actions": [], - "resource_type": "subnet*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate or disassociate a set of DHCP options with a VPC", - "privilege": "AssociateDhcpOptions", + "description": "Grants permission to delete a behavior graph and stop aggregating security information", + "privilege": "DeleteGraph", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:DhcpOptionsID", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "dhcp-options*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an ACM certificate with an IAM role to be used in an EC2 Enclave", - "privilege": "AssociateEnclaveCertificateIamRole", + "description": "Grants permission to remove member accounts from a behavior graph managed by this account", + "privilege": "DeleteMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "certificate*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the current configuration related to the Amazon Detective integration with AWS Organizations", + "privilege": "DescribeOrganizationConfiguration", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "organizations:DescribeOrganization" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate an IAM instance profile with a running or stopped instance", - "privilege": "AssociateIamInstanceProfile", + "description": "Grants permission to remove the Amazon Detective delegated administrator account for an organization", + "privilege": "DisableOrganizationAdminAccount", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:NewInstanceProfile", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" + "organizations:DescribeOrganization" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate one or more targets with an event window", - "privilege": "AssociateInstanceEventWindow", + "description": "Grants permission to remove the association of this account with a behavior graph", + "privilege": "DisassociateMembership", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -71394,248 +73106,216 @@ }, { "access_level": "Write", - "description": "Grants permission to associate an IPAM resource discovery with an Amazon VPC IPAM", - "privilege": "AssociateIpamResourceDiscovery", + "description": "Grants permission to designate the Amazon Detective delegated administrator account for an organization", + "privilege": "EnableOrganizationAdminAccount", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "ipam*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganization", + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator" ], - "dependent_actions": [], - "resource_type": "ipam-resource-discovery*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a behavior graph's eligibility for a free trial period", + "privilege": "GetFreeTrialEligibility", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-resource-discovery-association*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the data ingestion state of a behavior graph", + "privilege": "GetGraphIngestState", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an Elastic IP address and private IP address with a public Nat gateway", - "privilege": "AssociateNatGatewayAddress", + "access_level": "Read", + "description": "Grants permission to get an investigation's status and metadata", + "privilege": "GetInvestigation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "elastic-ip*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details on specified members of a behavior graph", + "privilege": "GetMembers", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "natgateway*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about Amazon Detective's pricing", + "privilege": "GetPricingInformation", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a subnet or gateway with a route table", - "privilege": "AssociateRouteTable", + "access_level": "Read", + "description": "Grants permission to list usage information of a behavior graph", + "privilege": "GetUsageInformation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "route-table*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "internet-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpn-gateway" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to invoke Detective's Assistant", + "privilege": "InvokeAssistant", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a CIDR block with a subnet", - "privilege": "AssociateSubnetCidrBlock", + "access_level": "List", + "description": "Grants permission to list a graph's datasource package ingest states and timestamps for the most recent state changes in a behavior graph managed by this account", + "privilege": "ListDatasourcePackages", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list behavior graphs managed by this account", + "privilege": "ListGraphs", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an attachment and list of subnets with a transit gateway multicast domain", - "privilege": "AssociateTransitGatewayMulticastDomain", + "access_level": "List", + "description": "Grants permission to retrieve high volume entities whose relationships cannot be stored by Detective", + "privilege": "ListHighDegreeEntities", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the indicators of an investigation", + "privilege": "ListIndicators", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the investigations of a behavior graph", + "privilege": "ListInvestigations", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve details on the behavior graphs to which this account has been invited to join", + "privilege": "ListInvitations", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a policy table with a transit gateway attachment", - "privilege": "AssociateTransitGatewayPolicyTable", + "access_level": "List", + "description": "Grants permission to retrieve details on all members of a behavior graph", + "privilege": "ListMembers", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-policy-table*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the current Amazon Detective delegated administrator account for an organization", + "privilege": "ListOrganizationAdminAccount", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an attachment with a transit gateway route table", - "privilege": "AssociateTransitGatewayRouteTable", + "access_level": "List", + "description": "Grants permission to list the tag values that are assigned to a behavior graph", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "Graph*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -71644,130 +73324,67 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a branch network interface with a trunk network interface", - "privilege": "AssociateTrunkInterface", + "description": "Grants permission to reject an invitation to become a member of a behavior graph", + "privilege": "RejectInvitation", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an AWS Web Application Firewall (WAF) web access control list (ACL) with a Verified Access instance", - "privilege": "AssociateVerifiedAccessInstanceWebAcl", + "access_level": "Read", + "description": "Grants permission to search the data stored in a behavior graph", + "privilege": "SearchGraph", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a CIDR block with a VPC", - "privilege": "AssociateVpcCidrBlock", + "description": "Grants permission to start investigations", + "privilege": "StartInvestigation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Ipv4IpamPoolId", - "ec2:Ipv6IpamPoolId", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipv6pool-ec2" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups", - "privilege": "AttachClassicLinkVpc", + "description": "Grants permission to start data ingest for a member account that has a status of ACCEPTED_BUT_DISABLED", + "privilege": "StartMonitoringMember", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group*" - }, + "resource_type": "Graph*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to assign tag values to a behavior graph", + "privilege": "TagResource", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" + "resource_type": "Graph*" }, { "condition_keys": [ - "ec2:Region" + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -71775,32 +73392,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to attach an internet gateway to a VPC", - "privilege": "AttachInternetGateway", + "access_level": "Tagging", + "description": "Grants permission to remove tag values from a behavior graph", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "internet-gateway*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" + "resource_type": "Graph*" }, { "condition_keys": [ - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -71809,189 +73412,93 @@ }, { "access_level": "Write", - "description": "Grants permission to attach a network interface to an instance", - "privilege": "AttachNetworkInterface", + "description": "Grants permission to enable or disable datasource package(s) in a behavior graph managed by this account", + "privilege": "UpdateDatasourcePackages", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a trust provider to a Verified Access instance", - "privilege": "AttachVerifiedAccessTrustProvider", + "description": "Grants permission to update an investigation's state and metadata", + "privilege": "UpdateInvestigationState", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-trust-provider*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach an EBS volume to a running or stopped instance and expose it to the instance with the specified device name", - "privilege": "AttachVolume", + "description": "Grants permission to update the current configuration related to the Amazon Detective integration with AWS Organizations", + "privilege": "UpdateOrganizationConfiguration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "organizations:DescribeOrganization" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Graph*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:detective:${Region}:${Account}:graph:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Graph" + } + ], + "service_name": "Amazon Detective" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value assoicated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "devicefarm", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to attach a virtual private gateway to a VPC", - "privilege": "AttachVpnGateway", + "description": "Grants permission to create a device pool within a project", + "privilege": "CreateDevicePool", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to add an inbound authorization rule to a Client VPN endpoint", - "privilege": "AuthorizeClientVpnIngress", + "description": "Grants permission to create a device instance profile", + "privilege": "CreateInstanceProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -71999,138 +73506,110 @@ }, { "access_level": "Write", - "description": "Grants permission to add one or more outbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications", - "privilege": "AuthorizeSecurityGroupEgress", + "description": "Grants permission to create a network profile within a project", + "privilege": "CreateNetworkProfile", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "security-group*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group-rule" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a project for mobile testing", + "privilege": "CreateProject", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add one or more inbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications", - "privilege": "AuthorizeSecurityGroupIngress", + "description": "Grants permission to start a remote access session to a device instance", + "privilege": "CreateRemoteAccessSession", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "security-group*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group-rule" + "resource_type": "project*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deviceinstance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload" } ] }, { "access_level": "Write", - "description": "Grants permission to bundle an instance store-backed Windows instance", - "privilege": "BundleInstance", + "description": "Grants permission to create a project for desktop testing", + "privilege": "CreateTestGridProject", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a bundling operation", - "privilege": "CancelBundleTask", + "description": "Grants permission to generate a new pre-signed url used to access our test grid service", + "privilege": "CreateTestGridUrl", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "testgrid-project*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a Capacity Reservation and release the reserved capacity", - "privilege": "CancelCapacityReservation", + "description": "Grants permission to upload a new file or app within a project", + "privilege": "CreateUpload", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:CapacityReservationFleet", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel one or more Capacity Reservation Fleets", - "privilege": "CancelCapacityReservationFleets", + "description": "Grants permission to create an Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "CreateVPCEConfiguration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation-fleet*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -72138,1038 +73617,703 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel an active conversion task", - "privilege": "CancelConversionTask", + "description": "Grants permission to delete a user-generated device pool", + "privilege": "DeleteDevicePool", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devicepool*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an active export task", - "privilege": "CancelExportTask", + "description": "Grants permission to delete a user-generated instance profile", + "privilege": "DeleteInstanceProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "export-image-task" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "export-instance-task" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instanceprofile*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove your AWS account from the launch permissions for the specified AMI", - "privilege": "CancelImageLaunchPermission", + "description": "Grants permission to delete a user-generated network profile", + "privilege": "DeleteNetworkProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "networkprofile*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an in-process import virtual machine or import snapshot task", - "privilege": "CancelImportTask", + "description": "Grants permission to delete a mobile testing project", + "privilege": "DeleteProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "import-image-task" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "import-snapshot-task" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a Reserved Instance listing on the Reserved Instance Marketplace", - "privilege": "CancelReservedInstancesListing", + "description": "Grants permission to delete a completed remote access session and its results", + "privilege": "DeleteRemoteAccessSession", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "session*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel one or more Spot Fleet requests", - "privilege": "CancelSpotFleetRequests", + "description": "Grants permission to delete a run", + "privilege": "DeleteRun", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "spot-fleet-request*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel one or more Spot Instance requests", - "privilege": "CancelSpotInstanceRequests", + "description": "Grants permission to delete a desktop testing project", + "privilege": "DeleteTestGridProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "spot-instances-request*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "testgrid-project*" } ] }, { "access_level": "Write", - "description": "Grants permission to determine whether an owned product code is associated with an instance", - "privilege": "ConfirmProductInstance", + "description": "Grants permission to delete a user-uploaded file", + "privilege": "DeleteUpload", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "upload*" } ] }, { "access_level": "Write", - "description": "Grants permission to copy a source Amazon FPGA image (AFI) to the current Region. Resource-level permissions specified for this action apply to the new AFI only. They do not apply to the source AFI", - "privilege": "CopyFpgaImage", + "description": "Grants permission to delete an Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "DeleteVPCEConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Owner" - ], - "dependent_actions": [], - "resource_type": "fpga-image*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vpceconfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy an Amazon Machine Image (AMI) from a source Region to the current Region. Resource-level permissions specified for this action apply to the new AMI only. They do not apply to the source AMI", - "privilege": "CopyImage", + "access_level": "Read", + "description": "Grants permission to retrieve the number of unmetered iOS and/or unmetered Android devices purchased by the account", + "privilege": "GetAccountSettings", "resource_types": [ { - "condition_keys": [ - "ec2:ImageID", - "ec2:Owner" - ], - "dependent_actions": [], - "resource_type": "image*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to the new snapshot only. They do not apply to the source snapshot", - "privilege": "CopySnapshot", + "access_level": "Read", + "description": "Grants permission to retrieve the information of a unique device type", + "privilege": "GetDevice", "resource_types": [ { - "condition_keys": [ - "ec2:OutpostArn", - "ec2:SnapshotID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Capacity Reservation", - "privilege": "CreateCapacityReservation", + "access_level": "Read", + "description": "Grants permission to retireve the information of a device instance", + "privilege": "GetDeviceInstance", "resource_types": [ { - "condition_keys": [ - "ec2:CapacityReservationFleet" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "capacity-reservation*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deviceinstance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Capacity Reservation Fleet", - "privilege": "CreateCapacityReservationFleet", + "access_level": "Read", + "description": "Grants permission to retireve the information of a device pool", + "privilege": "GetDevicePool", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "capacity-reservation-fleet*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "devicepool*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers", - "privilege": "CreateCarrierGateway", + "access_level": "Read", + "description": "Grants permission to retrieve information about the compatibility of a test and/or app with a device pool", + "privilege": "GetDevicePoolCompatibility", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "carrier-gateway*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], "dependent_actions": [], - "resource_type": "vpc*" + "resource_type": "devicepool*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "upload" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Client VPN endpoint", - "privilege": "CreateClientVpnEndpoint", + "access_level": "Read", + "description": "Grants permission to retireve the information of an instance profile", + "privilege": "GetInstanceProfile", "resource_types": [ { - "condition_keys": [ - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "client-vpn-endpoint*" - }, + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instanceprofile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a job", + "privilege": "GetJob", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a network profile", + "privilege": "GetNetworkProfile", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc" - }, + "resource_type": "networkprofile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current status and future status of all offerings purchased by an AWS account", + "privilege": "GetOfferingStatus", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add a network route to a Client VPN endpoint's route table", - "privilege": "CreateClientVpnRoute", + "access_level": "Read", + "description": "Grants permission to retrieve information about a mobile testing project", + "privilege": "GetProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the link to a currently running remote access session", + "privilege": "GetRemoteAccessSession", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet*" - }, + "resource_type": "session*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a run", + "privilege": "GetRun", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a range of customer-owned IP (CoIP) addresses", - "privilege": "CreateCoipCidr", + "access_level": "Read", + "description": "Grants permission to retireve the information of a testing suite", + "privilege": "GetSuite", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "coip-pool*" - }, + "resource_type": "suite*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a test case", + "privilege": "GetTest", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "test*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a pool of customer-owned IP (CoIP) addresses", - "privilege": "CreateCoipPool", + "access_level": "Read", + "description": "Grants permission to retrieve information about a desktop testing project", + "privilege": "GetTestGridProject", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "coip-pool*" - }, + "dependent_actions": [], + "resource_type": "testgrid-project*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of a test grid session", + "privilege": "GetTestGridSession", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "testgrid-project" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "testgrid-session" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of an uploaded file", + "privilege": "GetUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "upload*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retireve the information of an Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "GetVPCEConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpceconfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to allow a service to access a customer-owned IP (CoIP) pool", - "privilege": "CreateCoipPoolPermission", + "description": "Grants permission to install an application to a device in a remote access session", + "privilege": "InstallToRemoteAccessSession", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "coip-pool*" + "resource_type": "session*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "upload*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a customer gateway, which provides information to AWS about your customer gateway device", - "privilege": "CreateCustomerGateway", + "access_level": "List", + "description": "Grants permission to list the artifacts in a project", + "privilege": "ListArtifacts", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "customer-gateway*" + "dependent_actions": [], + "resource_type": "job" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "suite" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a default subnet in a specified Availability Zone in a default VPC", - "privilege": "CreateDefaultSubnet", + "access_level": "List", + "description": "Grants permission to list the information of device instances", + "privilege": "ListDeviceInstances", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a default VPC with a default subnet in each Availability Zone", - "privilege": "CreateDefaultVpc", + "access_level": "List", + "description": "Grants permission to list the information of device pools", + "privilege": "ListDevicePools", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a set of DHCP options for a VPC", - "privilege": "CreateDhcpOptions", + "access_level": "List", + "description": "Grants permission to list the information of unique device types", + "privilege": "ListDevices", "resource_types": [ { - "condition_keys": [ - "ec2:DhcpOptionsID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "dhcp-options*" - }, + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of device instance profiles", + "privilege": "ListInstanceProfiles", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an egress-only internet gateway for a VPC", - "privilege": "CreateEgressOnlyInternetGateway", + "access_level": "List", + "description": "Grants permission to list the information of jobs within a run", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "egress-only-internet-gateway*" - }, + "dependent_actions": [], + "resource_type": "run*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of network profiles within a project", + "privilege": "ListNetworkProfiles", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the offering promotions", + "privilege": "ListOfferingPromotions", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to launch an EC2 Fleet", - "privilege": "CreateFleet", + "access_level": "List", + "description": "Grants permission to list all of the historical purchases, renewals, and system renewal transactions for an AWS account", + "privilege": "ListOfferingTransactions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "fleet*" - }, + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the products or offerings that the user can manage through the API", + "privilege": "ListOfferings", + "resource_types": [ { - "condition_keys": [ - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of mobile testing projects for an AWS account", + "privilege": "ListProjects", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of currently running remote access sessions", + "privilege": "ListRemoteAccessSessions", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:KeyPairType", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "key-pair" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of runs within a project", + "privilege": "ListRuns", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-template" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of samples within a project", + "privilege": "ListSamples", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of testing suites within a job", + "privilege": "ListSuites", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "job*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the tags of a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "deviceinstance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "devicepool" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "instanceprofile" }, { - "condition_keys": [ - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:KmsKeyId", - "ec2:ParentSnapshot", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "volume" + "resource_type": "networkprofile" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create one or more flow logs to capture IP traffic for a network interface", - "privilege": "CreateFlowLogs", - "resource_types": [ + "resource_type": "project" + }, { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags", - "iam:PassRole" - ], - "resource_type": "vpc-flow-log*" + "dependent_actions": [], + "resource_type": "run" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" + "resource_type": "session" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "testgrid-project" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc" + "resource_type": "testgrid-session" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vpceconfiguration" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon FPGA Image (AFI) from a design checkpoint (DCP)", - "privilege": "CreateFpgaImage", + "access_level": "List", + "description": "Grants permission to list the information of desktop testing projects for an AWS account", + "privilege": "ListTestGridProjects", "resource_types": [ { - "condition_keys": [ - "ec2:Owner", - "ec2:Public" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "fpga-image*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance", - "privilege": "CreateImage", + "access_level": "List", + "description": "Grants permission to list the session actions performed during a test grid session", + "privilege": "ListTestGridSessionActions", "resource_types": [ { - "condition_keys": [ - "ec2:ImageID", - "ec2:Owner" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "image*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "testgrid-session*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address", - "privilege": "CreateInstanceConnectEndpoint", + "access_level": "List", + "description": "Grants permission to list the artifacts generated by a test grid session", + "privilege": "ListTestGridSessionArtifacts", "resource_types": [ { - "condition_keys": [ - "ec2:SubnetID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "instance-connect-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "security-group" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "testgrid-session*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an event window in which scheduled events for the associated Amazon EC2 instances can run", - "privilege": "CreateInstanceEventWindow", + "access_level": "List", + "description": "Grants permission to list the sessions within a test grid project", + "privilege": "ListTestGridSessions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "testgrid-project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to export a running or stopped instance to an Amazon S3 bucket", - "privilege": "CreateInstanceExportTask", + "access_level": "List", + "description": "Grants permission to list the information of tests within a testing suite", + "privilege": "ListTests", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "export-instance-task*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "suite*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the information of unique problems within a run", + "privilege": "ListUniqueProblems", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an internet gateway for a VPC", - "privilege": "CreateInternetGateway", + "access_level": "List", + "description": "Grants permission to list the information of uploads within a project", + "privilege": "ListUploads", "resource_types": [ { - "condition_keys": [ - "ec2:InternetGatewayID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "internet-gateway*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM)", - "privilege": "CreateIpam", + "access_level": "List", + "description": "Grants permission to list the information of Amazon Virtual Private Cloud (VPC) endpoint configurations", + "privilege": "ListVPCEConfigurations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "ipam*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], "resource_type": "" } @@ -73177,30 +74321,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs", - "privilege": "CreateIpamPool", + "description": "Grants permission to purchase offerings for an AWS account", + "privilege": "PurchaseOffering", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "ipam-pool*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-scope*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], "resource_type": "" } @@ -73208,23 +74333,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create an IPAM resource discovery", - "privilege": "CreateIpamResourceDiscovery", + "description": "Grants permission to set the quantity of devices to renew for an offering", + "privilege": "RenewOffering", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "ipam-resource-discovery*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], "resource_type": "" } @@ -73232,202 +74345,126 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM", - "privilege": "CreateIpamScope", + "description": "Grants permission to schedule a run", + "privilege": "ScheduleRun", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "ipam*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-scope*" + "resource_type": "devicepool" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "upload" } ] }, { "access_level": "Write", - "description": "Grants permission to create a 2048-bit RSA key pair", - "privilege": "CreateKeyPair", + "description": "Grants permission to terminate a running job", + "privilege": "StopJob", "resource_types": [ { - "condition_keys": [ - "ec2:KeyPairType" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "key-pair*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a launch template", - "privilege": "CreateLaunchTemplate", + "description": "Grants permission to terminate a running remote access session", + "privilege": "StopRemoteAccessSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "launch-template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "session*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new version of a launch template", - "privilege": "CreateLaunchTemplateVersion", + "description": "Grants permission to terminate a running test run", + "privilege": "StopRun", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "launch-template*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a static route for a local gateway route table", - "privilege": "CreateLocalGatewayRoute", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "device" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface-group" + "resource_type": "deviceinstance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" + "resource_type": "devicepool" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "prefix-list" + "resource_type": "instanceprofile" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a local gateway route table", - "privilege": "CreateLocalGatewayRouteTable", - "resource_types": [ + "resource_type": "networkprofile" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "local-gateway*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "run" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to allow a service to access a local gateway route table", - "privilege": "CreateLocalGatewayRouteTablePermission", - "resource_types": [ + "resource_type": "session" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "testgrid-project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-session" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpceconfiguration" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -73435,38 +74472,68 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a local gateway route table virtual interface group association", - "privilege": "CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "local-gateway-route-table*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table-virtual-interface-group-association*" + "resource_type": "deviceinstance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface-group*" + "resource_type": "devicepool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instanceprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "networkprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "run" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "session" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "testgrid-session" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpceconfiguration" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -73475,368 +74542,515 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a VPC with a local gateway route table", - "privilege": "CreateLocalGatewayRouteTableVpcAssociation", + "description": "Grants permission to modify an existing device instance", + "privilege": "UpdateDeviceInstance", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "local-gateway-route-table*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table-vpc-association*" + "resource_type": "deviceinstance*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" - }, + "resource_type": "instanceprofile" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing device pool", + "privilege": "UpdateDevicePool", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "devicepool*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a managed prefix list", - "privilege": "CreateManagedPrefixList", + "description": "Grants permission to modify an existing instance profile", + "privilege": "UpdateInstanceProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "prefix-list*" - }, + "dependent_actions": [], + "resource_type": "instanceprofile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing network profile", + "privilege": "UpdateNetworkProfile", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "networkprofile*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a NAT gateway in a subnet", - "privilege": "CreateNatGateway", + "description": "Grants permission to modify an existing mobile testing project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" ], - "resource_type": "natgateway*" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing desktop testing project", + "privilege": "UpdateTestGridProject", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], - "resource_type": "subnet*" - }, + "resource_type": "testgrid-project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing upload", + "privilege": "UpdateUpload", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "elastic-ip" - }, + "resource_type": "upload*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing Amazon Virtual Private Cloud (VPC) endpoint configuration", + "privilege": "UpdateVPCEConfiguration", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vpceconfiguration*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "run" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:job:${ResourceId}", + "condition_keys": [], + "resource": "job" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:suite:${ResourceId}", + "condition_keys": [], + "resource": "suite" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:test:${ResourceId}", + "condition_keys": [], + "resource": "test" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:upload:${ResourceId}", + "condition_keys": [], + "resource": "upload" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:artifact:${ResourceId}", + "condition_keys": [], + "resource": "artifact" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:sample:${ResourceId}", + "condition_keys": [], + "resource": "sample" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "networkprofile" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}::deviceinstance:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deviceinstance" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "session" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "devicepool" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}::device:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "instanceprofile" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "vpceconfiguration" + }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:testgrid-project:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "testgrid-project" }, + { + "arn": "arn:${Partition}:devicefarm:${Region}:${Account}:testgrid-session:${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "testgrid-session" + } + ], + "service_name": "AWS Device Farm" + }, + { + "conditions": [ + { + "condition": "devops-guru:ServiceNames", + "description": "Filters access by API to restrict access to given AWS service names", + "type": "ArrayOfString" + } + ], + "prefix": "devops-guru", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a network ACL in a VPC", - "privilege": "CreateNetworkAcl", + "description": "Grants permission to add a notification channel to DevOps Guru", + "privilege": "AddNotificationChannel", "resource_types": [ { - "condition_keys": [ - "ec2:NetworkAclID" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" + "sns:GetTopicAttributes", + "sns:SetTopicAttributes" ], - "resource_type": "network-acl*" - }, + "resource_type": "topic*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete specified insight in your account", + "privilege": "DeleteInsight", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations in your AWS account", + "privilege": "DescribeAccountHealth", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a numbered entry (a rule) in a network ACL", - "privilege": "CreateNetworkAclEntry", + "access_level": "Read", + "description": "Grants permission to view the health of operations within a time range in your AWS account", + "privilege": "DescribeAccountOverview", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkAclID", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-acl*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the details of a specified anomaly", + "privilege": "DescribeAnomaly", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Network Access Scope", - "privilege": "CreateNetworkInsightsAccessScope", + "access_level": "Read", + "description": "Grants permission to retrieve details about event sources for DevOps Guru", + "privilege": "DescribeEventSourcesConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "network-insights-access-scope*" - }, + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the feedback details of a specified insight", + "privilege": "DescribeFeedback", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a path to analyze for reachability", - "privilege": "CreateNetworkInsightsPath", + "access_level": "Read", + "description": "Grants permission to list the details of a specified insight", + "privilege": "DescribeInsight", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "network-insights-path*" - }, + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations in your organization", + "privilege": "DescribeOrganizationHealth", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations within a time range in your organization", + "privilege": "DescribeOrganizationOverview", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "internet-gateway" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations for each AWS CloudFormation stack or AWS Services or accounts specified in DevOps Guru in your organization", + "privilege": "DescribeOrganizationResourceCollectionHealth", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the health of operations for each AWS CloudFormation stack specified in DevOps Guru", + "privilege": "DescribeResourceCollectionHealth", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the integration status of services that can be integrated with DevOps Guru", + "privilege": "DescribeServiceIntegration", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list service resource cost estimates", + "privilege": "GetCostEstimation", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint-service" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list AWS CloudFormation stacks that DevOps Guru is configured to use", + "privilege": "GetResourceCollection", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-peering-connection" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list anomalies of a given insight in your account", + "privilege": "ListAnomaliesForInsight", + "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "devops-guru:ServiceNames" ], "dependent_actions": [], - "resource_type": "vpn-gateway" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list log anomalies of a given insight in your account", + "privilege": "ListAnomalousLogGroups", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a network interface in a subnet", - "privilege": "CreateNetworkInterface", + "access_level": "List", + "description": "Grants permission to list resource events that are evaluated by DevOps Guru", + "privilege": "ListEvents", "resource_types": [ { - "condition_keys": [ - "ec2:NetworkInterfaceID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "network-interface*" - }, + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list insights in your account", + "privilege": "ListInsights", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list resource monitored by DevOps Guru in your account", + "privilege": "ListMonitoredResources", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list notification channels configured for DevOps Guru in your account", + "privilege": "ListNotificationChannels", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a permission for an AWS-authorized user to perform certain operations on a network interface", - "privilege": "CreateNetworkInterfacePermission", + "access_level": "List", + "description": "Grants permission to list insights in your organization", + "privilege": "ListOrganizationInsights", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AuthorizedService", - "ec2:AuthorizedUser", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:Permission", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list a specified insight's recommendations", + "privilege": "ListRecommendations", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -73844,25 +75058,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a placement group", - "privilege": "CreatePlacementGroup", + "description": "Grants permission to submit a feedback to DevOps Guru", + "privilege": "PutFeedback", "resource_types": [ { - "condition_keys": [ - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "placement-group*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -73870,21 +75070,27 @@ }, { "access_level": "Write", - "description": "Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM)", - "privilege": "CreatePublicIpv4Pool", + "description": "Grants permission to remove a notification channel from DevOps Guru", + "privilege": "RemoveNotificationChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" + "sns:GetTopicAttributes", + "sns:SetTopicAttributes" ], - "resource_type": "ipv4pool-ec2*" - }, + "resource_type": "topic*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to search insights in your account", + "privilege": "SearchInsights", + "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "devops-guru:ServiceNames" ], "dependent_actions": [], "resource_type": "" @@ -73892,79 +75098,48 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a root volume replacement task", - "privilege": "CreateReplaceRootVolumeTask", + "access_level": "List", + "description": "Grants permission to search insights in your organization", + "privilege": "SearchOrganizationInsights", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "instance*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "replace-root-volume-task*" - }, - { - "condition_keys": [ - "ec2:VolumeID" - ], - "dependent_actions": [], - "resource_type": "volume*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to start the creation of an estimate of the monthly cost", + "privilege": "StartCostEstimation", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an event source for DevOps Guru", + "privilege": "UpdateEventSourcesConfig", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the list of AWS CloudFormation stacks that are used to specify which AWS resources in your account are analyzed by DevOps Guru", + "privilege": "UpdateResourceCollection", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -73972,62 +75147,89 @@ }, { "access_level": "Write", - "description": "Grants permission to create a listing for Standard Reserved Instances to be sold in the Reserved Instance Marketplace", - "privilege": "CreateReservedInstancesListing", + "description": "Grants permission to enable or disable a service that integrates with DevOps Guru", + "privilege": "UpdateServiceIntegration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:sns:${Region}:${Account}:${TopicName}", + "condition_keys": [], + "resource": "topic" + } + ], + "service_name": "Amazon DevOps Guru" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by actions based on the presence of tag keys in the request", + "type": "String" + } + ], + "prefix": "directconnect", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to start a task that restores an AMI from an S3 object previously created by using CreateStoreImageTask", - "privilege": "CreateRestoreImageTask", + "description": "Grants permission to accept a proposal request to attach a virtual private gateway to a Direct Connect gateway", + "privilege": "AcceptDirectConnectGatewayAssociationProposal", "resource_types": [ { - "condition_keys": [ - "ec2:ImageID", - "ec2:Owner" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "image*" - }, + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a hosted connection on an interconnect", + "privilege": "AllocateConnectionOnInterconnect", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dxcon*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a route in a VPC route table", - "privilege": "CreateRoute", + "description": "Grants permission to create a new hosted connection between a AWS Direct Connect partner's network and a specific AWS Direct Connect location", + "privilege": "AllocateHostedConnection", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "route-table*" + "resource_type": "dxcon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxlag" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -74036,33 +75238,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a route table for a VPC", - "privilege": "CreateRouteTable", + "description": "Grants permission to provision a private virtual interface to be owned by a different customer", + "privilege": "AllocatePrivateVirtualInterface", "resource_types": [ { - "condition_keys": [ - "ec2:RouteTableID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "route-table*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" + "resource_type": "dxlag" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -74071,33 +75263,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a security group", - "privilege": "CreateSecurityGroup", + "description": "Grants permission to provision a public virtual interface to be owned by a different customer", + "privilege": "AllocatePublicVirtualInterface", "resource_types": [ { - "condition_keys": [ - "ec2:SecurityGroupID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "security-group*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc" + "resource_type": "dxlag" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -74106,41 +75288,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a snapshot of an EBS volume and store it in Amazon S3", - "privilege": "CreateSnapshot", + "description": "Grants permission to provision a transit virtual interface to be owned by a different customer", + "privilege": "AllocateTransitVirtualInterface", "resource_types": [ { - "condition_keys": [ - "ec2:OutpostArn", - "ec2:ParentVolume", - "ec2:SnapshotID", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "snapshot*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Encrypted", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "dxlag" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -74149,134 +75313,101 @@ }, { "access_level": "Write", - "description": "Grants permission to create crash-consistent snapshots of multiple EBS volumes and store them in Amazon S3", - "privilege": "CreateSnapshots", + "description": "Grants permission to associate a connection with a LAG", + "privilege": "AssociateConnectionWithLag", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "instance*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxcon*" }, { - "condition_keys": [ - "ec2:OutpostArn", - "ec2:ParentVolume", - "ec2:SnapshotID", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "dxlag*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a hosted connection and its virtual interfaces with a link aggregation group (LAG) or interconnect", + "privilege": "AssociateHostedConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxcon*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Encrypted", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dxlag" } ] }, { "access_level": "Write", - "description": "Grants permission to create a data feed for Spot Instances to view Spot Instance usage logs", - "privilege": "CreateSpotDatafeedSubscription", + "description": "Grants permission to associate a MAC Security (MACsec) Connection Key Name (CKN)/ Connectivity Association Key (CAK) pair with an AWS Direct Connect dedicated connection", + "privilege": "AssociateMacSecKey", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dxcon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxlag" } ] }, { "access_level": "Write", - "description": "Grants permission to store an AMI as a single object in an S3 bucket", - "privilege": "CreateStoreImageTask", + "description": "Grants permission to associate a virtual interface with a specified link aggregation group (LAG) or connection", + "privilege": "AssociateVirtualInterface", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "dxvif*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dxcon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dxlag" } ] }, { "access_level": "Write", - "description": "Grants permission to create a subnet in a VPC", - "privilege": "CreateSubnet", + "description": "Grants permission to confirm the creation of a hosted connection on an interconnect", + "privilege": "ConfirmConnection", "resource_types": [ { - "condition_keys": [ - "ec2:SubnetID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "subnet*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to confirm the the terms of agreement when creating the connection or link aggregation group (LAG)", + "privilege": "ConfirmCustomerAgreement", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -74284,787 +75415,802 @@ }, { "access_level": "Write", - "description": "Grants permission to create a subnet CIDR reservation", - "privilege": "CreateSubnetCidrReservation", + "description": "Grants permission to accept ownership of a private virtual interface created by another customer", + "privilege": "ConfirmPrivateVirtualInterface", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dxvif*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite one or more tags for Amazon EC2 resources", - "privilege": "CreateTags", + "access_level": "Write", + "description": "Grants permission to accept ownership of a public virtual interface created by another customer", + "privilege": "ConfirmPublicVirtualInterface", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-reservation" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to accept ownership of a transit virtual interface created by another customer", + "privilege": "ConfirmTransitVirtualInterface", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-reservation-fleet" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a BGP peer on the specified virtual interface", + "privilege": "CreateBGPPeer", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "carrier-gateway" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new connection between the customer network and a specific AWS Direct Connect location", + "privilege": "CreateConnection", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint" + "resource_type": "dxlag" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "coip-pool" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Direct Connect gateway, which is an intermediate object that enables you to connect a set of virtual interfaces and virtual private gateways", + "privilege": "CreateDirectConnectGateway", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-gateway" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an association between a Direct Connect gateway and a virtual private gateway", + "privilege": "CreateDirectConnectGatewayAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:Quantity", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-host" - }, + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a proposal to associate the specified virtual private gateway with the specified Direct Connect gateway", + "privilege": "CreateDirectConnectGatewayAssociationProposal", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:DhcpOptionsID", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "dhcp-options" - }, + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new interconnect between a AWS Direct Connect partner's network and a specific AWS Direct Connect location", + "privilege": "CreateInterconnect", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "egress-only-internet-gateway" + "resource_type": "dxlag" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ElasticGpuType", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "elastic-gpu" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a link aggregation group (LAG) with the specified number of bundled physical connections between the customer network and a specific AWS Direct Connect location", + "privilege": "CreateLag", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "elastic-ip" + "resource_type": "dxcon" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "export-image-task" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new private virtual interface", + "privilege": "CreatePrivateVirtualInterface", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "export-instance-task" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "dxlag" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "fpga-image" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new public virtual interface", + "privilege": "CreatePublicVirtualInterface", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "host-reservation" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image" + "resource_type": "dxlag" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "import-image-task" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new transit virtual interface", + "privilege": "CreateTransitVirtualInterface", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "import-snapshot-task" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance" + "resource_type": "dxlag" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "instance-connect-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified BGP peer on the specified virtual interface with the specified customer address and ASN", + "privilege": "DeleteBGPPeer", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-event-window" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the connection", + "privilege": "DeleteConnection", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "internet-gateway" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified Direct Connect gateway", + "privilege": "DeleteDirectConnectGateway", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam" - }, + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the association between the specified Direct Connect gateway and virtual private gateway", + "privilege": "DeleteDirectConnectGatewayAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-pool" - }, + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the association proposal request between the specified Direct Connect gateway and virtual private gateway", + "privilege": "DeleteDirectConnectGatewayAssociationProposal", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-resource-discovery" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified interconnect", + "privilege": "DeleteInterconnect", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-resource-discovery-association" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified link aggregation group (LAG)", + "privilege": "DeleteLag", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-scope" - }, + "resource_type": "dxlag*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a virtual interface", + "privilege": "DeleteVirtualInterface", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipv4pool-ec2" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the LOA-CFA for a Connection", + "privilege": "DescribeConnectionLoa", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipv6pool-ec2" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all connections in this region", + "privilege": "DescribeConnections", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:KeyPairType", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "key-pair" - }, + "resource_type": "dxcon" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a list of connections that have been provisioned on the given interconnect", + "privilege": "DescribeConnectionsOnInterconnect", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-template" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view a list of customer agreements, along with their signed status and whether the customer is an NNIPartner, NNIPartnerV2, or a nonPartner", + "privilege": "DescribeCustomerMetadata", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more association proposals for connection between a virtual private gateway and a Direct Connect gateway", + "privilege": "DescribeDirectConnectGatewayAssociationProposals", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table" - }, + "resource_type": "dx-gateway" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the associations between your Direct Connect gateways and virtual private gateways", + "privilege": "DescribeDirectConnectGatewayAssociations", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table-virtual-interface-group-association" - }, + "resource_type": "dx-gateway" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the attachments between your Direct Connect gateways and virtual interfaces", + "privilege": "DescribeDirectConnectGatewayAttachments", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table-vpc-association" - }, + "resource_type": "dx-gateway" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all your Direct Connect gateways or only the specified Direct Connect gateway", + "privilege": "DescribeDirectConnectGateways", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface" - }, + "resource_type": "dx-gateway" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the hosted connections that have been provisioned on the specified interconnect or link aggregation group (LAG)", + "privilege": "DescribeHostedConnections", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface-group" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "natgateway" - }, + "resource_type": "dxlag" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the LOA-CFA for an Interconnect", + "privilege": "DescribeInterconnectLoa", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkAclID", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-acl" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a list of interconnects owned by the AWS account", + "privilege": "DescribeInterconnects", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-insights-access-scope" - }, + "resource_type": "dxcon" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all your link aggregation groups (LAG) or the specified LAG", + "privilege": "DescribeLags", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-insights-access-scope-analysis" - }, + "resource_type": "dxlag" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the LOA-CFA for a connection, interconnect, or link aggregation group (LAG)", + "privilege": "DescribeLoa", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-insights-analysis" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-insights-path" - }, + "resource_type": "dxlag" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the list of AWS Direct Connect locations in the current AWS region", + "privilege": "DescribeLocations", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AuthorizedUser", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:Permission", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe Details about the router for a virtual interface", + "privilege": "DescribeRouterConfiguration", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "placement-group" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the tags associated with the specified AWS Direct Connect resources", + "privilege": "DescribeTags", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "prefix-list" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "replace-root-volume-task" + "resource_type": "dxlag" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instances" - }, + "resource_type": "dxvif" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a list of virtual private gateways owned by the AWS account", + "privilege": "DescribeVirtualGateways", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "route-table" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all virtual interfaces for an AWS account", + "privilege": "DescribeVirtualInterfaces", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group-rule" + "resource_type": "dxlag" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Encrypted", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, + "resource_type": "dxvif" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a connection from a link aggregation group (LAG)", + "privilege": "DisassociateConnectionFromLag", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "spot-fleet-request" + "resource_type": "dxcon*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "spot-instances-request" - }, + "resource_type": "dxlag*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the association between a MAC Security (MACsec) security key and an AWS Direct Connect dedicated connection", + "privilege": "DisassociateMacSecKey", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet-cidr-reservation" - }, + "resource_type": "dxlag" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the virtual interface failover test history", + "privilege": "ListVirtualInterfaceTestHistory", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-mirror-filter" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the virtual interface failover test that verifies your configuration meets your resiliency requirements by placing the BGP peering session in the DOWN state. You can then send traffic to verify that there are no outages", + "privilege": "StartBgpFailoverTest", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-session" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-target" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-connect-peer" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-policy-table" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table-announcement" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-endpoint" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop the virtual interface failover test", + "privilege": "StopBgpFailoverTest", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-group" - }, + "resource_type": "dxvif*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified AWS Direct Connect resource. Each resource can have a maximum of 50 tags", + "privilege": "TagResource", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-instance" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-policy" + "resource_type": "dxlag" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-trust-provider" + "resource_type": "dxvif" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "volume" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified AWS Direct Connect resource", + "privilege": "UntagResource", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc" + "resource_type": "dxcon" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint" + "resource_type": "dxlag" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint-connection" + "resource_type": "dxvif" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "vpc-endpoint-service" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the AWS Direct Connect dedicated connection configuration. You can update the following parameters for a connection: The connection name or The connection's MAC Security (MACsec) encryption mode", + "privilege": "UpdateConnection", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint-service-permission" - }, + "resource_type": "dxcon*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the name of a Direct Connect gateway", + "privilege": "UpdateDirectConnectGateway", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-flow-log" - }, + "resource_type": "dx-gateway*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified attributes of the Direct Connect gateway association", + "privilege": "UpdateDirectConnectGatewayAssociation", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-peering-connection" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the attributes of the specified link aggregation group (LAG)", + "privilege": "UpdateLag", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:InsideTunnelIpv6Cidr", - "ec2:Phase1DHGroup", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroup", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PreSharedKeys", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ReplayWindowSizePackets", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpn-connection" - }, + "resource_type": "dxlag*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified attributes of the specified virtual private interface", + "privilege": "UpdateVirtualInterfaceAttributes", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpn-gateway" - }, + "resource_type": "dxvif*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:directconnect:${Region}:${Account}:dxcon/${ConnectionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dxcon" + }, + { + "arn": "arn:${Partition}:directconnect:${Region}:${Account}:dxlag/${LagId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dxlag" + }, + { + "arn": "arn:${Partition}:directconnect:${Region}:${Account}:dxvif/${VirtualInterfaceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dxvif" + }, + { + "arn": "arn:${Partition}:directconnect::${Account}:dx-gateway/${DirectConnectGatewayId}", + "condition_keys": [], + "resource": "dx-gateway" + } + ], + "service_name": "AWS Direct Connect" + }, + { + "conditions": [ + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "discovery", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to AssociateConfigurationItemsToApplication API. AssociateConfigurationItemsToApplication associates one or more configuration items with an application", + "privilege": "AssociateConfigurationItemsToApplication", + "resource_types": [ { - "condition_keys": [ - "ec2:CreateAction", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -75072,22 +76218,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a traffic mirror filter", - "privilege": "CreateTrafficMirrorFilter", + "description": "Grants permission to BatchDeleteAgents API. BatchDeleteAgents deletes one or more agents/data collectors associated with your account, each identified by its agent ID. Deleting a data collector does not delete the previous data collected", + "privilege": "BatchDeleteAgents", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "traffic-mirror-filter*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], "resource_type": "" } @@ -75095,21 +76230,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a traffic mirror filter rule", - "privilege": "CreateTrafficMirrorFilterRule", + "description": "Grants permission to BatchDeleteImportData API. BatchDeleteImportData deletes one or more Migration Hub import tasks, each identified by their import ID. Each import task has a number of records, which can identify servers or applications", + "privilege": "BatchDeleteImportData", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -75117,47 +76242,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a traffic mirror session", - "privilege": "CreateTrafficMirrorSession", + "description": "Grants permission to CreateApplication API. CreateApplication creates an application with the given name and description", + "privilege": "CreateApplication", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "network-interface*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "traffic-mirror-session*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-target*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to CreateTags API. CreateTags creates one or more tags for configuration items. Tags are metadata that help you categorize IT assets. This API accepts a list of multiple configuration items", + "privilege": "CreateTags", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -75165,40 +76266,24 @@ }, { "access_level": "Write", - "description": "Grants permission to create a traffic mirror target", - "privilege": "CreateTrafficMirrorTarget", + "description": "Grants permission to DeleteApplications API. DeleteApplications deletes a list of applications and their associations with configuration items", + "privilege": "DeleteApplications", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "traffic-mirror-target*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServiceName", - "ec2:VpceServiceOwner" - ], "dependent_actions": [], - "resource_type": "vpc-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to DeleteTags API. DeleteTags deletes the association between configuration items and one or more tags. This API accepts a list of multiple configuration items", + "privilege": "DeleteTags", + "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -75206,139 +76291,96 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a transit gateway", - "privilege": "CreateTransitGateway", + "access_level": "Read", + "description": "Grants permission to DescribeAgents API. DescribeAgents lists agents or the Connector by ID or lists all agents/Connectors associated with your user if you did not specify an ID", + "privilege": "DescribeAgents", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Connect attachment from a specified transit gateway attachment", - "privilege": "CreateTransitGatewayConnect", + "access_level": "Read", + "description": "Grants permission to DescribeBatchDeleteConfigurationTask API. DescribeBatchDeleteConfigurationTask returns attributes about a batched deletion task to delete a set of configuration items. The supplied task ID should be the task ID receieved from the output of StartBatchDeleteConfigurationTask", + "privilege": "DescribeBatchDeleteConfigurationTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Connect peer between a transit gateway and an appliance", - "privilege": "CreateTransitGatewayConnectPeer", + "access_level": "Read", + "description": "Grants permission to DescribeConfigurations API. DescribeConfigurations retrieves attributes for a list of configuration item IDs. All of the supplied IDs must be for the same asset type (server, application, process, or connection). Output fields are specific to the asset type selected. For example, the output for a server configuration item includes a list of attributes about the server, such as host name, operating system, and number of network cards", + "privilege": "DescribeConfigurations", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway-attachment*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-connect-peer*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to DescribeContinuousExports API. DescribeContinuousExports lists exports as specified by ID. All continuous exports associated with your user can be listed if you call DescribeContinuousExports as is without passing any parameters", + "privilege": "DescribeContinuousExports", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a multicast domain for a transit gateway", - "privilege": "CreateTransitGatewayMulticastDomain", + "access_level": "Read", + "description": "Grants permission to DescribeExportConfigurations API. DescribeExportConfigurations retrieves the status of a given export process. You can retrieve status from a maximum of 100 processes", + "privilege": "DescribeExportConfigurations", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to DescribeExportTasks API. DescribeExportTasks retrieve status of one or more export tasks. You can retrieve the status of up to 100 export tasks", + "privilege": "DescribeExportTasks", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to request a transit gateway peering attachment between a requester and accepter transit gateway", - "privilege": "CreateTransitGatewayPeeringAttachment", + "access_level": "List", + "description": "Grants permission to DescribeImportTasks API. DescribeImportTasks returns an array of import tasks for your user, including status information, times, IDs, the Amazon S3 Object URL for the import file, and more", + "privilege": "DescribeImportTasks", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to DescribeTags API. DescribeTags retrieves a list of configuration items that are tagged with a specific tag. Or retrieves a list of all tags assigned to a specific configuration item", + "privilege": "DescribeTags", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -75346,98 +76388,71 @@ }, { "access_level": "Write", - "description": "Grants permission to create a transit gateway policy table", - "privilege": "CreateTransitGatewayPolicyTable", + "description": "Grants permission to DisassociateConfigurationItemsFromApplication API. DisassociateConfigurationItemsFromApplication disassociates one or more configuration items from an application", + "privilege": "DisassociateConfigurationItemsFromApplication", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-policy-table*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a transit gateway prefix list reference", - "privilege": "CreateTransitGatewayPrefixListReference", + "description": "Grants permission to ExportConfigurations API. ExportConfigurations exports all discovered configuration data to an Amazon S3 bucket or an application that enables you to view and evaluate the data. Data includes tags and tag associations, processes, connections, servers, and system performance", + "privilege": "ExportConfigurations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "prefix-list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to GetDiscoverySummary API. GetDiscoverySummary retrieves a short summary of discovered assets", + "privilege": "GetDiscoverySummary", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a static route for a transit gateway route table", - "privilege": "CreateTransitGatewayRoute", + "access_level": "Read", + "description": "Grants permission to GetNetworkConnectionGraph API. GetNetworkConnectionGraph accepts input list of one of - Ip Addresses, server ids or node ids. Returns a list of nodes and edges which help customer visualize network connection graph. This API is used for visualize network graph functionality in MigrationHub console", + "privilege": "GetNetworkConnectionGraph", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to ListConfigurations API. ListConfigurations retrieves a list of configuration items according to criteria you specify in a filter. The filter criteria identify relationship requirements", + "privilege": "ListConfigurations", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to ListServerNeighbors API. ListServerNeighbors retrieves a list of servers which are one network hop away from a specified server", + "privilege": "ListServerNeighbors", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -75445,186 +76460,145 @@ }, { "access_level": "Write", - "description": "Grants permission to create a route table for a transit gateway", - "privilege": "CreateTransitGatewayRouteTable", + "description": "Grants permission to StartBatchDeleteConfigurationTask API. StartBatchDeleteConfigurationTask starts an asynchronous batch deletion of your configuration items. All of the supplied IDs must be for the same asset type (server, application, process, or connection). Output is a unique task ID you can use to check back on the deletions progress", + "privilege": "StartBatchDeleteConfigurationTask", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an announcement for a transit gateway route table", - "privilege": "CreateTransitGatewayRouteTableAnnouncement", + "description": "Grants permission to StartContinuousExport API. StartContinuousExport start the continuous flow of agent's discovered data into Amazon Athena", + "privilege": "StartContinuousExport", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "iam:AttachRolePolicy", + "iam:CreatePolicy", + "iam:CreateRole", + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to StartDataCollectionByAgentIds API. StartDataCollectionByAgentIds instructs the specified agents or Connectors to start collecting data", + "privilege": "StartDataCollectionByAgentIds", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table-announcement*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a VPC to a transit gateway", - "privilege": "CreateTransitGatewayVpcAttachment", + "description": "Grants permission to StartExportTask API. StartExportTask export the configuration data about discovered configuration items and relationships to an S3 bucket in a specified format", + "privilege": "StartExportTask", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "subnet*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Verified Access endpoint", - "privilege": "CreateVerifiedAccessEndpoint", + "description": "Grants permission to StartImportTask API. StartImportTask starts an import task. The Migration Hub import feature allows you to import details of your on-premises environment directly into AWS without having to use the Application Discovery Service (ADS) tools such as the Discovery Connector or Discovery Agent. This gives you the option to perform migration assessment and planning directly from your imported data including the ability to group your devices as applications and track their migration status", + "privilege": "StartImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "verified-access-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "discovery:AssociateConfigurationItemsToApplication", + "discovery:CreateApplication", + "discovery:CreateTags", + "discovery:GetDiscoverySummary", + "discovery:ListConfigurations", + "s3:GetObject" ], - "dependent_actions": [], - "resource_type": "verified-access-group*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to StopContinuousExport API. StopContinuousExport stops the continuous flow of agent's discovered data into Amazon Athena", + "privilege": "StopContinuousExport", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AuthorizedUser", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:Permission", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to StopDataCollectionByAgentIds API. StopDataCollectionByAgentIds instructs the specified agents or Connectors to stop collecting data", + "privilege": "StopDataCollectionByAgentIds", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to UpdateApplication API. UpdateApplication updates metadata about an application", + "privilege": "UpdateApplication", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet" - }, + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Application Discovery Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "dlm", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a data lifecycle policy to manage the scheduled creation and retention of Amazon EBS snapshots. You may have up to 100 policies", + "privilege": "CreateLifecyclePolicy", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -75633,75 +76607,66 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Verified Access group", - "privilege": "CreateVerifiedAccessGroup", + "description": "Grants permission to delete an existing data lifecycle policy. In addition, this action halts the creation and deletion of snapshots that the policy specified. Existing snapshots are not affected", + "privilege": "DeleteLifecyclePolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "verified-access-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, + "resource_type": "policy*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to returns a list of summary descriptions of data lifecycle policies", + "privilege": "GetLifecyclePolicies", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Verified Access instance", - "privilege": "CreateVerifiedAccessInstance", + "access_level": "Read", + "description": "Grants permission to return a complete description of a single data lifecycle policy", + "privilege": "GetLifecyclePolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "verified-access-instance*" - }, + "dependent_actions": [], + "resource_type": "policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags associated with a resource", + "privilege": "ListTagsForResource", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a verified trust provider", - "privilege": "CreateVerifiedAccessTrustProvider", + "access_level": "Tagging", + "description": "Grants permission to add or update tags of a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "verified-access-trust-provider*" + "dependent_actions": [], + "resource_type": "policy*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -75709,32 +76674,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an EBS volume", - "privilege": "CreateVolume", + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:KmsKeyId", - "ec2:ParentSnapshot", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "volume*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -75743,134 +76694,174 @@ }, { "access_level": "Write", - "description": "Grants permission to create a VPC with a specified CIDR block", - "privilege": "CreateVpc", + "description": "Grants permission to update an existing data lifecycle policy", + "privilege": "UpdateLifecyclePolicy", "resource_types": [ { - "condition_keys": [ - "ec2:Ipv4IpamPoolId", - "ec2:Ipv6IpamPoolId", - "ec2:VpcID" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "vpc*" - }, + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:dlm:${Region}:${Account}:policy/${ResourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "policy" + } + ], + "service_name": "Amazon Data Lifecycle Manager" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "dms:cert-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for Certificate", + "type": "String" + }, + { + "condition": "dms:data-migration-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for DataMigration", + "type": "String" + }, + { + "condition": "dms:data-provider-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for DataProvider", + "type": "String" + }, + { + "condition": "dms:endpoint-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for Endpoint", + "type": "String" + }, + { + "condition": "dms:es-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for EventSubscription", + "type": "String" + }, + { + "condition": "dms:instance-profile-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for InstanceProfile", + "type": "String" + }, + { + "condition": "dms:migration-project-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for MigrationProject", + "type": "String" + }, + { + "condition": "dms:rep-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationInstance", + "type": "String" + }, + { + "condition": "dms:replication-config-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationConfig", + "type": "String" + }, + { + "condition": "dms:req-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the given request", + "type": "String" + }, + { + "condition": "dms:subgrp-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationSubnetGroup", + "type": "String" + }, + { + "condition": "dms:task-tag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request for ReplicationTask", + "type": "String" + } + ], + "prefix": "dms", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to add metadata tags to DMS resources, including replication instances, endpoints, security groups, and migration tasks", + "privilege": "AddTagsToResource", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-pool" + "resource_type": "Certificate" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipv6pool-ec2" + "resource_type": "DataMigration" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a VPC endpoint for an AWS service", - "privilege": "CreateVpcEndpoint", - "resource_types": [ + "resource_type": "DataProvider" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcID" - ], - "dependent_actions": [ - "ec2:CreateTags", - "route53:AssociateVPCWithHostedZone" - ], - "resource_type": "vpc*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Endpoint" }, { - "condition_keys": [ - "ec2:VpceServiceName", - "ec2:VpceServiceOwner" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint*" + "resource_type": "EventSubscription" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "route-table" + "resource_type": "InstanceProfile" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "MigrationProject" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "ReplicationConfig" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a connection notification for a VPC endpoint or VPC endpoint service", - "privilege": "CreateVpcEndpointConnectionNotification", - "resource_types": [ + "resource_type": "ReplicationInstance" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint" + "resource_type": "ReplicationSubnetGroup" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint-service" + "resource_type": "ReplicationTask" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -75879,136 +76870,37 @@ }, { "access_level": "Write", - "description": "Grants permission to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect", - "privilege": "CreateVpcEndpointServiceConfiguration", + "description": "Grants permission to apply a pending maintenance action to a resource (for example, to a replication instance)", + "privilege": "ApplyPendingMaintenanceAction", "resource_types": [ { - "condition_keys": [ - "ec2:VpceServicePrivateDnsName" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "vpc-endpoint-service*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationInstance*" } ] }, { "access_level": "Write", - "description": "Grants permission to request a VPC peering connection between two VPCs", - "privilege": "CreateVpcPeeringConnection", + "description": "Grants permission to associate a extension pack", + "privilege": "AssociateExtensionPack", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "ec2:AccepterVpc", - "ec2:RequesterVpc", - "ec2:VpcPeeringConnectionID" - ], - "dependent_actions": [], - "resource_type": "vpc-peering-connection*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "dms:StartExtensionPackAssociation" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a VPN connection between a virtual private gateway or transit gateway and a customer gateway", - "privilege": "CreateVpnConnection", + "description": "Grants permission to start the analysis of up to 20 source databases to recommend target engines for each source database", + "privilege": "BatchStartRecommendations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "customer-gateway*" - }, - { - "condition_keys": [ - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:InsideTunnelIpv6Cidr", - "ec2:Phase1DHGroup", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroup", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PreSharedKeys", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ReplayWindowSizePackets", - "ec2:RoutingType" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -76016,132 +76908,70 @@ }, { "access_level": "Write", - "description": "Grants permission to create a static route for a VPN connection between a virtual private gateway and a customer gateway", - "privilege": "CreateVpnConnectionRoute", + "description": "Grants permission to cancel a single metadata model assessment run", + "privilege": "CancelMetadataModelAssessment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a virtual private gateway", - "privilege": "CreateVpnGateway", + "description": "Grants permission to cancel a single metadata model conversion run", + "privilege": "CancelMetadataModelConversion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "vpn-gateway*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a carrier gateway", - "privilege": "DeleteCarrierGateway", + "description": "Grants permission to cancel a single metadata model export run", + "privilege": "CancelMetadataModelExport", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "carrier-gateway*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Client VPN endpoint", - "privilege": "DeleteClientVpnEndpoint", + "description": "Grants permission to cancel a single premigration assessment run", + "privilege": "CancelReplicationTaskAssessmentRun", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTaskAssessmentRun*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a route from a Client VPN endpoint", - "privilege": "DeleteClientVpnRoute", + "description": "Grants permission to create a database migration using the provided settings", + "privilege": "CreateDataMigration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "MigrationProject*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, - { - "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -76150,64 +76980,53 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a range of customer-owned IP (CoIP) addresses", - "privilege": "DeleteCoipCidr", + "description": "Grants permission to create an data provider using the provided settings", + "privilege": "CreateDataProvider", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "coip-pool*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pool of customer-owned IP (CoIP) addresses", - "privilege": "DeleteCoipPool", + "description": "Grants permission to create an endpoint using the provided settings", + "privilege": "CreateEndpoint", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "coip-pool*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deny a service from accessing a customer-owned IP (CoIP) pool", - "privilege": "DeleteCoipPoolPermission", + "description": "Grants permission to create an AWS DMS event notification subscription", + "privilege": "CreateEventSubscription", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "coip-pool*" - }, - { - "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -76216,65 +77035,60 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a customer gateway", - "privilege": "DeleteCustomerGateway", + "description": "Grants permission to create a Fleet Advisor collector using the specified parameters", + "privilege": "CreateFleetAdvisorCollector", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "customer-gateway*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a set of DHCP options", - "privilege": "DeleteDhcpOptions", + "description": "Grants permission to create an instance profile using the provided settings", + "privilege": "CreateInstanceProfile", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:DhcpOptionsID", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "dhcp-options*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an egress-only internet gateway", - "privilege": "DeleteEgressOnlyInternetGateway", + "description": "Grants permission to create an migration project using the provided settings", + "privilege": "CreateMigrationProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], + "resource_type": "DataProvider*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "egress-only-internet-gateway*" + "resource_type": "InstanceProfile*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -76283,20 +77097,20 @@ }, { "access_level": "Write", - "description": "Grants permission to delete one or more EC2 Fleets", - "privilege": "DeleteFleets", + "description": "Grants permission to create a replication config using the provided settings", + "privilege": "CreateReplicationConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "Endpoint*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -76305,44 +77119,34 @@ }, { "access_level": "Write", - "description": "Grants permission to delete one or more flow logs", - "privilege": "DeleteFlowLogs", + "description": "Grants permission to create a replication instance using the specified parameters", + "privilege": "CreateReplicationInstance", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "vpc-flow-log*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon FPGA Image (AFI)", - "privilege": "DeleteFpgaImage", + "description": "Grants permission to create a replication subnet group given a list of the subnet IDs in a VPC", + "privilege": "CreateReplicationSubnetGroup", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "fpga-image*" - }, - { - "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -76351,21 +77155,25 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an EC2 Instance Connect Endpoint", - "privilege": "DeleteInstanceConnectEndpoint", + "description": "Grants permission to create a replication task using the specified parameters", + "privilege": "CreateReplicationTask", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-connect-endpoint*" + "resource_type": "Endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationInstance*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "dms:req-tag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -76374,156 +77182,88 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified event window", - "privilege": "DeleteInstanceEventWindow", + "description": "Grants permission to delete the specified certificate", + "privilege": "DeleteCertificate", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Certificate*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an internet gateway", - "privilege": "DeleteInternetGateway", + "description": "Grants permission to delete the specified connection between a replication instance and an endpoint", + "privilege": "DeleteConnection", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "internet-gateway*" + "resource_type": "Endpoint*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationInstance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) and remove all monitored data associated with the IPAM including the historical data for CIDRs", - "privilege": "DeleteIpam", + "description": "Grants permission to delete the specified database migration", + "privilege": "DeleteDataMigration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DataMigration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "DeleteIpamPool", + "description": "Grants permission to delete the specified data provider", + "privilege": "DeleteDataProvider", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DataProvider*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an IPAM resource discovery", - "privilege": "DeleteIpamResourceDiscovery", + "description": "Grants permission to delete the specified endpoint", + "privilege": "DeleteEndpoint", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-resource-discovery*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the scope for an Amazon VPC IP Address Manager (IPAM)", - "privilege": "DeleteIpamScope", + "description": "Grants permission to delete an AWS DMS event subscription", + "privilege": "DeleteEventSubscription", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-scope*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "EventSubscription*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a key pair by removing the public key from Amazon EC2", - "privilege": "DeleteKeyPair", + "description": "Grants permission to delete the specified Fleet Advisor collector", + "privilege": "DeleteFleetAdvisorCollector", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:KeyPairType", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "key-pair" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -76531,21 +77271,11 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a launch template and its associated versions", - "privilege": "DeleteLaunchTemplate", + "description": "Grants permission to delete the specified Fleet Advisor databases", + "privilege": "DeleteFleetAdvisorDatabases", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "launch-template*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -76553,1295 +77283,991 @@ }, { "access_level": "Write", - "description": "Grants permission to delete one or more versions of a launch template", - "privilege": "DeleteLaunchTemplateVersions", + "description": "Grants permission to delete the specified instance profile", + "privilege": "DeleteInstanceProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "launch-template*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "InstanceProfile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a route from a local gateway route table", - "privilege": "DeleteLocalGatewayRoute", + "description": "Grants permission to delete the specified migration project", + "privilege": "DeleteMigrationProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "local-gateway-route-table*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "prefix-list" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a local gateway route table", - "privilege": "DeleteLocalGatewayRouteTable", + "description": "Grants permission to delete the specified replication config", + "privilege": "DeleteReplicationConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "local-gateway-route-table*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationConfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to deny a service from accessing a local gateway route table", - "privilege": "DeleteLocalGatewayRouteTablePermission", + "description": "Grants permission to delete the specified replication instance", + "privilege": "DeleteReplicationInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "local-gateway-route-table*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationInstance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a local gateway route table virtual interface group association", - "privilege": "DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation", + "description": "Grants permission to deletes a subnet group", + "privilege": "DeleteReplicationSubnetGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "local-gateway-route-table-virtual-interface-group-association*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationSubnetGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an association between a VPC and local gateway route table", - "privilege": "DeleteLocalGatewayRouteTableVpcAssociation", + "description": "Grants permission to delete the specified replication task", + "privilege": "DeleteReplicationTask", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "local-gateway-route-table-vpc-association*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a managed prefix list", - "privilege": "DeleteManagedPrefixList", + "description": "Grants permission to delete the record of a single premigration assessment run", + "privilege": "DeleteReplicationTaskAssessmentRun", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "prefix-list*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTaskAssessmentRun*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a NAT gateway", - "privilege": "DeleteNatGateway", + "access_level": "Read", + "description": "Grants permission to list all of the AWS DMS attributes for a customer account", + "privilege": "DescribeAccountAttributes", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "natgateway*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a network ACL", - "privilege": "DeleteNetworkAcl", + "access_level": "Read", + "description": "Grants permission to list individual assessments that you can specify for a new premigration assessment run", + "privilege": "DescribeApplicableIndividualAssessments", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkAclID", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-acl*" + "resource_type": "ReplicationInstance" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an inbound or outbound entry (rule) from a network ACL", - "privilege": "DeleteNetworkAclEntry", + "access_level": "Read", + "description": "Grants permission to provide a description of the certificate", + "privilege": "DescribeCertificates", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkAclID", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-acl*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Network Access Scope", - "privilege": "DeleteNetworkInsightsAccessScope", + "access_level": "Read", + "description": "Grants permission to describe the status of the connections that have been made between the replication instance and an endpoint", + "privilege": "DescribeConnections", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "network-insights-access-scope*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Network Access Scope analysis", - "privilege": "DeleteNetworkInsightsAccessScopeAnalysis", + "access_level": "Read", + "description": "Grants permission to return information about DMS Schema Conversion project configuration", + "privilege": "DescribeConversionConfiguration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "network-insights-access-scope-analysis*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a network insights analysis", - "privilege": "DeleteNetworkInsightsAnalysis", + "access_level": "Read", + "description": "Grants permission to return information about database migrations for your account in the specified region", + "privilege": "DescribeDataMigrations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "network-insights-analysis*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a network insights path", - "privilege": "DeleteNetworkInsightsPath", + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a data providers. Note. This action should be added along with ListDataProviders, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeDataProviders", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:ListDataProviders" ], - "dependent_actions": [], - "resource_type": "network-insights-path*" - }, + "resource_type": "DataProvider" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the possible endpoint settings available when you create an endpoint for a specific database engine", + "privilege": "DescribeEndpointSettings", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a detached network interface", - "privilege": "DeleteNetworkInterface", + "access_level": "Read", + "description": "Grants permission to return information about the type of endpoints available", + "privilege": "DescribeEndpointTypes", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about the endpoints for your account in the current region", + "privilege": "DescribeEndpoints", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a permission that is associated with a network interface", - "privilege": "DeleteNetworkInterfacePermission", + "access_level": "Read", + "description": "Grants permission to return information about the available versions for DMS replication instances", + "privilege": "DescribeEngineVersions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list categories for all event source types, or, if specified, for a specified source type", + "privilege": "DescribeEventCategories", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a placement group", - "privilege": "DeletePlacementGroup", + "access_level": "Read", + "description": "Grants permission to list all the event subscriptions for a customer account", + "privilege": "DescribeEventSubscriptions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "placement-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list events for a given source identifier and source type", + "privilege": "DescribeEvents", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a public IPv4 address pool for public IPv4 CIDRs that you own and brought to Amazon to manage with Amazon VPC IP Address Manager (IPAM)", - "privilege": "DeletePublicIpv4Pool", + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for extension packs. Note. This action should be added along with ListExtensionPacks, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeExtensionPackAssociations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:ListExtensionPacks" ], - "dependent_actions": [], - "resource_type": "ipv4pool-ec2*" - }, + "resource_type": "MigrationProject*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a paginated list of Fleet Advisor collectors in your account based on filter settings", + "privilege": "DescribeFleetAdvisorCollectors", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the queued purchases for the specified Reserved Instances", - "privilege": "DeleteQueuedReservedInstances", + "access_level": "Read", + "description": "Grants permission to return a paginated list of Fleet Advisor databases in your account based on filter settings", + "privilege": "DescribeFleetAdvisorDatabases", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove an IAM policy that enables cross-account sharing from a resource", - "privilege": "DeleteResourcePolicy", + "access_level": "Read", + "description": "Grants permission to return a paginated list of descriptions of large-scale assessment (LSA) analyses produced by your Fleet Advisor collectors", + "privilege": "DescribeFleetAdvisorLsaAnalysis", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "placement-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a paginated list of descriptions of schemas discovered by your Fleet Advisor collectors based on filter settings", + "privilege": "DescribeFleetAdvisorSchemaObjectSummary", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a paginated list of schemas discovered by your Fleet Advisor collectors based on filter settings", + "privilege": "DescribeFleetAdvisorSchemas", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a route from a route table", - "privilege": "DeleteRoute", + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a instance profiles. Note. This action should be added along with ListInstanceProfiles, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeInstanceProfiles", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" + "condition_keys": [], + "dependent_actions": [ + "dms:ListInstanceProfiles" ], - "dependent_actions": [], - "resource_type": "route-table*" - }, + "resource_type": "InstanceProfile" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for metadata model assessments. Note. This action should be added along with ListMetadataModelAssessments, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeMetadataModelAssessments", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:ListMetadataModelAssessments" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a route table", - "privilege": "DeleteRouteTable", + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model conversions. Note. This action should be added along with ListMetadataModelConversions, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeMetadataModelConversions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" + "condition_keys": [], + "dependent_actions": [ + "dms:ListMetadataModelConversions" ], - "dependent_actions": [], - "resource_type": "route-table*" - }, + "resource_type": "MigrationProject*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeMetadataModelExportsAsScript", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:ListMetadataModelExports" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a security group", - "privilege": "DeleteSecurityGroup", + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model exports. Note. This action should be added along with ListMetadataModelExports, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeMetadataModelExportsToTarget", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "condition_keys": [], + "dependent_actions": [ + "dms:ListMetadataModelExports" ], - "dependent_actions": [], - "resource_type": "security-group*" - }, + "resource_type": "MigrationProject*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about start metadata model import operations for a migration project", + "privilege": "DescribeMetadataModelImports", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a snapshot of an EBS volume", - "privilege": "DeleteSnapshot", + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a migration projects. Note. This action should be added along with ListMigrationProjects, but does not currently authorize the described Schema Conversion operation", + "privilege": "DescribeMigrationProjects", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "condition_keys": [], + "dependent_actions": [ + "dms:ListMigrationProjects" ], + "resource_type": "DataProvider" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "InstanceProfile" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a data feed for Spot Instances", - "privilege": "DeleteSpotDatafeedSubscription", + "access_level": "Read", + "description": "Grants permission to return information about the replication instance types that can be created in the specified region", + "privilege": "DescribeOrderableReplicationInstances", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a subnet", - "privilege": "DeleteSubnet", + "access_level": "Read", + "description": "Grants permission to return information about pending maintenance actions", + "privilege": "DescribePendingMaintenanceActions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a paginated list of descriptions of limitations for recommendations of target AWS engines", + "privilege": "DescribeRecommendationLimitations", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a subnet CIDR reservation", - "privilege": "DeleteSubnetCidrReservation", + "access_level": "Read", + "description": "Grants permission to return a paginated list of descriptions of target engine recommendations for your source databases", + "privilege": "DescribeRecommendations", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete one or more tags from Amazon EC2 resources", - "privilege": "DeleteTags", + "access_level": "Read", + "description": "Grants permission to returns the status of the RefreshSchemas operation", + "privilege": "DescribeRefreshSchemasStatus", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-reservation" - }, + "resource_type": "Endpoint*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe replication configs", + "privilege": "DescribeReplicationConfigs", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-reservation-fleet" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about the task logs for the specified task", + "privilege": "DescribeReplicationInstanceTaskLogs", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "carrier-gateway" + "resource_type": "ReplicationInstance*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "client-vpn-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about replication instances for your account in the current region", + "privilege": "DescribeReplicationInstances", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "coip-pool" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about the replication subnet groups", + "privilege": "DescribeReplicationSubnetGroups", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "customer-gateway" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe replication table statistics", + "privilege": "DescribeReplicationTableStatistics", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "dedicated-host" - }, + "resource_type": "ReplicationConfig*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the latest task assessment results from Amazon S3", + "privilege": "DescribeReplicationTaskAssessmentResults", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "dhcp-options" - }, + "resource_type": "ReplicationTask" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a paginated list of premigration assessment runs based on filter settings", + "privilege": "DescribeReplicationTaskAssessmentRuns", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "egress-only-internet-gateway" + "resource_type": "ReplicationInstance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "elastic-gpu" + "resource_type": "ReplicationTask" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "elastic-ip" - }, + "resource_type": "ReplicationTaskAssessmentRun" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a paginated list of individual assessments based on filter settings", + "privilege": "DescribeReplicationTaskIndividualAssessments", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "export-image-task" + "resource_type": "ReplicationTask" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "export-instance-task" - }, + "resource_type": "ReplicationTaskAssessmentRun" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about replication tasks for your account in the current region", + "privilege": "DescribeReplicationTasks", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe replications", + "privilege": "DescribeReplications", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "fpga-image" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about the schema for the specified endpoint", + "privilege": "DescribeSchemas", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "host-reservation" - }, + "resource_type": "Endpoint*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return table statistics on the database migration task, including table name, rows inserted, rows updated, and rows deleted", + "privilege": "DescribeTableStatistics", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image" - }, + "resource_type": "ReplicationTask*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a extension pack", + "privilege": "DisassociateExtensionPack", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "import-image-task" - }, + "resource_type": "MigrationProject*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to export the specified metadata model assessment", + "privilege": "ExportMetadataModelAssessment", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "import-snapshot-task" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all of the AWS DMS attributes for a metadata model. Note. Despite this action requires StartMetadataModelImport, the latter does not currently authorize the described Schema Conversion operation", + "privilege": "GetMetadataModel", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:StartMetadataModelImport" ], - "dependent_actions": [], - "resource_type": "instance" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload the specified certificate", + "privilege": "ImportCertificate", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "instance-connect-endpoint" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a data providers", + "privilege": "ListDataProviders", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeDataProviders" ], - "dependent_actions": [], - "resource_type": "instance-event-window" - }, + "resource_type": "DataProvider" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a extension packs", + "privilege": "ListExtensionPacks", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeExtensionPackAssociations" ], - "dependent_actions": [], - "resource_type": "internet-gateway" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a instance profiles", + "privilege": "ListInstanceProfiles", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeInstanceProfiles" ], - "dependent_actions": [], - "resource_type": "ipam" - }, + "resource_type": "InstanceProfile" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model assessment action items. Note. Despite this action requires StartMetadataModelImport, the latter does not currently authorize the described Schema Conversion operation", + "privilege": "ListMetadataModelAssessmentActionItems", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:StartMetadataModelImport" ], - "dependent_actions": [], - "resource_type": "ipam-pool" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model assessments", + "privilege": "ListMetadataModelAssessments", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeMetadataModelAssessments" ], - "dependent_actions": [], - "resource_type": "ipam-resource-discovery" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model conversions", + "privilege": "ListMetadataModelConversions", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeMetadataModelConversions" ], - "dependent_actions": [], - "resource_type": "ipam-resource-discovery-association" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a metadata model exports", + "privilege": "ListMetadataModelExports", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeMetadataModelExportsAsScript", + "dms:DescribeMetadataModelExportsToTarget" ], - "dependent_actions": [], - "resource_type": "ipam-scope" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the AWS DMS attributes for a migration projects. Note. Despite this action requires DescribeMigrationProjects and DescribeConversionConfiguration, both required actions do not currently authorize the described Schema Conversion operation", + "privilege": "ListMigrationProjects", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:DescribeConversionConfiguration", + "dms:DescribeMigrationProjects" ], - "dependent_actions": [], - "resource_type": "ipv4pool-ec2" + "resource_type": "DataProvider" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipv6pool-ec2" + "resource_type": "InstanceProfile" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "key-pair" - }, + "resource_type": "MigrationProject" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all tags for an AWS DMS resource", + "privilege": "ListTagsForResource", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-template" + "resource_type": "Certificate" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway" + "resource_type": "DataMigration" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table" + "resource_type": "DataProvider" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table-virtual-interface-group-association" + "resource_type": "Endpoint" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-route-table-vpc-association" + "resource_type": "EventSubscription" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface" + "resource_type": "InstanceProfile" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface-group" + "resource_type": "MigrationProject" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "natgateway" + "resource_type": "ReplicationConfig" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-acl" + "resource_type": "ReplicationInstance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-insights-access-scope" + "resource_type": "ReplicationSubnetGroup" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-insights-access-scope-analysis" - }, + "resource_type": "ReplicationTask" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a conversion configuration. Note. This action should be added along with UpdateConversionConfiguration, but does not currently authorize the described Schema Conversion operation", + "privilege": "ModifyConversionConfiguration", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:UpdateConversionConfiguration" ], - "dependent_actions": [], - "resource_type": "network-insights-analysis" - }, + "resource_type": "MigrationProject*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified database migration", + "privilege": "ModifyDataMigration", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "network-insights-path" - }, + "resource_type": "DataMigration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified data provider. Note. This action should be added along with UpdateDataProvider, but does not currently authorize the described Schema Conversion operation", + "privilege": "ModifyDataProvider", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "dms:UpdateDataProvider", + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "DataProvider*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified endpoint", + "privilege": "ModifyEndpoint", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "Endpoint*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "prefix-list" - }, + "resource_type": "Certificate" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing AWS DMS event notification subscription", + "privilege": "ModifyEventSubscription", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "replace-root-volume-task" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the name and description of the specified Fleet Advisor collector", + "privilege": "ModifyFleetAdvisorCollector", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "reserved-instances" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "route-table" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "security-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "security-group-rule" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "spot-fleet-request" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "spot-instances-request" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "subnet-cidr-reservation" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-session" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-target" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-connect-peer" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-policy-table" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table-announcement" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-endpoint" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-policy" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-trust-provider" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "volume" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-connection" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service-permission" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-flow-log" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-peering-connection" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-connection" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway" - }, - { - "condition_keys": [ - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -77849,21 +78275,11 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a traffic mirror filter", - "privilege": "DeleteTrafficMirrorFilter", + "description": "Grants permission to modify the status of the specified Fleet Advisor collector", + "privilege": "ModifyFleetAdvisorCollectorStatuses", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -77871,92 +78287,65 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a traffic mirror filter rule", - "privilege": "DeleteTrafficMirrorFilterRule", + "description": "Grants permission to modify the specified instance profile. Note. This action should be added along with UpdateInstanceProfile, but does not currently authorize the described Schema Conversion operation", + "privilege": "ModifyInstanceProfile", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter*" - }, { "condition_keys": [], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter-rule*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "dms:UpdateInstanceProfile", + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "InstanceProfile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a traffic mirror session", - "privilege": "DeleteTrafficMirrorSession", + "description": "Grants permission to modify the specified migration project. Note. This action should be added along with UpdateMigrationProject, but does not currently authorize the described Schema Conversion operation", + "privilege": "ModifyMigrationProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-session*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:UpdateMigrationProject", + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a traffic mirror target", - "privilege": "DeleteTrafficMirrorTarget", + "description": "Grants permission to modify the specified replication config", + "privilege": "ModifyReplicationConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "traffic-mirror-target*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationConfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a transit gateway", - "privilege": "DeleteTransitGateway", + "description": "Grants permission to modify the replication instance to apply new settings", + "privilege": "ModifyReplicationInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway*" - }, + "resource_type": "ReplicationInstance*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the settings for the specified replication subnet group", + "privilege": "ModifyReplicationSubnetGroup", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -77964,204 +78353,151 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a transit gateway connect attachment", - "privilege": "DeleteTransitGatewayConnect", + "description": "Grants permission to modify the specified replication task", + "privilege": "ModifyReplicationTask", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a transit gateway connect peer", - "privilege": "DeleteTransitGatewayConnectPeer", + "description": "Grants permission to move the specified replication task to a different replication instance", + "privilege": "MoveReplicationTask", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-connect-peer*" + "resource_type": "ReplicationInstance*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a transit gateway multicast domain", - "privilege": "DeleteTransitGatewayMulticastDomain", + "description": "Grants permission to reboot a replication instance. Rebooting results in a momentary outage, until the replication instance becomes available again", + "privilege": "RebootReplicationInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationInstance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a peering attachment from a transit gateway", - "privilege": "DeleteTransitGatewayPeeringAttachment", + "description": "Grants permission to populate the schema for the specified endpoint", + "privilege": "RefreshSchemas", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" + "resource_type": "Endpoint*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationInstance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a transit gateway policy table", - "privilege": "DeleteTransitGatewayPolicyTable", + "description": "Grants permission to reload the target database table with the source for a replication", + "privilege": "ReloadReplicationTables", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-policy-table*" - }, + "resource_type": "ReplicationConfig*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reload the target database table with the source data", + "privilege": "ReloadTables", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a transit gateway prefix list reference", - "privilege": "DeleteTransitGatewayPrefixListReference", + "access_level": "Tagging", + "description": "Grants permission to remove metadata tags from a DMS resource", + "privilege": "RemoveTagsFromResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "prefix-list*" + "resource_type": "Certificate" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "DataMigration" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a route from a transit gateway route table", - "privilege": "DeleteTransitGatewayRoute", - "resource_types": [ + "resource_type": "DataProvider" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "Endpoint" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a transit gateway route table", - "privilege": "DeleteTransitGatewayRouteTable", - "resource_types": [ + "resource_type": "EventSubscription" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "InstanceProfile" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a transit gateway route table announcement", - "privilege": "DeleteTransitGatewayRouteTableAnnouncement", - "resource_types": [ + "resource_type": "MigrationProject" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table-announcement*" + "resource_type": "ReplicationConfig" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationInstance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationSubnetGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationTask" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -78170,21 +78506,11 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a VPC attachment from a transit gateway", - "privilege": "DeleteTransitGatewayVpcAttachment", + "description": "Grants permission to run a large-scale assessment (LSA) analysis on every Fleet Advisor collector in your account", + "privilege": "RunFleetAdvisorLsaAnalysis", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -78192,216 +78518,113 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Verified Access endpoint", - "privilege": "DeleteVerifiedAccessEndpoint", + "description": "Grants permission to start the database migration", + "privilege": "StartDataMigration", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DataMigration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Verified Access group", - "privilege": "DeleteVerifiedAccessGroup", + "description": "Grants permission to associate an extension pack. Note. This action should be added along with AssociateExtensionPack, but does not currently authorize the described Schema Conversion operation", + "privilege": "StartExtensionPackAssociation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-group*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:AssociateExtensionPack" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Verified Access instance", - "privilege": "DeleteVerifiedAccessInstance", + "description": "Grants permission to start a new assessment of metadata model", + "privilege": "StartMetadataModelAssessment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a verified trust provider", - "privilege": "DeleteVerifiedAccessTrustProvider", + "description": "Grants permission to start a new conversion of metadata model", + "privilege": "StartMetadataModelConversion", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-trust-provider*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an EBS volume", - "privilege": "DeleteVolume", + "description": "Grants permission to start a new export of metadata model as script. Note. This action should be added along with StartMetadataModelExportAsScripts, but does not currently authorize the described Schema Conversion operation", + "privilege": "StartMetadataModelExportAsScript", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:StartMetadataModelExportAsScripts" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a VPC", - "privilege": "DeleteVpc", + "description": "Grants permission to start a new export of metadata model as script", + "privilege": "StartMetadataModelExportAsScripts", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:StartMetadataModelExportAsScript" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more VPC endpoint connection notifications", - "privilege": "DeleteVpcEndpointConnectionNotifications", + "description": "Grants permission to start a new export of metadata model to target", + "privilege": "StartMetadataModelExportToTarget", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more VPC endpoint service configurations", - "privilege": "DeleteVpcEndpointServiceConfigurations", + "description": "Grants permission to start a new import of metadata model", + "privilege": "StartMetadataModelImport", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more VPC endpoints", - "privilege": "DeleteVpcEndpoints", + "description": "Grants permission to start the analysis of your source database to provide recommendations of target engines", + "privilege": "StartRecommendations", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServiceName" - ], - "dependent_actions": [], - "resource_type": "vpc-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -78409,323 +78632,331 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a VPC peering connection", - "privilege": "DeleteVpcPeeringConnection", + "description": "Grants permission to start a replication", + "privilege": "StartReplication", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" - ], - "dependent_actions": [], - "resource_type": "vpc-peering-connection*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationConfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a VPN connection", - "privilege": "DeleteVpnConnection", + "description": "Grants permission to start the replication task", + "privilege": "StartReplicationTask", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a static route for a VPN connection between a virtual private gateway and a customer gateway", - "privilege": "DeleteVpnConnectionRoute", + "description": "Grants permission to start the replication task assessment for unsupported data types in the source database", + "privilege": "StartReplicationTaskAssessment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a virtual private gateway", - "privilege": "DeleteVpnGateway", + "description": "Grants permission to start a new premigration assessment run for one or more individual assessments of a migration task", + "privilege": "StartReplicationTaskAssessmentRun", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway*" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to release an IP address range that was provisioned through bring your own IP addresses (BYOIP), and to delete the corresponding address pool", - "privilege": "DeprovisionByoipCidr", + "description": "Grants permission to stop the database migration", + "privilege": "StopDataMigration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DataMigration*" } ] }, { "access_level": "Write", - "description": "Grants permission to deprovision a CIDR provisioned from an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "DeprovisionIpamPoolCidr", + "description": "Grants permission to stop a replication", + "privilege": "StopReplication", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationConfig*" } ] }, { "access_level": "Write", - "description": "Grants permission to deprovision a CIDR from a public IPv4 pool", - "privilege": "DeprovisionPublicIpv4PoolCidr", + "description": "Grants permission to stop the replication task", + "privilege": "StopReplicationTask", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipv4pool-ec2*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationTask*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister an Amazon Machine Image (AMI)", - "privilege": "DeregisterImage", + "access_level": "Read", + "description": "Grants permission to test the connection between the replication instance and the endpoint", + "privilege": "TestConnection", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "Endpoint*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationInstance*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove tags from the set of tags to include in notifications about scheduled events for your instances", - "privilege": "DeregisterInstanceEventNotificationAttributes", + "description": "Grants permission to update a conversion configuration", + "privilege": "UpdateConversionConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:ModifyConversionConfiguration" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister one or more network interface members from a group IP address in a transit gateway multicast domain", - "privilege": "DeregisterTransitGatewayMulticastGroupMembers", + "description": "Grants permission to update the specified data provider", + "privilege": "UpdateDataProvider", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:ModifyDataProvider" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "DataProvider*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister one or more network interface sources from a group IP address in a transit gateway multicast domain", - "privilege": "DeregisterTransitGatewayMulticastGroupSources", + "description": "Grants permission to update the specified instance profile", + "privilege": "UpdateInstanceProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:ModifyInstanceProfile" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "InstanceProfile*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the attributes of the AWS account", - "privilege": "DescribeAccountAttributes", + "access_level": "Write", + "description": "Grants permission to update the specified migration project", + "privilege": "UpdateMigrationProject", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dms:ModifyMigrationProject" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "MigrationProject*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an Elastic IP address transfer", - "privilege": "DescribeAddressTransfers", + "access_level": "Write", + "description": "Grants permission to migrate DMS subcriptions to Eventbridge", + "privilege": "UpdateSubscriptionsToEventBridge", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Elastic IP addresses", - "privilege": "DescribeAddresses", + "access_level": "Write", + "description": "Grants permission to upload files to your Amazon S3 bucket", + "privilege": "UploadFileMetadataList", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:cert:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:cert-tag/${TagKey}" + ], + "resource": "Certificate" }, { - "access_level": "List", - "description": "Grants permission to describe the attributes of the specified Elastic IP addresses", - "privilege": "DescribeAddressesAttribute", + "arn": "arn:${Partition}:dms:${Region}:${Account}:data-provider:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:data-provider-tag/${TagKey}" + ], + "resource": "DataProvider" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:data-migration:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:data-migration-tag/${TagKey}" + ], + "resource": "DataMigration" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:endpoint:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:endpoint-tag/${TagKey}" + ], + "resource": "Endpoint" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:es:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:es-tag/${TagKey}" + ], + "resource": "EventSubscription" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:instance-profile:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:instance-profile-tag/${TagKey}" + ], + "resource": "InstanceProfile" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:migration-project:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:migration-project-tag/${TagKey}" + ], + "resource": "MigrationProject" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:replication-config:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:replication-config-tag/${TagKey}" + ], + "resource": "ReplicationConfig" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:rep:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:rep-tag/${TagKey}" + ], + "resource": "ReplicationInstance" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:subgrp:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:subgrp-tag/${TagKey}" + ], + "resource": "ReplicationSubnetGroup" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:task:*", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "dms:task-tag/${TagKey}" + ], + "resource": "ReplicationTask" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:assessment-run:*", + "condition_keys": [], + "resource": "ReplicationTaskAssessmentRun" + }, + { + "arn": "arn:${Partition}:dms:${Region}:${Account}:individual-assessment:*", + "condition_keys": [], + "resource": "ReplicationTaskIndividualAssessment" + } + ], + "service_name": "AWS Database Migration Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the set of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the set of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the set of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "docdb-elastic", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to copy a new Amazon DocDB-Elastic cluster snapshot", + "privilege": "CopyClusterSnapshot", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "docdb-elastic:CreateClusterSnapshot", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey" ], - "dependent_actions": [], - "resource_type": "elastic-ip" + "resource_type": "cluster-snapshot*" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78733,41 +78964,80 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the longer ID format settings for all resource types", - "privilege": "DescribeAggregateIdFormat", + "access_level": "Write", + "description": "Grants permission to create a new Amazon DocDB-Elastic cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint", + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:ListSecrets" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more of the Availability Zones that are available to you", - "privilege": "DescribeAvailabilityZones", + "access_level": "Write", + "description": "Grants permission to create a new Amazon DocDB-Elastic cluster snapshot", + "privilege": "CreateClusterSnapshot", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint", + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:ListSecrets" ], + "resource_type": "cluster*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the current infrastructure performance metric subscriptions", - "privilege": "DescribeAwsNetworkPerformanceMetricSubscriptions", - "resource_types": [ + "resource_type": "cluster-snapshot*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78775,13 +79045,27 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more bundling tasks", - "privilege": "DescribeBundleTasks", + "access_level": "Write", + "description": "Grants permission to delete a cluster", + "privilege": "DeleteCluster", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint" + ], + "resource_type": "cluster*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78789,13 +79073,27 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the IP address ranges that were provisioned through bring your own IP addresses (BYOIP)", - "privilege": "DescribeByoipCidrs", + "access_level": "Write", + "description": "Grants permission to delete a cluster snapshot", + "privilege": "DeleteClusterSnapshot", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint" + ], + "resource_type": "cluster-snapshot*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78803,13 +79101,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Capacity Reservation Fleets", - "privilege": "DescribeCapacityReservationFleets", + "access_level": "Read", + "description": "Grants permission to view details about a cluster", + "privilege": "GetCluster", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78817,13 +79120,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Capacity Reservations", - "privilege": "DescribeCapacityReservations", + "access_level": "Read", + "description": "Grants permission to view details about a cluster snapshot", + "privilege": "GetClusterSnapshot", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-snapshot*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78832,13 +79140,11 @@ }, { "access_level": "List", - "description": "Grants permission to describe one or more Carrier Gateways", - "privilege": "DescribeCarrierGateways", + "description": "Grants permission to list the cluster snapshots in your account", + "privilege": "ListClusterSnapshots", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -78846,13 +79152,11 @@ }, { "access_level": "List", - "description": "Grants permission to describe one or more linked EC2-Classic instances", - "privilege": "DescribeClassicLinkInstances", + "description": "Grants permission to list the clusters in your account", + "privilege": "ListClusters", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -78860,20 +79164,22 @@ }, { "access_level": "List", - "description": "Grants permission to describe the authorization rules for a Client VPN endpoint", - "privilege": "DescribeClientVpnAuthorizationRules", + "description": "Grants permission to lists tag for an DocumentDB Elastic resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-snapshot" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78881,27 +79187,46 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe active client connections and connections that have been terminated within the last 60 minutes for a Client VPN endpoint", - "privilege": "DescribeClientVpnConnections", + "access_level": "Write", + "description": "Grants permission to restore cluster from a Amazon DocDB-Elastic cluster snapshot", + "privilege": "RestoreClusterFromSnapshot", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" + "condition_keys": [], + "dependent_actions": [ + "docdb-elastic:CreateCluster", + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint", + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:ListSecrets" ], + "resource_type": "cluster*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "cluster-snapshot*" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78909,27 +79234,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Client VPN endpoints", - "privilege": "DescribeClientVpnEndpoints", + "access_level": "Write", + "description": "Grants permission to start a stopped Amazon DocDB-Elastic cluster", + "privilege": "StartCluster", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint" + "resource_type": "cluster*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78937,27 +79253,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the routes for a Client VPN endpoint", - "privilege": "DescribeClientVpnRoutes", + "access_level": "Write", + "description": "Grants permission to stop an existing Amazon DocDB-Elastic cluster", + "privilege": "StopCluster", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "cluster*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78965,27 +79272,25 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the target networks that are associated with a Client VPN endpoint", - "privilege": "DescribeClientVpnTargetNetworks", + "access_level": "Tagging", + "description": "Grants permission to tag an DocumentDB Elastic resource", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-snapshot" }, { "condition_keys": [ - "ec2:Region" + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -78993,13 +79298,23 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified customer-owned address pools or all of your customer-owned address pools", - "privilege": "DescribeCoipPools", + "access_level": "Tagging", + "description": "Grants permission to untag a DocumentDB Elastic resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-snapshot" + }, { "condition_keys": [ - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79007,41 +79322,129 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more conversion tasks", - "privilege": "DescribeConversionTasks", + "access_level": "Write", + "description": "Grants permission to modify a cluster", + "privilege": "UpdateCluster", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:ListSecrets" + ], + "resource_type": "cluster*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:docdb-elastic:${Region}:${Account}:cluster/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" }, { - "access_level": "List", - "description": "Grants permission to describe one or more customer gateways", - "privilege": "DescribeCustomerGateways", + "arn": "arn:${Partition}:docdb-elastic:${Region}:${Account}:cluster-snapshot/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster-snapshot" + } + ], + "service_name": "Amazon DocumentDB Elastic Clusters" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "drs:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" + }, + { + "condition": "drs:EC2InstanceARN", + "description": "Filters access by the EC2 instance the request originated from", + "type": "ARN" + } + ], + "prefix": "drs", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to get associate failback client to recovery instance", + "privilege": "AssociateFailbackClientToRecoveryInstanceForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more DHCP options sets", - "privilege": "DescribeDhcpOptions", + "access_level": "Write", + "description": "Grants permission to associate CloudFormation stack with source network", + "privilege": "AssociateSourceNetworkStack", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStacks", + "drs:GetLaunchConfiguration", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyLaunchTemplate" + ], + "resource_type": "SourceNetworkResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79049,41 +79452,48 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more egress-only internet gateways", - "privilege": "DescribeEgressOnlyInternetGateways", + "access_level": "Write", + "description": "Grants permission to batch create volume snapshot group", + "privilege": "BatchCreateVolumeSnapshotGroupForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an Elastic Graphics accelerator that is associated with an instance", - "privilege": "DescribeElasticGpus", + "access_level": "Write", + "description": "Grants permission to batch delete snapshot request", + "privilege": "BatchDeleteSnapshotRequestForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more export image tasks", - "privilege": "DescribeExportImageTasks", + "access_level": "Write", + "description": "Grants permission to create converted snapshot", + "privilege": "CreateConvertedSnapshotForDrs", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79091,40 +79501,32 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more export instance tasks", - "privilege": "DescribeExportTasks", + "access_level": "Write", + "description": "Grants permission to extend a source server", + "privilege": "CreateExtendedSourceServer", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "drs:DescribeSourceServers", + "drs:GetReplicationConfiguration" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe fast-launch enabled Windows AMIs", - "privilege": "DescribeFastLaunchImages", + "access_level": "Write", + "description": "Grants permission to create launch configuration template", + "privilege": "CreateLaunchConfigurationTemplate", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image" - }, - { - "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79132,13 +79534,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the state of fast snapshot restores for snapshots", - "privilege": "DescribeFastSnapshotRestores", + "access_level": "Write", + "description": "Grants permission to create recovery instance", + "privilege": "CreateRecoveryInstanceForDrs", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79146,57 +79554,55 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the events for an EC2 Fleet during a specified time", - "privilege": "DescribeFleetHistory", + "access_level": "Write", + "description": "Grants permission to create replication configuration template", + "privilege": "CreateReplicationConfigurationTemplate", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:GetEbsEncryptionByDefault", + "kms:CreateGrant", + "kms:DescribeKey" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the running instances for an EC2 Fleet", - "privilege": "DescribeFleetInstances", + "access_level": "Write", + "description": "Grants permission to create a source network", + "privilege": "CreateSourceNetwork", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "ec2:DescribeInstances", + "ec2:DescribeVpcs" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more EC2 Fleets", - "privilege": "DescribeFleets", + "access_level": "Write", + "description": "Grants permission to create a source server", + "privilege": "CreateSourceServerForDrs", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79204,324 +79610,259 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more flow logs", - "privilege": "DescribeFlowLogs", + "access_level": "Write", + "description": "Grants permission to delete a job", + "privilege": "DeleteJob", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "JobResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the attributes of an Amazon FPGA Image (AFI)", - "privilege": "DescribeFpgaImageAttribute", + "access_level": "Write", + "description": "Grants permission to delete a launch action", + "privilege": "DeleteLaunchAction", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "fpga-image*" + "resource_type": "LaunchConfigurationTemplateResource" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Amazon FPGA Images (AFIs)", - "privilege": "DescribeFpgaImages", + "access_level": "Write", + "description": "Grants permission to delete launch configuration template", + "privilege": "DeleteLaunchConfigurationTemplate", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LaunchConfigurationTemplateResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the Dedicated Host Reservations that are available to purchase", - "privilege": "DescribeHostReservationOfferings", + "access_level": "Write", + "description": "Grants permission to delete recovery instance", + "privilege": "DeleteRecoveryInstance", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the Dedicated Host Reservations that are associated with Dedicated Hosts in the AWS account", - "privilege": "DescribeHostReservations", + "access_level": "Write", + "description": "Grants permission to delete replication configuration template", + "privilege": "DeleteReplicationConfigurationTemplate", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationConfigurationTemplateResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Dedicated Hosts", - "privilege": "DescribeHosts", + "access_level": "Write", + "description": "Grants permission to delete source network", + "privilege": "DeleteSourceNetwork", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceNetworkResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the IAM instance profile associations", - "privilege": "DescribeIamInstanceProfileAssociations", + "access_level": "Write", + "description": "Grants permission to delete source server", + "privilege": "DeleteSourceServer", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the ID format settings for resources", - "privilege": "DescribeIdFormat", + "access_level": "Read", + "description": "Grants permission to describe job log items", + "privilege": "DescribeJobLogItems", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "JobResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the ID format settings for resources for an IAM user, IAM role, or root user", - "privilege": "DescribeIdentityIdFormat", + "access_level": "Read", + "description": "Grants permission to describe jobs", + "privilege": "DescribeJobs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an attribute of an Amazon Machine Image (AMI)", - "privilege": "DescribeImageAttribute", + "access_level": "Read", + "description": "Grants permission to describe launch configuration template", + "privilege": "DescribeLaunchConfigurationTemplates", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more images (AMIs, AKIs, and ARIs)", - "privilege": "DescribeImages", + "access_level": "Read", + "description": "Grants permission to describe recovery instances", + "privilege": "DescribeRecoveryInstances", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "drs:DescribeSourceServers", + "ec2:DescribeInstances" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe import virtual machine or import snapshot tasks", - "privilege": "DescribeImportImageTasks", + "access_level": "Read", + "description": "Grants permission to describe recovery snapshots", + "privilege": "DescribeRecoverySnapshots", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe import snapshot tasks", - "privilege": "DescribeImportSnapshotTasks", + "access_level": "Read", + "description": "Grants permission to describe replication configuration template", + "privilege": "DescribeReplicationConfigurationTemplates", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the attributes of an instance", - "privilege": "DescribeInstanceAttribute", + "access_level": "Read", + "description": "Grants permission to describe replication server associations", + "privilege": "DescribeReplicationServerAssociationsForDrs", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe EC2 Instance Connect Endpoints", - "privilege": "DescribeInstanceConnectEndpoints", + "access_level": "Read", + "description": "Grants permission to describe snapshot requests", + "privilege": "DescribeSnapshotRequestsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the credit option for CPU usage of one or more burstable performance instances", - "privilege": "DescribeInstanceCreditSpecifications", + "access_level": "Read", + "description": "Grants permission to describe source networks", + "privilege": "DescribeSourceNetworks", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the set of tags to include in notifications about scheduled events for your instances", - "privilege": "DescribeInstanceEventNotificationAttributes", + "access_level": "Read", + "description": "Grants permission to describe source servers", + "privilege": "DescribeSourceServers", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified event windows or all event windows", - "privilege": "DescribeInstanceEventWindows", + "access_level": "Write", + "description": "Grants permission to disconnect recovery instance", + "privilege": "DisconnectRecoveryInstance", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the status of one or more instances", - "privilege": "DescribeInstanceStatus", + "access_level": "Write", + "description": "Grants permission to disconnect source server", + "privilege": "DisconnectSourceServer", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the set of instance types that are offered in a location", - "privilege": "DescribeInstanceTypeOfferings", + "access_level": "Write", + "description": "Grants permission to export CloudFormation template which contains source network resources", + "privilege": "ExportSourceNetworkCfnTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:GetBucketLocation", + "s3:GetObject", + "s3:PutObject" + ], + "resource_type": "SourceNetworkResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79529,447 +79870,428 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the details of instance types that are offered in a location", - "privilege": "DescribeInstanceTypes", + "access_level": "Read", + "description": "Grants permission to get agent command", + "privilege": "GetAgentCommandForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more instances", - "privilege": "DescribeInstances", + "access_level": "Read", + "description": "Grants permission to get agent confirmed resume info", + "privilege": "GetAgentConfirmedResumeInfoForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe one or more internet gateways", - "privilege": "DescribeInternetGateways", - "resource_types": [ + "resource_type": "RecoveryInstanceResource*" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) pools", - "privilege": "DescribeIpamPools", + "access_level": "Read", + "description": "Grants permission to get agent installation assets", + "privilege": "GetAgentInstallationAssetsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe IPAM resource discoveries", - "privilege": "DescribeIpamResourceDiscoveries", + "access_level": "Read", + "description": "Grants permission to get agent replication info", + "privilege": "GetAgentReplicationInfoForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe resource discovery associations with an Amazon VPC IPAM", - "privilege": "DescribeIpamResourceDiscoveryAssociations", - "resource_types": [ + "resource_type": "RecoveryInstanceResource*" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) scopes", - "privilege": "DescribeIpamScopes", + "access_level": "Read", + "description": "Grants permission to get agent runtime configuration", + "privilege": "GetAgentRuntimeConfigurationForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe an Amazon VPC IP Address Manager (IPAM)", - "privilege": "DescribeIpams", - "resource_types": [ + "resource_type": "RecoveryInstanceResource*" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more IPv6 address pools", - "privilege": "DescribeIpv6Pools", + "access_level": "Read", + "description": "Grants permission to get agent snapshot credits", + "privilege": "GetAgentSnapshotCreditsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more key pairs", - "privilege": "DescribeKeyPairs", + "access_level": "Read", + "description": "Grants permission to get channel commands", + "privilege": "GetChannelCommandsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more launch template versions", - "privilege": "DescribeLaunchTemplateVersions", + "access_level": "Read", + "description": "Grants permission to get failback command", + "privilege": "GetFailbackCommandForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more launch templates", - "privilege": "DescribeLaunchTemplates", + "access_level": "Read", + "description": "Grants permission to get failback launch requested", + "privilege": "GetFailbackLaunchRequestedForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to allow a service to describe local gateway route table permissions", - "privilege": "DescribeLocalGatewayRouteTablePermissions", + "access_level": "Read", + "description": "Grants permission to get failback replication configuration", + "privilege": "GetFailbackReplicationConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the associations between virtual interface groups and local gateway route tables", - "privilege": "DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "access_level": "Read", + "description": "Grants permission to get launch configuration", + "privilege": "GetLaunchConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an association between VPCs and local gateway route tables", - "privilege": "DescribeLocalGatewayRouteTableVpcAssociations", + "access_level": "Read", + "description": "Grants permission to get replication configuration", + "privilege": "GetReplicationConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more local gateway route tables", - "privilege": "DescribeLocalGatewayRouteTables", + "access_level": "Read", + "description": "Grants permission to get suggested failback client device mapping", + "privilege": "GetSuggestedFailbackClientDeviceMappingForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe local gateway virtual interface groups", - "privilege": "DescribeLocalGatewayVirtualInterfaceGroups", + "access_level": "Write", + "description": "Grants permission to initialize service", + "privilege": "InitializeService", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:CreateServiceLinkedRole", + "iam:GetInstanceProfile" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe local gateway virtual interfaces", - "privilege": "DescribeLocalGatewayVirtualInterfaces", + "access_level": "Write", + "description": "Grants permission to issue an agent certificate", + "privilege": "IssueAgentCertificateForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more local gateways", - "privilege": "DescribeLocalGateways", + "access_level": "Read", + "description": "Grants permission to list extensible source servers", + "privilege": "ListExtensibleSourceServers", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "drs:DescribeSourceServers" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe your managed prefix lists and any AWS-managed prefix lists", - "privilege": "DescribeManagedPrefixLists", + "access_level": "Read", + "description": "Grants permission to list launch actions", + "privilege": "ListLaunchActions", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LaunchConfigurationTemplateResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource" } ] }, { - "access_level": "List", - "description": "Grants permission to describe Elastic IP addresses that are being moved to the EC2-VPC platform", - "privilege": "DescribeMovingAddresses", + "access_level": "Read", + "description": "Grants permission to list staging accounts", + "privilege": "ListStagingAccounts", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more NAT gateways", - "privilege": "DescribeNatGateways", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more network ACLs", - "privilege": "DescribeNetworkAcls", + "access_level": "Write", + "description": "Grants permission to notify agent authentication", + "privilege": "NotifyAgentAuthenticationForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Network Access Scope analyses", - "privilege": "DescribeNetworkInsightsAccessScopeAnalyses", + "access_level": "Write", + "description": "Grants permission to notify agent is connected", + "privilege": "NotifyAgentConnectedForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the Network Access Scopes", - "privilege": "DescribeNetworkInsightsAccessScopes", + "access_level": "Write", + "description": "Grants permission to notify agent is disconnected", + "privilege": "NotifyAgentDisconnectedForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more network insights analyses", - "privilege": "DescribeNetworkInsightsAnalyses", + "access_level": "Write", + "description": "Grants permission to notify agent replication progress", + "privilege": "NotifyAgentReplicationProgressForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more network insights paths", - "privilege": "DescribeNetworkInsightsPaths", + "access_level": "Write", + "description": "Grants permission to notify consistency attained", + "privilege": "NotifyConsistencyAttainedForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe a network interface attribute", - "privilege": "DescribeNetworkInterfaceAttribute", + "access_level": "Write", + "description": "Grants permission to notify replication server authentication", + "privilege": "NotifyReplicationServerAuthenticationForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the permissions that are associated with a network interface", - "privilege": "DescribeNetworkInterfacePermissions", + "access_level": "Write", + "description": "Grants permission to notify replicator volume events", + "privilege": "NotifyVolumeEventForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more network interfaces", - "privilege": "DescribeNetworkInterfaces", + "access_level": "Write", + "description": "Grants permission to put a launch action", + "privilege": "PutLaunchAction", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ssm:DescribeDocument" ], + "resource_type": "LaunchConfigurationTemplateResource" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more placement groups", - "privilege": "DescribePlacementGroups", + "access_level": "Write", + "description": "Grants permission to retry data replication", + "privilege": "RetryDataReplication", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe available AWS services in a prefix list format", - "privilege": "DescribePrefixLists", + "access_level": "Write", + "description": "Grants permission to reverse replication", + "privilege": "ReverseReplication", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "drs:DescribeReplicationConfigurationTemplates", + "drs:DescribeSourceServers", + "ec2:DescribeInstances" + ], + "resource_type": "RecoveryInstanceResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -79977,97 +80299,101 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference", - "privilege": "DescribePrincipalIdFormat", + "access_level": "Write", + "description": "Grants permission to send agent logs", + "privilege": "SendAgentLogsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more IPv4 address pools", - "privilege": "DescribePublicIpv4Pools", + "access_level": "Write", + "description": "Grants permission to send agent metrics", + "privilege": "SendAgentMetricsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more AWS Regions that are currently available in your account", - "privilege": "DescribeRegions", + "access_level": "Write", + "description": "Grants permission to send channel command result", + "privilege": "SendChannelCommandResultForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe a root volume replacement task", - "privilege": "DescribeReplaceRootVolumeTasks", + "access_level": "Write", + "description": "Grants permission to send client logs", + "privilege": "SendClientLogsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more purchased Reserved Instances in your account", - "privilege": "DescribeReservedInstances", + "access_level": "Write", + "description": "Grants permission to send client metrics", + "privilege": "SendClientMetricsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe your account's Reserved Instance listings in the Reserved Instance Marketplace", - "privilege": "DescribeReservedInstancesListings", + "access_level": "Write", + "description": "Grants permission to send volume throughput statistics", + "privilege": "SendVolumeStatsForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the modifications made to one or more Reserved Instances", - "privilege": "DescribeReservedInstancesModifications", + "access_level": "Write", + "description": "Grants permission to start failback launch", + "privilege": "StartFailbackLaunch", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RecoveryInstanceResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80075,13 +80401,55 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the Reserved Instance offerings that are available for purchase", - "privilege": "DescribeReservedInstancesOfferings", + "access_level": "Write", + "description": "Grants permission to start recovery", + "privilege": "StartRecovery", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "drs:CreateRecoveryInstanceForDrs", + "drs:ListTagsForResource", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:CreateSnapshot", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DeleteSnapshot", + "ec2:DeleteVolume", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyLaunchTemplate", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "iam:PassRole" + ], + "resource_type": "SourceServerResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80089,27 +80457,46 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more route tables", - "privilege": "DescribeRouteTables", + "access_level": "Write", + "description": "Grants permission to start replication", + "privilege": "StartReplication", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to find available schedules for Scheduled Instances", - "privilege": "DescribeScheduledInstanceAvailability", + "access_level": "Write", + "description": "Grants permission to start network recovery", + "privilege": "StartSourceNetworkRecovery", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "cloudformation:CreateStack", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStacks", + "cloudformation:UpdateStack", + "drs:GetLaunchConfiguration", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyLaunchTemplate", + "s3:GetObject", + "s3:PutObject" + ], + "resource_type": "SourceNetworkResource*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80117,149 +80504,93 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Scheduled Instances in your account", - "privilege": "DescribeScheduledInstances", + "access_level": "Write", + "description": "Grants permission to start network replication", + "privilege": "StartSourceNetworkReplication", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceNetworkResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the VPCs on the other side of a VPC peering connection that are referencing specified VPC security groups", - "privilege": "DescribeSecurityGroupReferences", + "access_level": "Write", + "description": "Grants permission to stop failback", + "privilege": "StopFailback", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more of your security group rules", - "privilege": "DescribeSecurityGroupRules", + "access_level": "Write", + "description": "Grants permission to stop replication", + "privilege": "StopReplication", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more security groups", - "privilege": "DescribeSecurityGroups", + "access_level": "Write", + "description": "Grants permission to stop network replication", + "privilege": "StopSourceNetworkReplication", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceNetworkResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an attribute of a snapshot", - "privilege": "DescribeSnapshotAttribute", + "access_level": "Tagging", + "description": "Grants permission to assign a resource tag", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Encrypted", - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "JobResource" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the storage tier status for Amazon EBS snapshots", - "privilege": "DescribeSnapshotTierStatus", - "resource_types": [ + "resource_type": "LaunchConfigurationTemplateResource" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe one or more EBS snapshots", - "privilege": "DescribeSnapshots", - "resource_types": [ + "resource_type": "RecoveryInstanceResource" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the data feed for Spot Instances", - "privilege": "DescribeSpotDatafeedSubscription", - "resource_types": [ + "resource_type": "ReplicationConfigurationTemplateResource" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the running instances for a Spot Fleet", - "privilege": "DescribeSpotFleetInstances", - "resource_types": [ + "resource_type": "SourceNetworkResource" + }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "spot-fleet-request*" + "resource_type": "SourceServerResource" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "drs:CreateAction" ], "dependent_actions": [], "resource_type": "" @@ -80267,21 +80598,25 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the events for a Spot Fleet request during a specified time", - "privilege": "DescribeSpotFleetRequestHistory", + "access_level": "Write", + "description": "Grants permission to terminate recovery instances", + "privilege": "TerminateRecoveryInstances", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "drs:DescribeSourceServers", + "ec2:DeleteVolume", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:TerminateInstances" ], - "dependent_actions": [], - "resource_type": "spot-fleet-request*" + "resource_type": "RecoveryInstanceResource*" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80289,55 +80624,43 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more Spot Fleet requests", - "privilege": "DescribeSpotFleetRequests", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe one or more Spot Instance requests", - "privilege": "DescribeSpotInstanceRequests", - "resource_types": [ + "resource_type": "JobResource" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the Spot Instance price history", - "privilege": "DescribeSpotPriceHistory", - "resource_types": [ + "resource_type": "LaunchConfigurationTemplateResource" + }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the stale security group rules for security groups in a specified VPC", - "privilege": "DescribeStaleSecurityGroups", - "resource_types": [ + "resource_type": "RecoveryInstanceResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationConfigurationTemplateResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceNetworkResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource" + }, { "condition_keys": [ - "ec2:Region" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80345,237 +80668,337 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the progress of the AMI store tasks", - "privilege": "DescribeStoreImageTasks", + "access_level": "Write", + "description": "Grants permission to update agent backlog", + "privilege": "UpdateAgentBacklogForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more subnets", - "privilege": "DescribeSubnets", + "access_level": "Write", + "description": "Grants permission to update agent conversion info", + "privilege": "UpdateAgentConversionInfoForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more tags for an Amazon EC2 resource", - "privilege": "DescribeTags", + "access_level": "Write", + "description": "Grants permission to update agent replication info", + "privilege": "UpdateAgentReplicationInfoForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more traffic mirror filters", - "privilege": "DescribeTrafficMirrorFilters", + "access_level": "Write", + "description": "Grants permission to update agent replication process state", + "privilege": "UpdateAgentReplicationProcessStateForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more traffic mirror sessions", - "privilege": "DescribeTrafficMirrorSessions", + "access_level": "Write", + "description": "Grants permission to update agent source properties", + "privilege": "UpdateAgentSourcePropertiesForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more traffic mirror targets", - "privilege": "DescribeTrafficMirrorTargets", + "access_level": "Write", + "description": "Grants permission to update failback client device mapping", + "privilege": "UpdateFailbackClientDeviceMappingForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more attachments between resources and transit gateways", - "privilege": "DescribeTransitGatewayAttachments", + "access_level": "Write", + "description": "Grants permission to update failback client last seen", + "privilege": "UpdateFailbackClientLastSeenForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more transit gateway connect peers", - "privilege": "DescribeTransitGatewayConnectPeers", + "access_level": "Write", + "description": "Grants permission to update failback replication configuration", + "privilege": "UpdateFailbackReplicationConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more transit gateway connect attachments", - "privilege": "DescribeTransitGatewayConnects", + "access_level": "Write", + "description": "Grants permission to update launch configuration", + "privilege": "UpdateLaunchConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeInstances" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more transit gateway multicast domains", - "privilege": "DescribeTransitGatewayMulticastDomains", + "access_level": "Write", + "description": "Grants permission to update launch configuration", + "privilege": "UpdateLaunchConfigurationTemplate", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LaunchConfigurationTemplateResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more transit gateway peering attachments", - "privilege": "DescribeTransitGatewayPeeringAttachments", + "access_level": "Write", + "description": "Grants permission to update a replication certificate", + "privilege": "UpdateReplicationCertificateForDrs", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RecoveryInstanceResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe a transit gateway policy table", - "privilege": "DescribeTransitGatewayPolicyTables", + "access_level": "Write", + "description": "Grants permission to update replication configuration", + "privilege": "UpdateReplicationConfiguration", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:GetEbsEncryptionByDefault", + "kms:CreateGrant", + "kms:DescribeKey" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe a transit gateway route table announcement", - "privilege": "DescribeTransitGatewayRouteTableAnnouncements", + "access_level": "Write", + "description": "Grants permission to update replication configuration template", + "privilege": "UpdateReplicationConfigurationTemplate", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:GetEbsEncryptionByDefault", + "kms:CreateGrant", + "kms:DescribeKey" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "ReplicationConfigurationTemplateResource*" } ] - }, - { - "access_level": "List", - "description": "Grants permission to describe one or more transit gateway route tables", - "privilege": "DescribeTransitGatewayRouteTables", + } + ], + "resources": [ + { + "arn": "arn:${Partition}:drs:${Region}:${Account}:job/${JobID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "JobResource" + }, + { + "arn": "arn:${Partition}:drs:${Region}:${Account}:recovery-instance/${RecoveryInstanceID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "drs:EC2InstanceARN" + ], + "resource": "RecoveryInstanceResource" + }, + { + "arn": "arn:${Partition}:drs:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ReplicationConfigurationTemplateResource" + }, + { + "arn": "arn:${Partition}:drs:${Region}:${Account}:launch-configuration-template/${LaunchConfigurationTemplateID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "LaunchConfigurationTemplateResource" + }, + { + "arn": "arn:${Partition}:drs:${Region}:${Account}:source-server/${SourceServerID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "SourceServerResource" + }, + { + "arn": "arn:${Partition}:drs:${Region}:${Account}:source-network/${SourceNetworkID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "SourceNetworkResource" + } + ], + "service_name": "AWS Elastic Disaster Recovery" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the value of the request to AWS DS", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the AWS DS Resource being acted upon", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "ds", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept a directory sharing request that was sent from the directory owner account", + "privilege": "AcceptSharedDirectory", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more VPC attachments on a transit gateway", - "privilege": "DescribeTransitGatewayVpcAttachments", + "access_level": "Write", + "description": "Grants permission to add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services", + "privilege": "AddIpRoutes", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeSecurityGroups" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more transit gateways", - "privilege": "DescribeTransitGateways", + "access_level": "Write", + "description": "Grants permission to add two domain controllers in the specified Region for the specified directory", + "privilege": "AddRegion", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more network interface trunk associations", - "privilege": "DescribeTrunkInterfaceAssociations", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for the specified Amazon Directory Services directory", + "privilege": "AddTagsToResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "directory*" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80583,141 +81006,134 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified Verified Access endpoints or all Verified Access endpoints", - "privilege": "DescribeVerifiedAccessEndpoints", + "access_level": "Write", + "description": "Grants permission to authorize an application for your AWS Directory", + "privilege": "AuthorizeApplication", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified Verified Access groups or all Verified Access groups", - "privilege": "DescribeVerifiedAccessGroups", + "access_level": "Write", + "description": "Grants permission to cancel an in-progress schema extension to a Microsoft AD directory", + "privilege": "CancelSchemaExtension", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the current logging configuration for the Verified Access instances", - "privilege": "DescribeVerifiedAccessInstanceLoggingConfigurations", + "access_level": "Read", + "description": "Grants permission to verify that the alias is available for use", + "privilege": "CheckAlias", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the AWS Web Application Firewall (WAF) web access control list (ACL) associations for a Verified Access instance", - "privilege": "DescribeVerifiedAccessInstanceWebAclAssociations", + "access_level": "Write", + "description": "Grants permission to create an AD Connector to connect to an on-premises directory", + "privilege": "ConnectDirectory", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified Verified Access instances or all Verified Access instances", - "privilege": "DescribeVerifiedAccessInstances", + "access_level": "Write", + "description": "Grants permission to create an alias for a directory and assigns the alias to the directory", + "privilege": "CreateAlias", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe details of existing Verified Access trust providers", - "privilege": "DescribeVerifiedAccessTrustProviders", + "access_level": "Write", + "description": "Grants permission to create a computer account in the specified directory, and joins the computer to the directory", + "privilege": "CreateComputer", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an attribute of an EBS volume", - "privilege": "DescribeVolumeAttribute", + "access_level": "Write", + "description": "Grants permission to create a conditional forwarder associated with your AWS directory", + "privilege": "CreateConditionalForwarder", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the status of one or more EBS volumes", - "privilege": "DescribeVolumeStatus", + "access_level": "Write", + "description": "Grants permission to create a Simple AD directory", + "privilege": "CreateDirectory", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more EBS volumes", - "privilege": "DescribeVolumes", + "access_level": "Write", + "description": "Grants permission to create an IdentityPool Directory in the AWS cloud", + "privilege": "CreateIdentityPoolDirectory", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -80725,862 +81141,619 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the current modification status of one or more EBS volumes", - "privilege": "DescribeVolumesModifications", + "access_level": "Write", + "description": "Grants permission to create a subscription to forward real time Directory Service domain controller security logs to the specified CloudWatch log group in your AWS account", + "privilege": "CreateLogSubscription", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe an attribute of a VPC", - "privilege": "DescribeVpcAttribute", + "access_level": "Write", + "description": "Grants permission to create a Microsoft AD in the AWS cloud", + "privilege": "CreateMicrosoftAD", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the ClassicLink status of one or more VPCs", - "privilege": "DescribeVpcClassicLink", + "access_level": "Write", + "description": "Grants permission to create a snapshot of a Simple AD or Microsoft AD directory in the AWS cloud", + "privilege": "CreateSnapshot", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the ClassicLink DNS support status of one or more VPCs", - "privilege": "DescribeVpcClassicLinkDnsSupport", + "access_level": "Write", + "description": "Grants permission to initiate the creation of the AWS side of a trust relationship between a Microsoft AD in the AWS cloud and an external domain", + "privilege": "CreateTrust", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the connection notifications for VPC endpoints and VPC endpoint services", - "privilege": "DescribeVpcEndpointConnectionNotifications", + "access_level": "Write", + "description": "Grants permission to delete a conditional forwarder that has been set up for your AWS directory", + "privilege": "DeleteConditionalForwarder", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the VPC endpoint connections to your VPC endpoint services", - "privilege": "DescribeVpcEndpointConnections", + "access_level": "Write", + "description": "Grants permission to delete an AWS Directory Service directory", + "privilege": "DeleteDirectory", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeNetworkInterfaces", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe VPC endpoint service configurations (your services)", - "privilege": "DescribeVpcEndpointServiceConfigurations", + "access_level": "Write", + "description": "Grants permission to delete the specified log subscription", + "privilege": "DeleteLogSubscription", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the principals (service consumers) that are permitted to discover your VPC endpoint service", - "privilege": "DescribeVpcEndpointServicePermissions", + "access_level": "Write", + "description": "Grants permission to delete a directory snapshot", + "privilege": "DeleteSnapshot", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing trust relationship between your Microsoft AD in the AWS cloud and an external domain", + "privilege": "DeleteTrust", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe all supported AWS services that can be specified when creating a VPC endpoint", - "privilege": "DescribeVpcEndpointServices", + "access_level": "Write", + "description": "Grants permission to delete from the system the certificate that was registered for a secured LDAP connection", + "privilege": "DeregisterCertificate", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more VPC endpoints", - "privilege": "DescribeVpcEndpoints", + "access_level": "Write", + "description": "Grants permission to remove the specified directory as a publisher to the specified SNS topic", + "privilege": "DeregisterEventTopic", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more VPC peering connections", - "privilege": "DescribeVpcPeeringConnections", + "access_level": "Read", + "description": "Grants permission to display information about the certificate registered for a secured LDAP connection", + "privilege": "DescribeCertificate", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more VPCs", - "privilege": "DescribeVpcs", + "access_level": "Read", + "description": "Grants permission to retrieve information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported", + "privilege": "DescribeClientAuthenticationSettings", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe one or more VPN connections", - "privilege": "DescribeVpnConnections", + "access_level": "Read", + "description": "Grants permission to obtain information about the conditional forwarders for this account", + "privilege": "DescribeConditionalForwarders", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "List", - "description": "Grants permission to describe one or more virtual private gateways", - "privilege": "DescribeVpnGateways", + "description": "Grants permission to obtain information about the directories that belong to this account", + "privilege": "DescribeDirectories", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to unlink (detach) a linked EC2-Classic instance from a VPC", - "privilege": "DetachClassicLinkVpc", + "access_level": "Read", + "description": "Grants permission to provide information about any domain controllers in your directory", + "privilege": "DescribeDomainControllers", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach an internet gateway from a VPC", - "privilege": "DetachInternetGateway", + "access_level": "Read", + "description": "Grants permission to obtain information about which SNS topics receive status messages from the specified directory", + "privilege": "DescribeEventTopics", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "internet-gateway*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the status of LDAP security for the specified directory", + "privilege": "DescribeLDAPSSettings", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to provide information about the Regions that are configured for multi-Region replication", + "privilege": "DescribeRegions", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a network interface from an instance", - "privilege": "DetachNetworkInterface", + "access_level": "Read", + "description": "Grants permission to retrieve information about the configurable settings for the specified directory", + "privilege": "DescribeSettings", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the shared directories in your account", + "privilege": "DescribeSharedDirectories", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "network-interface*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to obtain information about the directory snapshots that belong to this account", + "privilege": "DescribeSnapshots", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a trust provider from a Verified Access instance", - "privilege": "DetachVerifiedAccessTrustProvider", + "access_level": "Read", + "description": "Grants permission to obtain information about the trust relationships for this account", + "privilege": "DescribeTrusts", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-trust-provider*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach an EBS volume from an instance", - "privilege": "DetachVolume", + "access_level": "Read", + "description": "Grants permission to describe the updates of a directory for a particular update type", + "privilege": "DescribeUpdateDirectory", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to detach a virtual private gateway from a VPC", - "privilege": "DetachVpnGateway", + "description": "Grants permission to disable alternative client authentication methods for the specified directory", + "privilege": "DisableClientAuthentication", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable Elastic IP address transfer", - "privilege": "DisableAddressTransfer", + "description": "Grants permission to deactivate LDAP secure calls for the specified directory", + "privilege": "DisableLDAPS", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "elastic-ip*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable infrastructure performance metric subscriptions", - "privilege": "DisableAwsNetworkPerformanceMetricSubscription", + "description": "Grants permission to disable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory", + "privilege": "DisableRadius", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable EBS encryption by default for your account", - "privilege": "DisableEbsEncryptionByDefault", + "description": "Grants permission to disable AWS Management Console access for identity in your AWS Directory", + "privilege": "DisableRoleAccess", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable faster launching for Windows AMIs", - "privilege": "DisableFastLaunch", + "description": "Grants permission to disable single-sign on for a directory", + "privilege": "DisableSso", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable fast snapshot restores for one or more snapshots in specified Availability Zones", - "privilege": "DisableFastSnapshotRestores", + "description": "Grants permission to enable alternative client authentication methods for the specified directory", + "privilege": "EnableClientAuthentication", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel the deprecation of the specified AMI", - "privilege": "DisableImageDeprecation", + "description": "Grants permission to activate the switch for the specific directory to always use LDAP secure calls", + "privilege": "EnableLDAPS", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector directory", + "privilege": "EnableRadius", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account", - "privilege": "DisableIpamOrganizationAdminAccount", + "description": "Grants permission to enable AWS Management Console access for identity in your AWS Directory", + "privilege": "EnableRoleAccess", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [ - "organizations:DeregisterDelegatedAdministrator" + "iam:PassRole" ], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable access to the EC2 serial console of all instances for your account", - "privilege": "DisableSerialConsoleAccess", + "description": "Grants permission to enable single-sign on for a directory", + "privilege": "EnableSso", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable a resource attachment from propagating routes to the specified propagation route table", - "privilege": "DisableTransitGatewayRouteTablePropagation", + "access_level": "Read", + "description": "Grants permission to retrieve the details of the authorized applications on a directory", + "privilege": "GetAuthorizedApplicationDetails", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to obtain directory limit information for the current region", + "privilege": "GetDirectoryLimits", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to obtain the manual snapshot limits for a directory", + "privilege": "GetSnapshotLimits", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-route-table-announcement" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to obtain the AWS applications authorized for a directory", + "privilege": "ListAuthorizedApplications", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable a virtual private gateway from propagating routes to a specified route table of a VPC", - "privilege": "DisableVgwRoutePropagation", + "access_level": "List", + "description": "Grants permission to list all the certificates registered for a secured LDAP connection, for the specified directory", + "privilege": "ListCertificates", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "route-table*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the address blocks that you have added to a directory", + "privilege": "ListIpRoutes", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpn-gateway*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the active log subscriptions for the AWS account", + "privilege": "ListLogSubscriptions", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable ClassicLink for a VPC", - "privilege": "DisableVpcClassicLink", + "access_level": "List", + "description": "Grants permission to list all schema extensions applied to a Microsoft AD Directory", + "privilege": "ListSchemaExtensions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all tags on an Amazon Directory Services directory", + "privilege": "ListTagsForResource", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable ClassicLink DNS support for a VPC", - "privilege": "DisableVpcClassicLinkDnsSupport", + "description": "Grants permission to register a certificate for secured LDAP connection", + "privilege": "RegisterCertificate", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an Elastic IP address from an instance or network interface", - "privilege": "DisassociateAddress", + "description": "Grants permission to associate a directory with an SNS topic", + "privilege": "RegisterEventTopic", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "elastic-ip" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "sns:GetTopicAttributes" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a target network from a Client VPN endpoint", - "privilege": "DisassociateClientVpnTargetNetwork", + "description": "Grants permission to reject a directory sharing request that was sent from the directory owner account", + "privilege": "RejectSharedDirectory", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an ACM certificate from a IAM role", - "privilege": "DisassociateEnclaveCertificateIamRole", + "description": "Grants permission to remove IP address blocks from a directory", + "privilege": "RemoveIpRoutes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "certificate*" - }, + "resource_type": "directory*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation", + "privilege": "RemoveRegion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate an IAM instance profile from a running or stopped instance", - "privilege": "DisassociateIamInstanceProfile", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon Directory Services directory", + "privilege": "RemoveTagsFromResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteTags" ], - "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "directory*" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -81589,431 +81762,252 @@ }, { "access_level": "Write", - "description": "Grants permission to disassociate one or more targets from an event window", - "privilege": "DisassociateInstanceEventWindow", + "description": "Grants permission to reset the password for any user in your AWS Managed Microsoft AD or Simple AD directory", + "privilege": "ResetUserPassword", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "instance-event-window*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a resource discovery from an Amazon VPC IPAM", - "privilege": "DisassociateIpamResourceDiscovery", + "description": "Grants permission to restore a directory using an existing directory snapshot", + "privilege": "RestoreFromSnapshot", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-resource-discovery-association*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a secondary Elastic IP address from a public NAT gateway", - "privilege": "DisassociateNatGatewayAddress", + "description": "Grants permission to share a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). With this operation you can use your directory from any AWS account and from any Amazon VPC within an AWS Region", + "privilege": "ShareDirectory", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "elastic-ip*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "natgateway*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AuthorizedUser", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:Permission", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "network-interface*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a subnet from a route table", - "privilege": "DisassociateRouteTable", + "description": "Grants permission to apply a schema extension to a Microsoft AD directory", + "privilege": "StartSchemaExtension", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "internet-gateway" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipv4pool-ec2" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipv6pool-ec2" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "route-table" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a CIDR block from a subnet", - "privilege": "DisassociateSubnetCidrBlock", + "description": "Grants permission to unauthorize an application from your AWS Directory", + "privilege": "UnauthorizeApplication", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate one or more subnets from a transit gateway multicast domain", - "privilege": "DisassociateTransitGatewayMulticastDomain", + "description": "Grants permission to stop the directory sharing between the directory owner and consumer accounts", + "privilege": "UnshareDirectory", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a policy table from a transit gateway", - "privilege": "DisassociateTransitGatewayPolicyTable", + "description": "Grants permission to update an authorized application for your AWS Directory", + "privilege": "UpdateAuthorizedApplication", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-policy-table*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a resource attachment from a transit gateway route table", - "privilege": "DisassociateTransitGatewayRouteTable", + "description": "Grants permission to update a conditional forwarder that has been set up for your AWS directory", + "privilege": "UpdateConditionalForwarder", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a branch network interface to a trunk network interface", - "privilege": "DisassociateTrunkInterface", + "description": "Grants permission to update the configurations like service account credentials or DNS server IP addresses for the specified directory", + "privilege": "UpdateDirectory", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an AWS Web Application Firewall (WAF) web access control list (ACL) from a Verified Access instance", - "privilege": "DisassociateVerifiedAccessInstanceWebAcl", + "description": "Grants permission to update the directory for a particular update type", + "privilege": "UpdateDirectorySetup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a CIDR block from a VPC", - "privilege": "DisassociateVpcCidrBlock", + "description": "Grants permission to add or remove domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request", + "privilege": "UpdateNumberOfDomainControllers", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "dependent_actions": [], - "resource_type": "vpc" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable Elastic IP address transfer", - "privilege": "EnableAddressTransfer", + "description": "Grants permission to update the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector directory", + "privilege": "UpdateRadius", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "elastic-ip*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable infrastructure performance subscriptions", - "privilege": "EnableAwsNetworkPerformanceMetricSubscription", + "description": "Grants permission to update the configurable settings for the specified directory", + "privilege": "UpdateSettings", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable EBS encryption by default for your account", - "privilege": "EnableEbsEncryptionByDefault", + "description": "Grants permission to update the trust that has been set up between your AWS Managed Microsoft AD directory and an on-premises Active Directory", + "privilege": "UpdateTrust", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "directory*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable faster launching for Windows AMIs", - "privilege": "EnableFastLaunch", + "access_level": "Read", + "description": "Grants permission to verify a trust relationship between your Microsoft AD in the AWS cloud and an external domain", + "privilege": "VerifyTrust", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" - }, + "resource_type": "directory*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "directory" + } + ], + "service_name": "AWS Directory Service" + }, + { + "conditions": [ + { + "condition": "dynamodb:Attributes", + "description": "Filters access by attribute (field or column) names of the table", + "type": "ArrayOfString" + }, + { + "condition": "dynamodb:EnclosingOperation", + "description": "Filters access by blocking Transactions APIs calls and allow the non-Transaction APIs calls and vice-versa", + "type": "String" + }, + { + "condition": "dynamodb:FullTableScan", + "description": "Filters access by blocking full table scan", + "type": "Bool" + }, + { + "condition": "dynamodb:LeadingKeys", + "description": "Filters access by the partition key of the table", + "type": "ArrayOfString" + }, + { + "condition": "dynamodb:ReturnConsumedCapacity", + "description": "Filters access by the ReturnConsumedCapacity parameter of a request. Contains either \"TOTAL\" or \"NONE\"", + "type": "String" + }, + { + "condition": "dynamodb:ReturnValues", + "description": "Filters access by the ReturnValues parameter of request. Contains one of the following: \"ALL_OLD\", \"UPDATED_OLD\",\"ALL_NEW\",\"UPDATED_NEW\", or \"NONE\"", + "type": "String" + }, + { + "condition": "dynamodb:Select", + "description": "Filters access by the Select parameter of a Query or Scan request", + "type": "String" + } + ], + "prefix": "dynamodb", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to return the attributes of one or more items from one or more tables", + "privilege": "BatchGetItem", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-template" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:Select" ], "dependent_actions": [], "resource_type": "" @@ -82022,27 +82016,19 @@ }, { "access_level": "Write", - "description": "Grants permission to enable fast snapshot restores for one or more snapshots in specified Availability Zones", - "privilege": "EnableFastSnapshotRestores", + "description": "Grants permission to put or delete multiple items in one or more tables", + "privilege": "BatchWriteItem", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity" ], "dependent_actions": [], "resource_type": "" @@ -82050,26 +82036,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to enable deprecation of the specified AMI at the specified date and time", - "privilege": "EnableImageDeprecation", + "access_level": "Read", + "description": "Grants permission to the ConditionCheckItem operation checks the existence of a set of attributes for the item with the given primary key", + "privilege": "ConditionCheckItem", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues" ], "dependent_actions": [], "resource_type": "" @@ -82078,147 +82059,86 @@ }, { "access_level": "Write", - "description": "Grants permission to enable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account", - "privilege": "EnableIpamOrganizationAdminAccount", + "description": "Grants permission to create a backup for an existing table", + "privilege": "CreateBackup", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "organizations:EnableAWSServiceAccess", - "organizations:RegisterDelegatedAdministrator" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable organization sharing of reachability analyzer", - "privilege": "EnableReachabilityAnalyzerOrganizationSharing", + "description": "Grants permission to create a global table from an existing table", + "privilege": "CreateGlobalTable", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "organizations:EnableAWSServiceAccess" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable access to the EC2 serial console of all instances for your account", - "privilege": "EnableSerialConsoleAccess", + "description": "Grants permission to the CreateTable operation adds a new table to your account", + "privilege": "CreateTable", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable an attachment to propagate routes to a propagation route table", - "privilege": "EnableTransitGatewayRouteTablePropagation", + "description": "Grants permission to add a new replica table", + "privilege": "CreateTableReplica", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table-announcement" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable a virtual private gateway to propagate routes to a VPC route table", - "privilege": "EnableVgwRoutePropagation", + "description": "Grants permission to delete an existing backup of a table", + "privilege": "DeleteBackup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "route-table*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-gateway*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable I/O operations for a volume that had I/O operations disabled", - "privilege": "EnableVolumeIO", + "description": "Grants permission to deletes a single item in a table by primary key", + "privilege": "DeleteItem", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues" ], "dependent_actions": [], "resource_type": "" @@ -82226,154 +82146,94 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to enable a VPC for ClassicLink", - "privilege": "EnableVpcClassicLink", + "access_level": "Permissions management", + "description": "Grants permission to delete the resource-based policy attached to the resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc*" + "resource_type": "stream*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable a VPC to support DNS hostname resolution for ClassicLink", - "privilege": "EnableVpcClassicLinkDnsSupport", + "description": "Grants permission to the DeleteTable operation which deletes a table and all of its items", + "privilege": "DeleteTable", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a replica table and all of its items", + "privilege": "DeleteTableReplica", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to download the client certificate revocation list for a Client VPN endpoint", - "privilege": "ExportClientVpnClientCertificateRevocationList", + "description": "Grants permission to describe an existing backup of a table", + "privilege": "DescribeBackup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { "access_level": "Read", - "description": "Grants permission to download the contents of the Client VPN endpoint configuration file for a Client VPN endpoint", - "privilege": "ExportClientVpnClientConfiguration", + "description": "Grants permission to check the status of the backup restore settings on the specified table", + "privilege": "DescribeContinuousBackups", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to export an Amazon Machine Image (AMI) to a VM file", - "privilege": "ExportImage", + "access_level": "Read", + "description": "Grants permission to describe the contributor insights status and related details for a given table or global secondary index", + "privilege": "DescribeContributorInsights", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "export-image-task*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "table*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index" } ] }, { - "access_level": "Write", - "description": "Grants permission to export routes from a transit gateway route table to an Amazon S3 bucket", - "privilege": "ExportTransitGatewayRoutes", + "access_level": "Read", + "description": "Grants permission to return the regional endpoint information", + "privilege": "DescribeEndpoints", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -82381,128 +82241,71 @@ }, { "access_level": "Read", - "description": "Grants permission to get the list of roles associated with an ACM certificate", - "privilege": "GetAssociatedEnclaveCertificateIamRoles", + "description": "Grants permission to describe an existing Export of a table", + "privilege": "DescribeExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "certificate*" - }, - { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "export*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about the IPv6 CIDR block associations for a specified IPv6 address pool", - "privilege": "GetAssociatedIpv6PoolCidrs", + "description": "Grants permission to return information about the specified global table", + "privilege": "DescribeGlobalTable", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "global-table*" } ] }, { "access_level": "Read", - "description": "Grants permission to get network performance data", - "privilege": "GetAwsNetworkPerformanceData", + "description": "Grants permission to return settings information about the specified global table", + "privilege": "DescribeGlobalTableSettings", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "global-table*" } ] }, { "access_level": "Read", - "description": "Grants permission to get usage information about a Capacity Reservation", - "privilege": "GetCapacityReservationUsage", + "description": "Grants permission to describe an existing import", + "privilege": "DescribeImport", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:CapacityReservationFleet", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "import*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the allocations from the specified customer-owned address pool", - "privilege": "GetCoipPoolUsage", + "description": "Grants permission to grant permission to describe the status of Kinesis streaming and related details for a given table", + "privilege": "DescribeKinesisStreamingDestination", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "coip-pool*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the console output for an instance", - "privilege": "GetConsoleOutput", + "description": "Grants permission to return the current provisioned-capacity limits for your AWS account in a region, both for the region as a whole and for any one DynamoDB table that you create there", + "privilege": "DescribeLimits", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -82510,37 +82313,11 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a JPG-format screenshot of a running instance", - "privilege": "GetConsoleScreenshot", + "description": "Grants permission to describe one or more of the Reserved Capacity purchased", + "privilege": "DescribeReservedCapacity", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:NewInstanceProfile", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -82548,13 +82325,11 @@ }, { "access_level": "Read", - "description": "Grants permission to get the default credit option for CPU usage of a burstable performance instance family", - "privilege": "GetDefaultCreditSpecification", + "description": "Grants permission to describe Reserved Capacity offerings that are available for purchase", + "privilege": "DescribeReservedCapacityOfferings", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -82562,159 +82337,105 @@ }, { "access_level": "Read", - "description": "Grants permission to get the ID of the default customer master key (CMK) for EBS encryption by default", - "privilege": "GetEbsDefaultKmsKeyId", + "description": "Grants permission to return information about a stream, including the current status of the stream, its Amazon Resource Name (ARN), the composition of its shards, and its corresponding DynamoDB table", + "privilege": "DescribeStream", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe whether EBS encryption by default is enabled for your account", - "privilege": "GetEbsEncryptionByDefault", + "description": "Grants permission to return information about the table", + "privilege": "DescribeTable", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to generate a CloudFormation template to streamline the integration of VPC flow logs with Amazon Athena", - "privilege": "GetFlowLogsIntegrationTemplate", + "description": "Grants permission to describe the auto scaling settings across all replicas of the global table", + "privilege": "DescribeTableReplicaAutoScaling", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-flow-log*" - }, - { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource groups to which a Capacity Reservation has been added", - "privilege": "GetGroupsForCapacityReservation", + "access_level": "Read", + "description": "Grants permission to give a description of the Time to Live (TTL) status on the specified table", + "privilege": "DescribeTimeToLive", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:CapacityReservationFleet", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to preview a reservation purchase with configurations that match those of a Dedicated Host", - "privilege": "GetHostReservationPurchasePreview", + "access_level": "Write", + "description": "Grants permission to grant permission to stop replication from the DynamoDB table to the Kinesis data stream", + "privilege": "DisableKinesisStreamingDestination", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to view a list of instance types with specified instance attributes", - "privilege": "GetInstanceTypesFromInstanceRequirements", + "access_level": "Write", + "description": "Grants permission to grant permission to start table data replication to the specified Kinesis data stream at a timestamp chosen during the enable workflow", + "privilege": "EnableKinesisStreamingDestination", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the binary representation of the UEFI variable store", - "privilege": "GetInstanceUefiData", + "access_level": "Write", + "description": "Grants permission to initiate an Export of a DynamoDB table to S3", + "privilege": "ExportTableToPointInTime", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:NewInstanceProfile", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve historical information about a CIDR within an Amazon VPC IP Address Manager (IPAM) scope", - "privilege": "GetIpamAddressHistory", + "description": "Grants permission to the GetItem operation that returns a set of attributes for the item with the given primary key", + "privilege": "GetItem", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-scope*" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:Select" ], "dependent_actions": [], "resource_type": "" @@ -82723,212 +82444,112 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve IPAM discovered accounts", - "privilege": "GetIpamDiscoveredAccounts", + "description": "Grants permission to retrieve the stream records from a given shard", + "privilege": "GetRecords", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-resource-discovery*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the resource CIDRs that are monitored as part of a resource discovery", - "privilege": "GetIpamDiscoveredResourceCidrs", + "description": "Grants permission to view a resource-based policy for a resource", + "privilege": "GetResourcePolicy", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-resource-discovery*" + "resource_type": "stream*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "GetIpamPoolAllocations", + "access_level": "Read", + "description": "Grants permission to return a shard iterator", + "privilege": "GetShardIterator", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "GetIpamPoolCidrs", + "access_level": "Write", + "description": "Grants permission to initiate an import from S3 to a DynamoDB table", + "privilege": "ImportTable", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the resources in an Amazon VPC IP Address Manager (IPAM) scope", - "privilege": "GetIpamResourceCidrs", + "access_level": "List", + "description": "Grants permission to list backups associated with the account and endpoint", + "privilege": "ListBackups", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-scope*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration data of the specified instance for use with a new launch template or launch template version", - "privilege": "GetLaunchTemplateData", + "access_level": "List", + "description": "Grants permission to list the ContributorInsightsSummary for all tables and global secondary indexes associated with the current account and endpoint", + "privilege": "ListContributorInsights", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the resources that are associated with the specified managed prefix list", - "privilege": "GetManagedPrefixListAssociations", + "access_level": "List", + "description": "Grants permission to list exports associated with the account and endpoint", + "privilege": "ListExports", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "prefix-list*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the entries for a specified managed prefix list", - "privilege": "GetManagedPrefixListEntries", + "access_level": "List", + "description": "Grants permission to list all global tables that have a replica in the specified region", + "privilege": "ListGlobalTables", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "prefix-list*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the findings for one or more Network Access Scope analyses", - "privilege": "GetNetworkInsightsAccessScopeAnalysisFindings", + "access_level": "List", + "description": "Grants permission to list imports associated with the account and endpoint", + "privilege": "ListImports", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -82936,50 +82557,23 @@ }, { "access_level": "Read", - "description": "Grants permission to get the content for a specified Network Access Scope", - "privilege": "GetNetworkInsightsAccessScopeContent", + "description": "Grants permission to return an array of stream ARNs associated with the current account and endpoint", + "privilege": "ListStreams", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the encrypted administrator password for a running Windows instance", - "privilege": "GetPasswordData", + "access_level": "List", + "description": "Grants permission to return an array of table names associated with the current account and endpoint", + "privilege": "ListTables", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -82987,52 +82581,32 @@ }, { "access_level": "Read", - "description": "Grants permission to return a quote and exchange information for exchanging one or more Convertible Reserved Instances for a new Convertible Reserved Instance", - "privilege": "GetReservedInstancesExchangeQuote", + "description": "Grants permission to list all tags on an Amazon DynamoDB resource", + "privilege": "ListTagsOfResource", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an IAM policy that enables cross-account sharing", - "privilege": "GetResourcePolicy", + "access_level": "Write", + "description": "Grants permission to delete a single item in a table by primary key", + "privilege": "PartiQLDelete", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "ipam-pool" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "placement-group" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-group" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys", + "dynamodb:ReturnValues" ], "dependent_actions": [], "resource_type": "" @@ -83040,13 +82614,20 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the access status of your account to the EC2 serial console of all instances", - "privilege": "GetSerialConsoleAccessStatus", + "access_level": "Write", + "description": "Grants permission to create a new item, if an item with same primary key does not exist in the table", + "privilege": "PartiQLInsert", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys" ], "dependent_actions": [], "resource_type": "" @@ -83055,12 +82636,26 @@ }, { "access_level": "Read", - "description": "Grants permission to calculate the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements", - "privilege": "GetSpotPlacementScores", + "description": "Grants permission to read a set of attributes for items from a table or index", + "privilege": "PartiQLSelect", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index" + }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:FullTableScan", + "dynamodb:LeadingKeys", + "dynamodb:Select" ], "dependent_actions": [], "resource_type": "" @@ -83068,13 +82663,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the subnet CIDR reservations", - "privilege": "GetSubnetCidrReservations", + "access_level": "Write", + "description": "Grants permission to edit an existing item's attributes", + "privilege": "PartiQLUpdate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys", + "dynamodb:ReturnValues" ], "dependent_actions": [], "resource_type": "" @@ -83082,35 +82685,34 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the route tables to which a resource attachment propagates routes", - "privilege": "GetTransitGatewayAttachmentPropagations", + "access_level": "Write", + "description": "Grants permission to purchases reserved capacity for use with your account", + "privilege": "PurchaseReservedCapacityOfferings", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about the associations for a transit gateway multicast domain", - "privilege": "GetTransitGatewayMulticastDomainAssociations", + "access_level": "Write", + "description": "Grants permission to create a new item, or replace an old item with a new item", + "privilege": "PutItem", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" + "resource_type": "table*" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues" ], "dependent_actions": [], "resource_type": "" @@ -83118,43 +82720,44 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get information about associations for a transit gateway policy table", - "privilege": "GetTransitGatewayPolicyTableAssociations", + "access_level": "Permissions management", + "description": "Grants permission to attach a resource-based policy to the resource", + "privilege": "PutResourcePolicy", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-policy-table*" + "resource_type": "stream*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about associations for a transit gateway policy table entry", - "privilege": "GetTransitGatewayPolicyTableEntries", + "access_level": "Read", + "description": "Grants permission to use the primary key of a table or a secondary index to directly access items from that table or index", + "privilege": "Query", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "transit-gateway-policy-table*" + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues", + "dynamodb:Select" ], "dependent_actions": [], "resource_type": "" @@ -83162,63 +82765,83 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get information about prefix list references for a transit gateway route table", - "privilege": "GetTransitGatewayPrefixListReferences", + "access_level": "Write", + "description": "Grants permission to create a new table from recovery point on AWS Backup", + "privilege": "RestoreTableFromAwsBackup", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about associations for a transit gateway route table", - "privilege": "GetTransitGatewayRouteTableAssociations", + "access_level": "Write", + "description": "Grants permission to create a new table from an existing backup", + "privilege": "RestoreTableFromBackup", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dynamodb:BatchWriteItem", + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem" ], + "resource_type": "backup*" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about the route table propagations for a transit gateway route table", - "privilege": "GetTransitGatewayRouteTablePropagations", + "access_level": "Write", + "description": "Grants permission to restore a table to a point in time", + "privilege": "RestoreTableToPointInTime", "resource_types": [ { - "condition_keys": [ - "ec2:Region" + "condition_keys": [], + "dependent_actions": [ + "dynamodb:BatchWriteItem", + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to show the Verified Access policy associated with the endpoint", - "privilege": "GetVerifiedAccessEndpointPolicy", + "access_level": "Read", + "description": "Grants permission to return one or more items and item attributes by accessing every item in a table or a secondary index", + "privilege": "Scan", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "verified-access-endpoint*" + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index" }, { "condition_keys": [ - "ec2:Region" + "dynamodb:Attributes", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues", + "dynamodb:Select" ], "dependent_actions": [], "resource_type": "" @@ -83226,321 +82849,280 @@ ] }, { - "access_level": "List", - "description": "Grants permission to show the contents of the Verified Access policy associated with the group", - "privilege": "GetVerifiedAccessGroupPolicy", + "access_level": "Write", + "description": "Grants permission to create a backup on AWS Backup with advanced features enabled", + "privilege": "StartAwsBackupJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-group*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to show the AWS Web Application Firewall (WAF) web access control list (ACL) for a Verified Access instance", - "privilege": "GetVerifiedAccessInstanceWebAcl", + "access_level": "Tagging", + "description": "Grants permission to associate a set of tags with an Amazon DynamoDB resource", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" - }, - { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to download an AWS-provided sample configuration file to be used with the customer gateway device", - "privilege": "GetVpnConnectionDeviceSampleConfiguration", + "access_level": "Tagging", + "description": "Grants permission to remove the association of tags from an Amazon DynamoDB resource", + "privilege": "UntagResource", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpn-connection-device-type*" - }, - { - "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to obtain a list of customer gateway devices for which sample configuration files can be provided", - "privilege": "GetVpnConnectionDeviceTypes", + "access_level": "Write", + "description": "Grants permission to enable or disable continuous backups", + "privilege": "UpdateContinuousBackups", "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to view available tunnel endpoint maintenance events", - "privilege": "GetVpnTunnelReplacementStatus", + "access_level": "Write", + "description": "Grants permission to update the status for contributor insights for a specific table or global secondary index", + "privilege": "UpdateContributorInsights", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "vpn-connection*" + "resource_type": "table*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index" } ] }, { "access_level": "Write", - "description": "Grants permission to transfer existing BYOIP IPv4 CIDRs to IPAM", - "privilege": "ImportByoipCidrToIpam", + "description": "Grants permission to add or remove replicas in the specified global table", + "privilege": "UpdateGlobalTable", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "global-table*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to upload a client certificate revocation list to a Client VPN endpoint", - "privilege": "ImportClientVpnClientCertificateRevocationList", + "description": "Grants permission to update settings of the specified global table", + "privilege": "UpdateGlobalTableSettings", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "global-table*" }, { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI)", - "privilege": "ImportImage", + "description": "Grants permission to update version of the specified global table", + "privilege": "UpdateGlobalTableVersion", "resource_types": [ - { - "condition_keys": [ - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:RootDeviceType" - ], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "image*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "import-image-task*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "global-table*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table" } ] }, { "access_level": "Write", - "description": "Grants permission to create an import instance task using metadata from a disk image", - "privilege": "ImportInstance", + "description": "Grants permission to edit an existing item's attributes, or adds a new item to the table if it does not already exist", + "privilege": "UpdateItem", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:InstanceID", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "table*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "dynamodb:Attributes", + "dynamodb:EnclosingOperation", + "dynamodb:LeadingKeys", + "dynamodb:ReturnConsumedCapacity", + "dynamodb:ReturnValues" ], "dependent_actions": [], - "resource_type": "volume*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update data replication configurations for the specified Kinesis data stream", + "privilege": "UpdateKinesisStreamingDestination", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "security-group" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the provisioned throughput settings, global secondary indexes, or DynamoDB Streams settings for a given table", + "privilege": "UpdateTable", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "subnet" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update auto scaling settings on your replica table", + "privilege": "UpdateTableReplicaAutoScaling", + "resource_types": [ { - "condition_keys": [ - "ec2:Region" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to import a public key from an RSA key pair that was created with a third-party tool", - "privilege": "ImportKeyPair", + "description": "Grants permission to enable or disable TTL for the specified table", + "privilege": "UpdateTimeToLive", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "key-pair*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/index/${IndexName}", + "condition_keys": [], + "resource": "index" + }, + { + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/stream/${StreamLabel}", + "condition_keys": [], + "resource": "stream" + }, + { + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}", + "condition_keys": [], + "resource": "table" + }, + { + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/backup/${BackupName}", + "condition_keys": [], + "resource": "backup" + }, + { + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/export/${ExportName}", + "condition_keys": [], + "resource": "export" + }, + { + "arn": "arn:${Partition}:dynamodb::${Account}:global-table/${GlobalTableName}", + "condition_keys": [], + "resource": "global-table" + }, + { + "arn": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}/import/${ImportName}", + "condition_keys": [], + "resource": "import" + } + ], + "service_name": "Amazon DynamoDB" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "ebs:Description", + "description": "Filters access by the description of the snapshot being created", + "type": "String" }, + { + "condition": "ebs:ParentSnapshot", + "description": "Filters access by the ID of the parent snapshot", + "type": "String" + }, + { + "condition": "ebs:VolumeSize", + "description": "Filters access by the size of the volume for the snapshot being created, in GiB", + "type": "Numeric" + } + ], + "prefix": "ebs", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to import a disk into an EBS snapshot", - "privilege": "ImportSnapshot", + "description": "Grants permission to seal and complete the snapshot after all of the required blocks of data have been written to it", + "privilege": "CompleteSnapshot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "import-snapshot-task*" - }, - { - "condition_keys": [ - "ec2:Owner", - "ec2:ParentVolume", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" - ], "dependent_actions": [], "resource_type": "snapshot*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -83548,29 +83130,18 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an import volume task using metadata from a disk image", - "privilege": "ImportVolume", + "access_level": "Read", + "description": "Grants permission to return the data of a block in an Amazon Elastic Block Store (EBS) snapshot", + "privilege": "GetSnapshotBlock", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "snapshot*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -83578,13 +83149,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list Amazon Machine Images (AMIs) that are currently in the Recycle Bin", - "privilege": "ListImagesInRecycleBin", + "access_level": "Read", + "description": "Grants permission to list the blocks that are different between two Amazon Elastic Block Store (EBS) snapshots of the same volume/snapshot lineage", + "privilege": "ListChangedBlocks", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -83592,13 +83168,18 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon EBS snapshots that are currently in the Recycle Bin", - "privilege": "ListSnapshotsInRecycleBin", + "access_level": "Read", + "description": "Grants permission to list the blocks in an Amazon Elastic Block Store (EBS) snapshot", + "privilege": "ListSnapshotBlocks", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot*" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -83607,25 +83188,17 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of the specified Elastic IP address", - "privilege": "ModifyAddressAttribute", + "description": "Grants permission to write a block of data to a snapshot created by the StartSnapshot operation", + "privilege": "PutSnapshotBlock", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "elastic-ip*" + "resource_type": "snapshot*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -83634,33 +83207,627 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the opt-in status of the Local Zone and Wavelength Zone group for your account", - "privilege": "ModifyAvailabilityZoneGroup", + "description": "Grants permission to create a new EBS snapshot", + "privilege": "StartSnapshot", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ebs:Description", + "ebs:ParentSnapshot", + "ebs:VolumeSize" ], "dependent_actions": [], "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a Capacity Reservation's capacity and the conditions under which it is to be released", - "privilege": "ModifyCapacityReservation", + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ebs:Description", + "ebs:ParentSnapshot", + "ebs:VolumeSize" + ], + "resource": "snapshot" + } + ], + "service_name": "Amazon Elastic Block Store" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "ec2:AccepterVpc", + "description": "Filters access by the ARN of an accepter VPC in a VPC peering connection", + "type": "ARN" + }, + { + "condition": "ec2:Add/group", + "description": "Filters access by the group being added to a snapshot", + "type": "String" + }, + { + "condition": "ec2:Add/userId", + "description": "Filters access by the account id being added to a snapshot", + "type": "String" + }, + { + "condition": "ec2:AllocationId", + "description": "Filters access by the allocation ID of the Elastic IP address", + "type": "String" + }, + { + "condition": "ec2:AssociatePublicIpAddress", + "description": "Filters access by whether the user wants to associate a public IP address with the instance", + "type": "Bool" + }, + { + "condition": "ec2:Attribute", + "description": "Filters access by an attribute of a resource", + "type": "String" + }, + { + "condition": "ec2:Attribute/${AttributeName}", + "description": "Filters access by an attribute being set on a resource", + "type": "String" + }, + { + "condition": "ec2:AuthenticationType", + "description": "Filters access by the authentication type for the VPN tunnel endpoints", + "type": "String" + }, + { + "condition": "ec2:AuthorizedService", + "description": "Filters access by the AWS service that has permission to use a resource", + "type": "String" + }, + { + "condition": "ec2:AuthorizedUser", + "description": "Filters access by an IAM principal that has permission to use a resource", + "type": "String" + }, + { + "condition": "ec2:AutoPlacement", + "description": "Filters access by the Auto Placement properties of a Dedicated Host", + "type": "String" + }, + { + "condition": "ec2:AvailabilityZone", + "description": "Filters access by the name of an Availability Zone in an AWS Region", + "type": "String" + }, + { + "condition": "ec2:CapacityReservationFleet", + "description": "Filters access by the ARN of the Capacity Reservation Fleet", + "type": "ARN" + }, + { + "condition": "ec2:ClientRootCertificateChainArn", + "description": "Filters access by the ARN of the client root certificate chain", + "type": "ARN" + }, + { + "condition": "ec2:CloudwatchLogGroupArn", + "description": "Filters access by the ARN of the CloudWatch Logs log group", + "type": "ARN" + }, + { + "condition": "ec2:CloudwatchLogStreamArn", + "description": "Filters access by the ARN of the CloudWatch Logs log stream", + "type": "ARN" + }, + { + "condition": "ec2:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" + }, + { + "condition": "ec2:DPDTimeoutSeconds", + "description": "Filters access by the duration after which DPD timeout occurs on a VPN tunnel", + "type": "Numeric" + }, + { + "condition": "ec2:DhcpOptionsID", + "description": "Filters access by the ID of a dynamic host configuration protocol (DHCP) options set", + "type": "String" + }, + { + "condition": "ec2:DirectoryArn", + "description": "Filters access by the ARN of the directory", + "type": "ARN" + }, + { + "condition": "ec2:Domain", + "description": "Filters access by the domain of the Elastic IP address", + "type": "String" + }, + { + "condition": "ec2:EbsOptimized", + "description": "Filters access by whether the instance is enabled for EBS optimization", + "type": "Bool" + }, + { + "condition": "ec2:ElasticGpuType", + "description": "Filters access by the type of Elastic Graphics accelerator", + "type": "String" + }, + { + "condition": "ec2:Encrypted", + "description": "Filters access by whether the EBS volume is encrypted", + "type": "Bool" + }, + { + "condition": "ec2:FisActionId", + "description": "Filters access by the ID of an AWS FIS action", + "type": "String" + }, + { + "condition": "ec2:FisTargetArns", + "description": "Filters access by the ARN of an AWS FIS target", + "type": "ArrayOfARN" + }, + { + "condition": "ec2:GatewayType", + "description": "Filters access by the gateway type for a VPN endpoint on the AWS side of a VPN connection", + "type": "String" + }, + { + "condition": "ec2:HostRecovery", + "description": "Filters access by whether host recovery is enabled for a Dedicated Host", + "type": "String" + }, + { + "condition": "ec2:IKEVersions", + "description": "Filters access by the internet key exchange (IKE) versions that are permitted for a VPN tunnel", + "type": "ArrayOfString" + }, + { + "condition": "ec2:ImageID", + "description": "Filters access by the ID of an image", + "type": "String" + }, + { + "condition": "ec2:ImageType", + "description": "Filters access by the type of image (machine, aki, or ari)", + "type": "String" + }, + { + "condition": "ec2:InsideTunnelCidr", + "description": "Filters access by the range of inside IP addresses for a VPN tunnel", + "type": "String" + }, + { + "condition": "ec2:InsideTunnelIpv6Cidr", + "description": "Filters access by a range of inside IPv6 addresses for a VPN tunnel", + "type": "String" + }, + { + "condition": "ec2:InstanceAutoRecovery", + "description": "Filters access by whether the instance type supports auto recovery", + "type": "String" + }, + { + "condition": "ec2:InstanceID", + "description": "Filters access by the ID of an instance", + "type": "String" + }, + { + "condition": "ec2:InstanceMarketType", + "description": "Filters access by the market or purchasing option of an instance (capacity-block, on-demand, or spot)", + "type": "String" + }, + { + "condition": "ec2:InstanceMetadataTags", + "description": "Filters access by whether the instance allows access to instance tags from the instance metadata", + "type": "String" + }, + { + "condition": "ec2:InstanceProfile", + "description": "Filters access by the ARN of an instance profile", + "type": "ARN" + }, + { + "condition": "ec2:InstanceType", + "description": "Filters access by the type of instance", + "type": "String" + }, + { + "condition": "ec2:InternetGatewayID", + "description": "Filters access by the ID of an internet gateway", + "type": "String" + }, + { + "condition": "ec2:Ipv4IpamPoolId", + "description": "Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation", + "type": "String" + }, + { + "condition": "ec2:Ipv6IpamPoolId", + "description": "Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation", + "type": "String" + }, + { + "condition": "ec2:IsLaunchTemplateResource", + "description": "Filters access by whether users are able to override resources that are specified in the launch template", + "type": "Bool" + }, + { + "condition": "ec2:KeyPairName", + "description": "Filters access by the name of a key pair", + "type": "String" + }, + { + "condition": "ec2:KeyPairType", + "description": "Filters access by the type of a key pair", + "type": "String" + }, + { + "condition": "ec2:KmsKeyId", + "description": "Filters access by the ID of an AWS KMS key provided in the request", + "type": "String" + }, + { + "condition": "ec2:LaunchTemplate", + "description": "Filters access by the ARN of a launch template", + "type": "ARN" + }, + { + "condition": "ec2:MetadataHttpEndpoint", + "description": "Filters access by whether the HTTP endpoint is enabled for the instance metadata service", + "type": "String" + }, + { + "condition": "ec2:MetadataHttpPutResponseHopLimit", + "description": "Filters access by the allowed number of hops when calling the instance metadata service", + "type": "Numeric" + }, + { + "condition": "ec2:MetadataHttpTokens", + "description": "Filters access by whether tokens are required when calling the instance metadata service (optional or required)", + "type": "String" + }, + { + "condition": "ec2:NetworkAclID", + "description": "Filters access by the ID of a network access control list (ACL)", + "type": "String" + }, + { + "condition": "ec2:NetworkInterfaceID", + "description": "Filters access by the ID of an elastic network interface", + "type": "String" + }, + { + "condition": "ec2:NewInstanceProfile", + "description": "Filters access by the ARN of the instance profile being attached", + "type": "ARN" + }, + { + "condition": "ec2:OutpostArn", + "description": "Filters access by the ARN of the Outpost", + "type": "ARN" + }, + { + "condition": "ec2:Owner", + "description": "Filters access by the owner of the resource (amazon, aws-marketplace, or an AWS account ID)", + "type": "String" + }, + { + "condition": "ec2:ParentSnapshot", + "description": "Filters access by the ARN of the parent snapshot", + "type": "ARN" + }, + { + "condition": "ec2:ParentVolume", + "description": "Filters access by the ARN of the parent volume from which the snapshot was created", + "type": "ARN" + }, + { + "condition": "ec2:Permission", + "description": "Filters access by the type of permission for a resource (INSTANCE-ATTACH or EIP-ASSOCIATE)", + "type": "String" + }, + { + "condition": "ec2:Phase1DHGroup", + "description": "Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 1 IKE negotiations", + "type": "ArrayOfString" + }, + { + "condition": "ec2:Phase1EncryptionAlgorithms", + "description": "Filters access by the encryption algorithms that are permitted for a VPN tunnel for the phase 1 IKE negotiations", + "type": "ArrayOfString" + }, + { + "condition": "ec2:Phase1IntegrityAlgorithms", + "description": "Filters access by the integrity algorithms that are permitted for a VPN tunnel for the phase 1 IKE negotiations", + "type": "ArrayOfString" + }, + { + "condition": "ec2:Phase1LifetimeSeconds", + "description": "Filters access by the lifetime in seconds for phase 1 of the IKE negotiations for a VPN tunnel", + "type": "Numeric" + }, + { + "condition": "ec2:Phase2DHGroup", + "description": "Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 2 IKE negotiations", + "type": "ArrayOfString" + }, + { + "condition": "ec2:Phase2EncryptionAlgorithms", + "description": "Filters access by the encryption algorithms that are permitted for a VPN tunnel for the phase 2 IKE negotiations", + "type": "ArrayOfString" + }, + { + "condition": "ec2:Phase2IntegrityAlgorithms", + "description": "Filters access by the integrity algorithms that are permitted for a VPN tunnel for the phase 2 IKE negotiations", + "type": "ArrayOfString" + }, + { + "condition": "ec2:Phase2LifetimeSeconds", + "description": "Filters access by the lifetime in seconds for phase 2 of the IKE negotiations for a VPN tunnel", + "type": "Numeric" + }, + { + "condition": "ec2:PlacementGroup", + "description": "Filters access by the ARN of the placement group", + "type": "ARN" + }, + { + "condition": "ec2:PlacementGroupName", + "description": "Filters access by the name of a placement group", + "type": "String" + }, + { + "condition": "ec2:PlacementGroupStrategy", + "description": "Filters access by the instance placement strategy used by the placement group (cluster, spread, or partition)", + "type": "String" + }, + { + "condition": "ec2:ProductCode", + "description": "Filters access by the product code that is associated with the AMI", + "type": "String" + }, + { + "condition": "ec2:Public", + "description": "Filters access by whether the image has public launch permissions", + "type": "Bool" + }, + { + "condition": "ec2:PublicIpAddress", + "description": "Filters access by a public IP address", + "type": "String" + }, + { + "condition": "ec2:Quantity", + "description": "Filters access by the number of Dedicated Hosts in a request", + "type": "Numeric" + }, + { + "condition": "ec2:Region", + "description": "Filters access by the name of the AWS Region", + "type": "String" + }, + { + "condition": "ec2:RekeyFuzzPercentage", + "description": "Filters access by the percentage of increase of the rekey window (determined by the rekey margin time) within which the rekey time is randomly selected for a VPN tunnel", + "type": "Numeric" + }, + { + "condition": "ec2:RekeyMarginTimeSeconds", + "description": "Filters access by the margin time before the phase 2 lifetime expires for a VPN tunnel", + "type": "Numeric" + }, + { + "condition": "ec2:Remove/group", + "description": "Filters access by the group being removed from a snapshot", + "type": "String" + }, + { + "condition": "ec2:Remove/userId", + "description": "Filters access by the account id being removed from a snapshot", + "type": "String" + }, + { + "condition": "ec2:ReplayWindowSizePackets", + "description": "Filters access by the number of packets in an IKE replay window", + "type": "String" + }, + { + "condition": "ec2:RequesterVpc", + "description": "Filters access by the ARN of a requester VPC in a VPC peering connection", + "type": "ARN" + }, + { + "condition": "ec2:ReservedInstancesOfferingType", + "description": "Filters access by the payment option of the Reserved Instance offering (No Upfront, Partial Upfront, or All Upfront)", + "type": "String" + }, + { + "condition": "ec2:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "ec2:RoleDelivery", + "description": "Filters access by the version of the instance metadata service for retrieving IAM role credentials for EC2", + "type": "Numeric" + }, + { + "condition": "ec2:RootDeviceType", + "description": "Filters access by the root device type of the instance (ebs or instance-store)", + "type": "String" + }, + { + "condition": "ec2:RouteTableID", + "description": "Filters access by the ID of a route table", + "type": "String" + }, + { + "condition": "ec2:RoutingType", + "description": "Filters access by the routing type for the VPN connection", + "type": "String" + }, + { + "condition": "ec2:SamlProviderArn", + "description": "Filters access by the ARN of the IAM SAML identity provider", + "type": "ARN" + }, + { + "condition": "ec2:SecurityGroupID", + "description": "Filters access by the ID of a security group", + "type": "String" + }, + { + "condition": "ec2:ServerCertificateArn", + "description": "Filters access by the ARN of the server certificate", + "type": "ARN" + }, + { + "condition": "ec2:SnapshotCoolOffPeriod", + "description": "Filters access by the compliance mode cooling-off period", + "type": "Numeric" + }, + { + "condition": "ec2:SnapshotID", + "description": "Filters access by the ID of a snapshot", + "type": "String" + }, + { + "condition": "ec2:SnapshotLockDuration", + "description": "Filters access by the snapshot lock duration", + "type": "Numeric" + }, + { + "condition": "ec2:SnapshotTime", + "description": "Filters access by the initiation time of a snapshot", + "type": "String" + }, + { + "condition": "ec2:SourceInstanceARN", + "description": "Filters access by the ARN of the instance from which the request originated", + "type": "ARN" + }, + { + "condition": "ec2:SourceOutpostArn", + "description": "Filters access by the ARN of the Outpost from which the request originated", + "type": "ARN" + }, + { + "condition": "ec2:Subnet", + "description": "Filters access by the ARN of the subnet", + "type": "ARN" + }, + { + "condition": "ec2:SubnetID", + "description": "Filters access by the ID of a subnet", + "type": "String" + }, + { + "condition": "ec2:Tenancy", + "description": "Filters access by the tenancy of the VPC or instance (default, dedicated, or host)", + "type": "String" + }, + { + "condition": "ec2:VolumeID", + "description": "Filters access by the ID of a volume", + "type": "String" + }, + { + "condition": "ec2:VolumeIops", + "description": "Filters access by the the number of input/output operations per second (IOPS) provisioned for the volume", + "type": "Numeric" + }, + { + "condition": "ec2:VolumeSize", + "description": "Filters access by the size of the volume, in GiB", + "type": "Numeric" + }, + { + "condition": "ec2:VolumeThroughput", + "description": "Filters access by the throughput of the volume, in MiBps", + "type": "Numeric" + }, + { + "condition": "ec2:VolumeType", + "description": "Filters access by the type of volume (gp2, gp3, io1, io2, st1, sc1, or standard)", + "type": "String" + }, + { + "condition": "ec2:Vpc", + "description": "Filters access by the ARN of the VPC", + "type": "ARN" + }, + { + "condition": "ec2:VpcID", + "description": "Filters access by the ID of a virtual private cloud (VPC)", + "type": "String" + }, + { + "condition": "ec2:VpcPeeringConnectionID", + "description": "Filters access by the ID of a VPC peering connection", + "type": "String" + }, + { + "condition": "ec2:VpceServiceName", + "description": "Filters access by the name of the VPC endpoint service", + "type": "String" + }, + { + "condition": "ec2:VpceServiceOwner", + "description": "Filters access by the service owner of the VPC endpoint service (amazon, aws-marketplace, or an AWS account ID)", + "type": "String" + }, + { + "condition": "ec2:VpceServicePrivateDnsName", + "description": "Filters access by the private DNS name of the VPC endpoint service", + "type": "String" + } + ], + "prefix": "ec2", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept an Elastic IP address transfer", + "privilege": "AcceptAddressTransfer", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:CapacityReservationFleet", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress" ], - "dependent_actions": [], - "resource_type": "capacity-reservation*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "elastic-ip*" }, { "condition_keys": [ @@ -83673,19 +83840,9 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a Capacity Reservation Fleet", - "privilege": "ModifyCapacityReservationFleet", + "description": "Grants permission to accept a Convertible Reserved Instance exchange quote", + "privilege": "AcceptReservedInstancesExchangeQuote", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "capacity-reservation-fleet*" - }, { "condition_keys": [ "ec2:Region" @@ -83697,42 +83854,24 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a Client VPN endpoint", - "privilege": "ModifyClientVpnEndpoint", + "description": "Grants permission to accept a request to associate subnets with a transit gateway multicast domain", + "privilege": "AcceptTransitGatewayMulticastDomainAssociations", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "transit-gateway-attachment" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcID" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc" + "resource_type": "transit-gateway-multicast-domain" }, { "condition_keys": [ @@ -83745,23 +83884,17 @@ }, { "access_level": "Write", - "description": "Grants permission to change the account level default credit option for CPU usage of burstable performance instances", - "privilege": "ModifyDefaultCreditSpecification", + "description": "Grants permission to accept a transit gateway peering attachment request", + "privilege": "AcceptTransitGatewayPeeringAttachment", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to change the default customer master key (CMK) for EBS encryption by default for your account", - "privilege": "ModifyEbsDefaultKmsKeyId", - "resource_types": [ + "resource_type": "transit-gateway-attachment*" + }, { "condition_keys": [ "ec2:Region" @@ -83773,95 +83906,88 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an EC2 Fleet", - "privilege": "ModifyFleet", + "description": "Grants permission to accept a request to attach a VPC to a transit gateway", + "privilege": "AcceptTransitGatewayVpcAttachment", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" - ], - "dependent_actions": [], - "resource_type": "image" + "resource_type": "transit-gateway-attachment*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:ResourceTag/${TagKey}" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "key-pair" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to accept one or more interface VPC endpoint connections to your VPC endpoint service", + "privilege": "AcceptVpcEndpointConnections", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "launch-template" + "resource_type": "vpc-endpoint-service*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "network-interface" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to accept a VPC peering connection request", + "privilege": "AcceptVpcPeeringConnection", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "vpc*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Owner", - "ec2:ParentVolume", + "ec2:AccepterVpc", + "ec2:RequesterVpc", "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "ec2:VpcPeeringConnectionID" ], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "vpc-peering-connection*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "subnet" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to advertise an IP address range that is provisioned for use in AWS through bring your own IP addresses (BYOIP)", + "privilege": "AdvertiseByoipCidr", + "resource_types": [ { "condition_keys": [ "ec2:Region" @@ -83873,20 +83999,26 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of an Amazon FPGA Image (AFI)", - "privilege": "ModifyFpgaImageAttribute", + "description": "Grants permission to allocate an Elastic IP address (EIP) to your account", + "privilege": "AllocateAddress", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "elastic-ip*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Owner", - "ec2:Public", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "fpga-image*" + "resource_type": "ipv4pool-ec2" }, { "condition_keys": [ @@ -83899,17 +84031,22 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a Dedicated Host", - "privilege": "ModifyHosts", + "description": "Grants permission to allocate a Dedicated Host to your account", + "privilege": "AllocateHosts", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AutoPlacement", + "ec2:AvailabilityZone", + "ec2:HostRecovery", + "ec2:InstanceType", + "ec2:Quantity" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "dedicated-host*" }, { @@ -83923,9 +84060,17 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the ID format for a resource", - "privilege": "ModifyIdFormat", + "description": "Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "AllocateIpamPoolCidr", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, { "condition_keys": [ "ec2:Region" @@ -83937,9 +84082,43 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the ID format of a resource for a specific principal in your account", - "privilege": "ModifyIdentityIdFormat", + "description": "Grants permission to apply a security group to the association between a Client VPN endpoint and a target network", + "privilege": "ApplySecurityGroupsToClientVpnTargetNetwork", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, { "condition_keys": [ "ec2:Region" @@ -83951,23 +84130,20 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of an Amazon Machine Image (AMI)", - "privilege": "ModifyImageAttribute", + "description": "Grants permission to assign one or more IPv6 addresses to a network interface", + "privilege": "AssignIpv6Addresses", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "network-interface*" }, { "condition_keys": [ @@ -83980,59 +84156,42 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of an instance", - "privilege": "ModifyInstanceAttribute", + "description": "Grants permission to assign one or more secondary private IP addresses to a network interface", + "privilege": "AssignPrivateIpAddresses", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", + "ec2:NetworkInterfaceID", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "network-interface*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "security-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to assign one or more secondary private IP addresses to a private NAT gateway", + "privilege": "AssignPrivateNatGatewayAddress", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "volume" + "resource_type": "natgateway*" }, { "condition_keys": [ @@ -84045,14 +84204,23 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the Capacity Reservation settings for a stopped instance", - "privilege": "ModifyInstanceCapacityReservationAttributes", + "description": "Grants permission to associate an Elastic IP address (EIP) with an instance or a network interface", + "privilege": "AssociateAddress", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -84071,15 +84239,19 @@ "ec2:Tenancy" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "instance" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "capacity-reservation" + "resource_type": "network-interface" }, { "condition_keys": [ @@ -84092,33 +84264,31 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the credit option for CPU usage on an instance", - "privilege": "ModifyInstanceCreditSpecification", + "description": "Grants permission to associate a target network with a Client VPN endpoint", + "privilege": "AssociateClientVpnTargetNetwork", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID" + ], + "dependent_actions": [], + "resource_type": "subnet*" }, { "condition_keys": [ @@ -84131,18 +84301,27 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the start time for a scheduled EC2 instance event", - "privilege": "ModifyInstanceEventStartTime", + "description": "Grants permission to associate or disassociate a set of DHCP options with a VPC", + "privilege": "AssociateDhcpOptions", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute/${AttributeName}", - "ec2:InstanceID", + "ec2:DhcpOptionsID", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "dhcp-options*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" }, { "condition_keys": [ @@ -84155,16 +84334,18 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified event window", - "privilege": "ModifyInstanceEventWindow", + "description": "Grants permission to associate an ACM certificate with an IAM role to be used in an EC2 Enclave", + "privilege": "AssociateEnclaveCertificateIamRole", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-event-window*" + "resource_type": "certificate*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "role*" }, { "condition_keys": [ @@ -84177,14 +84358,12 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the recovery behaviour for an instance", - "privilege": "ModifyInstanceMaintenanceOptions", + "description": "Grants permission to associate an IAM instance profile with a running or stopped instance", + "privilege": "AssociateIamInstanceProfile", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -84196,13 +84375,16 @@ "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", "ec2:PlacementGroup", "ec2:ProductCode", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", "ec2:Tenancy" ], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "instance*" }, { @@ -84216,33 +84398,16 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the metadata options for an instance", - "privilege": "ModifyInstanceMetadataOptions", + "description": "Grants permission to associate one or more targets with an event window", + "privilege": "AssociateInstanceEventWindow", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "instance-event-window*" }, { "condition_keys": [ @@ -84255,51 +84420,48 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the placement attributes for an instance", - "privilege": "ModifyInstancePlacement", + "description": "Grants permission to associate an Autonomous System Number (ASN) with a BYOIP CIDR", + "privilege": "AssociateIpamByoasn", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "instance*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate an IPAM resource discovery with an Amazon VPC IPAM", + "privilege": "AssociateIpamResourceDiscovery", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "dedicated-host" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipam*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "ipam-resource-discovery*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery-association*" }, { "condition_keys": [ @@ -84312,18 +84474,27 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM)", - "privilege": "ModifyIpam", + "description": "Grants permission to associate an Elastic IP address and private IP address with a public Nat gateway", + "privilege": "AssociateNatGatewayAddress", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam*" + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "natgateway*" }, { "condition_keys": [ @@ -84336,42 +84507,46 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "ModifyIpamPool", + "description": "Grants permission to associate a subnet or gateway with a route table", + "privilege": "AssociateRouteTable", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:InternetGatewayID", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "internet-gateway" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) resource CIDR", - "privilege": "ModifyIpamResourceCidr", - "resource_types": [ + "resource_type": "subnet" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam-scope*" + "resource_type": "vpn-gateway" }, { "condition_keys": [ @@ -84384,16 +84559,27 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a resource discovery", - "privilege": "ModifyIpamResourceDiscovery", + "description": "Grants permission to associate a CIDR block with a subnet", + "privilege": "AssociateSubnetCidrBlock", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam-resource-discovery*" + "resource_type": "ipam-pool" }, { "condition_keys": [ @@ -84406,42 +84592,35 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) scope", - "privilege": "ModifyIpamScope", + "description": "Grants permission to associate an attachment and list of subnets with a transit gateway multicast domain", + "privilege": "AssociateTransitGatewayMulticastDomain", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "ipam-scope*" + "resource_type": "subnet*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a launch template", - "privilege": "ModifyLaunchTemplate", - "resource_types": [ + "resource_type": "transit-gateway-attachment*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "launch-template*" + "resource_type": "transit-gateway-multicast-domain*" }, { "condition_keys": [ @@ -84454,8 +84633,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a local gateway route", - "privilege": "ModifyLocalGatewayRoute", + "description": "Grants permission to associate a policy table with a transit gateway attachment", + "privilege": "AssociateTransitGatewayPolicyTable", "resource_types": [ { "condition_keys": [ @@ -84463,7 +84642,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "transit-gateway-attachment*" }, { "condition_keys": [ @@ -84471,21 +84650,29 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "local-gateway-virtual-interface-group" + "resource_type": "transit-gateway-policy-table*" }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate an attachment with a transit gateway route table", + "privilege": "AssociateTransitGatewayRouteTable", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AuthorizedUser", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:Permission", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "network-interface" + "resource_type": "transit-gateway-attachment*" }, { "condition_keys": [ @@ -84493,7 +84680,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "prefix-list" + "resource_type": "transit-gateway-route-table*" }, { "condition_keys": [ @@ -84506,18 +84693,30 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a managed prefix list", - "privilege": "ModifyManagedPrefixList", + "description": "Grants permission to associate a branch network interface with a trunk network interface", + "privilege": "AssociateTrunkInterface", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate an AWS Web Application Firewall (WAF) web access control list (ACL) with a Verified Access instance", + "privilege": "AssociateVerifiedAccessInstanceWebAcl", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "prefix-list*" + "resource_type": "verified-access-instance*" }, { "condition_keys": [ @@ -84530,55 +84729,36 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of a network interface", - "privilege": "ModifyNetworkInterfaceAttribute", + "description": "Grants permission to associate a CIDR block with a VPC", + "privilege": "AssociateVpcCidrBlock", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "vpc*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "instance" + "resource_type": "ipam-pool" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "ipv6pool-ec2" }, { "condition_keys": [ @@ -84591,14 +84771,12 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the options for instance hostnames for the specified instance", - "privilege": "ModifyPrivateDnsNameOptions", + "description": "Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups", + "privilege": "AttachClassicLinkVpc", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:AvailabilityZone", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -84610,9 +84788,7 @@ "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", - "ec2:NewInstanceProfile", "ec2:PlacementGroup", - "ec2:ProductCode", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", "ec2:Tenancy" @@ -84620,6 +84796,26 @@ "dependent_actions": [], "resource_type": "instance*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, { "condition_keys": [ "ec2:Region" @@ -84631,22 +84827,27 @@ }, { "access_level": "Write", - "description": "Grants permission to modify attributes of one or more Reserved Instances", - "privilege": "ModifyReservedInstances", + "description": "Grants permission to attach an internet gateway to a VPC", + "privilege": "AttachInternetGateway", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:ReservedInstancesOfferingType", + "ec2:InternetGatewayID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "reserved-instances*" + "resource_type": "vpc*" }, { "condition_keys": [ @@ -84659,36 +84860,43 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the rules of a security group", - "privilege": "ModifySecurityGroupRules", + "description": "Grants permission to attach a network interface to an instance", + "privilege": "AttachNetworkInterface", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "security-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:RootDeviceType", + "ec2:Tenancy" ], "dependent_actions": [], - "resource_type": "security-group-rule*" + "resource_type": "instance*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "prefix-list" + "resource_type": "network-interface*" }, { "condition_keys": [ @@ -84700,28 +84908,25 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to add or remove permission settings for a snapshot", - "privilege": "ModifySnapshotAttribute", + "access_level": "Write", + "description": "Grants permission to attach a trust provider to a Verified Access instance", + "privilege": "AttachVerifiedAccessTrustProvider", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Add/group", - "ec2:Add/userId", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:Remove/group", - "ec2:Remove/userId", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-trust-provider*" }, { "condition_keys": [ @@ -84734,24 +84939,47 @@ }, { "access_level": "Write", - "description": "Grants permission to archive Amazon EBS snapshots", - "privilege": "ModifySnapshotTier", + "description": "Grants permission to attach an EBS volume to a running or stopped instance and expose it to the instance with the specified device name", + "privilege": "AttachVolume", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", "ec2:Encrypted", - "ec2:Owner", - "ec2:ParentVolume", + "ec2:ParentSnapshot", "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" ], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "volume*" }, { "condition_keys": [ @@ -84764,18 +84992,18 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a Spot Fleet request", - "privilege": "ModifySpotFleetRequest", + "description": "Grants permission to attach a virtual private gateway to a VPC", + "privilege": "AttachVpnGateway", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "spot-fleet-request*" + "resource_type": "vpc*" }, { "condition_keys": [ @@ -84783,18 +85011,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "launch-template" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "vpn-gateway*" }, { "condition_keys": [ @@ -84807,21 +85024,22 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of a subnet", - "privilege": "ModifySubnetAttribute", + "description": "Grants permission to add an inbound authorization rule to a Client VPN endpoint", + "privilege": "AuthorizeClientVpnIngress", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" ], "dependent_actions": [], - "resource_type": "subnet*" + "resource_type": "client-vpn-endpoint*" }, { "condition_keys": [ @@ -84834,18 +85052,28 @@ }, { "access_level": "Write", - "description": "Grants permission to allow or restrict mirroring network services", - "privilege": "ModifyTrafficMirrorFilterNetworkServices", + "description": "Grants permission to add one or more outbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications", + "privilege": "AuthorizeSecurityGroupEgress", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "traffic-mirror-filter*" + "resource_type": "security-group-rule" }, { "condition_keys": [ @@ -84858,26 +85086,28 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a traffic mirror rule", - "privilege": "ModifyTrafficMirrorFilterRule", + "description": "Grants permission to add one or more inbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications", + "privilege": "AuthorizeSecurityGroupIngress", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" ], - "dependent_actions": [], - "resource_type": "traffic-mirror-filter*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "security-group*" }, { "condition_keys": [ - "ec2:Attribute", - "ec2:Attribute/${AttributeName}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "traffic-mirror-filter-rule*" + "resource_type": "security-group-rule" }, { "condition_keys": [ @@ -84890,34 +85120,45 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a traffic mirror session", - "privilege": "ModifyTrafficMirrorSession", + "description": "Grants permission to bundle an instance store-backed Windows instance", + "privilege": "BundleInstance", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "traffic-mirror-session*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a bundling operation", + "privilege": "CancelBundleTask", + "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "traffic-mirror-filter" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a Capacity Reservation and release the reserved capacity", + "privilege": "CancelCapacityReservation", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:CapacityReservationFleet", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "traffic-mirror-target" + "resource_type": "capacity-reservation*" }, { "condition_keys": [ @@ -84930,26 +85171,18 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a transit gateway", - "privilege": "ModifyTransitGateway", + "description": "Grants permission to cancel one or more Capacity Reservation Fleets", + "privilege": "CancelCapacityReservationFleets", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "transit-gateway*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "dependent_actions": [ + "ec2:CancelCapacityReservation" ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table" + "resource_type": "capacity-reservation-fleet*" }, { "condition_keys": [ @@ -84962,28 +85195,30 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a transit gateway prefix list reference", - "privilege": "ModifyTransitGatewayPrefixListReference", + "description": "Grants permission to cancel an active conversion task", + "privilege": "CancelConversionTask", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "prefix-list*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel an active export task", + "privilege": "CancelExportTask", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "export-image-task" }, { "condition_keys": [ @@ -84991,7 +85226,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "transit-gateway-attachment" + "resource_type": "export-instance-task" }, { "condition_keys": [ @@ -85004,27 +85239,21 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a VPC attachment on a transit gateway", - "privilege": "ModifyTransitGatewayVpcAttachment", + "description": "Grants permission to remove your AWS account from the launch permissions for the specified AMI", + "privilege": "CancelImageLaunchPermission", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" + "ec2:RootDeviceType" ], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "image*" }, { "condition_keys": [ @@ -85037,8 +85266,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of a Verified Access endpoint", - "privilege": "ModifyVerifiedAccessEndpoint", + "description": "Grants permission to cancel an in-process import virtual machine or import snapshot task", + "privilege": "CancelImportTask", "resource_types": [ { "condition_keys": [ @@ -85046,27 +85275,30 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "verified-access-endpoint*" + "resource_type": "import-image-task" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "import-snapshot-task" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "verified-access-group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a Reserved Instance listing on the Reserved Instance Marketplace", + "privilege": "CancelReservedInstancesListing", + "resource_types": [ { "condition_keys": [ "ec2:Region" @@ -85078,8 +85310,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified Verified Access endpoint policy", - "privilege": "ModifyVerifiedAccessEndpointPolicy", + "description": "Grants permission to cancel one or more Spot Fleet requests", + "privilege": "CancelSpotFleetRequests", "resource_types": [ { "condition_keys": [ @@ -85087,7 +85319,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "verified-access-endpoint*" + "resource_type": "spot-fleet-request*" }, { "condition_keys": [ @@ -85100,8 +85332,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified Verified Access Group configuration", - "privilege": "ModifyVerifiedAccessGroup", + "description": "Grants permission to cancel one or more Spot Instance requests", + "privilege": "CancelSpotInstanceRequests", "resource_types": [ { "condition_keys": [ @@ -85109,15 +85341,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "verified-access-group*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-instance" + "resource_type": "spot-instances-request*" }, { "condition_keys": [ @@ -85130,17 +85354,9 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the specified Verified Access group policy", - "privilege": "ModifyVerifiedAccessGroupPolicy", + "description": "Grants permission to determine whether an owned product code is associated with an instance", + "privilege": "ConfirmProductInstance", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "verified-access-group*" - }, { "condition_keys": [ "ec2:Region" @@ -85152,16 +85368,15 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of the specified Verified Access instance", - "privilege": "ModifyVerifiedAccessInstance", + "description": "Grants permission to copy a source Amazon FPGA image (AFI) to the current Region. Resource-level permissions specified for this action apply to the new AFI only. They do not apply to the source AFI", + "privilege": "CopyFpgaImage", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:Owner" ], "dependent_actions": [], - "resource_type": "verified-access-instance*" + "resource_type": "fpga-image*" }, { "condition_keys": [ @@ -85174,16 +85389,20 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the logging configuration for the specified Verified Access instance", - "privilege": "ModifyVerifiedAccessInstanceLoggingConfiguration", + "description": "Grants permission to copy an Amazon Machine Image (AMI) from a source Region to the current Region. Resource-level permissions specified for this action apply to the new AMI only. They do not apply to the source AMI", + "privilege": "CopyImage", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:ImageID", + "ec2:Owner" ], - "dependent_actions": [], - "resource_type": "verified-access-instance*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "image*" }, { "condition_keys": [ @@ -85196,16 +85415,20 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of the specified Verified Access trust provider", - "privilege": "ModifyVerifiedAccessTrustProvider", + "description": "Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to the new snapshot only. They do not apply to the source snapshot", + "privilege": "CopySnapshot", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:OutpostArn", + "ec2:SnapshotID" ], - "dependent_actions": [], - "resource_type": "verified-access-trust-provider*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "snapshot*" }, { "condition_keys": [ @@ -85218,26 +85441,19 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the parameters of an EBS volume", - "privilege": "ModifyVolume", + "description": "Grants permission to create a Capacity Reservation", + "privilege": "CreateCapacityReservation", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:CapacityReservationFleet" ], - "dependent_actions": [], - "resource_type": "volume*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "capacity-reservation*" }, { "condition_keys": [ @@ -85250,26 +85466,21 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of a volume", - "privilege": "ModifyVolumeAttribute", + "description": "Grants permission to create a Capacity Reservation Fleet", + "privilege": "CreateCapacityReservationFleet", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "volume*" + "dependent_actions": [ + "ec2:CreateCapacityReservation", + "ec2:CreateTags", + "ec2:DescribeCapacityReservations", + "ec2:DescribeInstances" + ], + "resource_type": "capacity-reservation-fleet*" }, { "condition_keys": [ @@ -85282,14 +85493,22 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of a VPC", - "privilege": "ModifyVpcAttribute", + "description": "Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers", + "privilege": "CreateCarrierGateway", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "carrier-gateway*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}", "ec2:Tenancy", "ec2:VpcID" @@ -85308,27 +85527,24 @@ }, { "access_level": "Write", - "description": "Grants permission to modify an attribute of a VPC endpoint", - "privilege": "ModifyVpcEndpoint", + "description": "Grants permission to create a Client VPN endpoint", + "privilege": "CreateClientVpnEndpoint", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" ], - "dependent_actions": [], - "resource_type": "vpc-endpoint*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "route-table" + "resource_type": "client-vpn-endpoint*" }, { "condition_keys": [ @@ -85343,10 +85559,10 @@ "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "vpc" }, { "condition_keys": [ @@ -85359,24 +85575,31 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a connection notification for a VPC endpoint or VPC endpoint service", - "privilege": "ModifyVpcEndpointConnectionNotification", + "description": "Grants permission to add a network route to a Client VPN endpoint's route table", + "privilege": "CreateClientVpnRoute", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" ], "dependent_actions": [], - "resource_type": "vpc-endpoint" + "resource_type": "client-vpn-endpoint*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID" ], "dependent_actions": [], - "resource_type": "vpc-endpoint-service" + "resource_type": "subnet*" }, { "condition_keys": [ @@ -85389,19 +85612,16 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the attributes of a VPC endpoint service configuration", - "privilege": "ModifyVpcEndpointServiceConfiguration", + "description": "Grants permission to create a range of customer-owned IP (CoIP) addresses", + "privilege": "CreateCoipCidr", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" + "resource_type": "coip-pool*" }, { "condition_keys": [ @@ -85414,42 +85634,26 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the payer responsibility for a VPC endpoint service", - "privilege": "ModifyVpcEndpointServicePayerResponsibility", + "description": "Grants permission to create a pool of customer-owned IP (CoIP) addresses", + "privilege": "CreateCoipPool", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" - }, - { - "condition_keys": [ - "ec2:Region" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to modify the permissions for a VPC endpoint service", - "privilege": "ModifyVpcEndpointServicePermissions", - "resource_types": [ + "resource_type": "coip-pool*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" + "resource_type": "local-gateway-route-table*" }, { "condition_keys": [ @@ -85462,21 +85666,16 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the VPC peering connection options on one side of a VPC peering connection", - "privilege": "ModifyVpcPeeringConnectionOptions", + "description": "Grants permission to allow a service to access a customer-owned IP (CoIP) pool", + "privilege": "CreateCoipPoolPermission", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-peering-connection*" + "resource_type": "coip-pool*" }, { "condition_keys": [ @@ -85489,20 +85688,18 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the instance tenancy attribute of a VPC", - "privilege": "ModifyVpcTenancy", + "description": "Grants permission to create a customer gateway, which provides information to AWS about your customer gateway device", + "privilege": "CreateCustomerGateway", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "vpc*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "customer-gateway*" }, { "condition_keys": [ @@ -85515,38 +85712,9 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the target gateway of a Site-to-Site VPN connection", - "privilege": "ModifyVpnConnection", + "description": "Grants permission to create a default subnet in a specified Availability Zone in a default VPC", + "privilege": "CreateDefaultSubnet", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:InsideTunnelIpv6Cidr", - "ec2:Phase1DHGroup", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroup", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PreSharedKeys", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ReplayWindowSizePackets", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, { "condition_keys": [ "ec2:Region" @@ -85558,19 +85726,9 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the connection options for your Site-to-Site VPN connection", - "privilege": "ModifyVpnConnectionOptions", + "description": "Grants permission to create a default VPC with a default subnet in each Availability Zone", + "privilege": "CreateDefaultVpc", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "vpn-connection*" - }, { "condition_keys": [ "ec2:Region" @@ -85582,18 +85740,19 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the certificate for a Site-to-Site VPN connection", - "privilege": "ModifyVpnTunnelCertificate", + "description": "Grants permission to create a set of DHCP options for a VPC", + "privilege": "CreateDhcpOptions", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:DhcpOptionsID" ], - "dependent_actions": [], - "resource_type": "vpn-connection*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "dhcp-options*" }, { "condition_keys": [ @@ -85606,37 +85765,28 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the options for a Site-to-Site VPN connection", - "privilege": "ModifyVpnTunnelOptions", + "description": "Grants permission to create an egress-only internet gateway for a VPC", + "privilege": "CreateEgressOnlyInternetGateway", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "egress-only-internet-gateway*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:InsideTunnelIpv6Cidr", - "ec2:Phase1DHGroup", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroup", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PreSharedKeys", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ReplayWindowSizePackets", "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "vpn-connection*" + "resource_type": "vpc*" }, { "condition_keys": [ @@ -85649,26 +85799,29 @@ }, { "access_level": "Write", - "description": "Grants permission to enable detailed monitoring for a running instance", - "privilege": "MonitorInstances", + "description": "Grants permission to launch an EC2 Fleet. Resource-level permissions for this action do not include the resources specified in a launch template. To specify resource-level permissions for resources specified in a launch template, you must include the resources in the RunInstances action statement", + "privilege": "CreateFleet", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", "ec2:Tenancy" ], @@ -85677,61 +85830,54 @@ }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to move an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform", - "privilege": "MoveAddressToVpc", - "resource_types": [ + "resource_type": "image" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to move a BYOIP IPv4 CIDR to Amazon VPC IP Address Manager (IPAM) from a public IPv4 pool", - "privilege": "MoveByoipCidrToIpam", - "resource_types": [ + "resource_type": "launch-template" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "placement-group" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to temporarily pause I/O operations for a target Amazon EBS volume", - "privilege": "PauseVolumeIO", - "resource_types": [ + "resource_type": "subnet" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "ec2:AvailabilityZone", "ec2:Encrypted", + "ec2:KmsKeyId", "ec2:ParentSnapshot", - "ec2:ResourceTag/${TagKey}", "ec2:VolumeID", "ec2:VolumeIops", "ec2:VolumeSize", @@ -85739,28 +85885,7 @@ "ec2:VolumeType" ], "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "dependent_actions": [], - "resource_type": "instance" + "resource_type": "volume" }, { "condition_keys": [ @@ -85773,52 +85898,50 @@ }, { "access_level": "Write", - "description": "Grants permission to provision an address range for use in AWS through bring your own IP addresses (BYOIP), and to create a corresponding address pool", - "privilege": "ProvisionByoipCidr", + "description": "Grants permission to create one or more flow logs to capture IP traffic for a network interface", + "privilege": "CreateFlowLogs", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to provision a CIDR to an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "ProvisionIpamPoolCidr", - "resource_types": [ + "dependent_actions": [ + "ec2:CreateTags", + "iam:PassRole" + ], + "resource_type": "vpc-flow-log*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "network-interface" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to provision a CIDR to a public IPv4 pool", - "privilege": "ProvisionPublicIpv4PoolCidr", - "resource_types": [ + "resource_type": "subnet" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "transit-gateway" }, { "condition_keys": [ @@ -85826,7 +85949,17 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipv4pool-ec2*" + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc" }, { "condition_keys": [ @@ -85839,18 +85972,20 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase a reservation with configurations that match those of a Dedicated Host", - "privilege": "PurchaseHostReservation", + "description": "Grants permission to create an Amazon FPGA Image (AFI) from a design checkpoint (DCP)", + "privilege": "CreateFpgaImage", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Owner", + "ec2:Public" ], "dependent_actions": [ "ec2:CreateTags" ], - "resource_type": "dedicated-host*" + "resource_type": "fpga-image*" }, { "condition_keys": [ @@ -85863,23 +85998,59 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase a Reserved Instance offering", - "privilege": "PurchaseReservedInstancesOffering", + "description": "Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance", + "privilege": "CreateImage", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:ImageID", + "ec2:Owner" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to purchase one or more Scheduled Instances with a specified schedule", - "privilege": "PurchaseScheduledInstances", - "resource_types": [ + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, { "condition_keys": [ "ec2:Region" @@ -85891,34 +86062,64 @@ }, { "access_level": "Write", - "description": "Grants permission to attach an IAM policy that enables cross-account sharing to a resource", - "privilege": "PutResourcePolicy", + "description": "Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address", + "privilege": "CreateInstanceConnectEndpoint", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:SubnetID" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "instance-connect-endpoint*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "ipam-pool" + "resource_type": "subnet*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "security-group" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:Region" ], "dependent_actions": [], - "resource_type": "verified-access-group" + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an event window in which scheduled events for the associated Amazon EC2 instances can run", + "privilege": "CreateInstanceEventWindow", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "instance-event-window*" }, { "condition_keys": [ @@ -85931,9 +86132,19 @@ }, { "access_level": "Write", - "description": "Grants permission to request a reboot of one or more instances", - "privilege": "RebootInstances", + "description": "Grants permission to export a running or stopped instance to an Amazon S3 bucket", + "privilege": "CreateInstanceExportTask", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "export-instance-task*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", @@ -85948,7 +86159,6 @@ "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", "ec2:ProductCode", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", @@ -85968,33 +86178,19 @@ }, { "access_level": "Write", - "description": "Grants permission to register an Amazon Machine Image (AMI)", - "privilege": "RegisterImage", + "description": "Grants permission to create an internet gateway for a VPC", + "privilege": "CreateInternetGateway", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:Owner", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:InternetGatewayID" ], - "dependent_actions": [], - "resource_type": "image*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "internet-gateway*" }, { "condition_keys": [ @@ -86007,9 +86203,20 @@ }, { "access_level": "Write", - "description": "Grants permission to add tags to the set of tags to include in notifications about scheduled events for your instances", - "privilege": "RegisterInstanceEventNotificationAttributes", + "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM)", + "privilege": "CreateIpam", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "ipam*" + }, { "condition_keys": [ "ec2:Region" @@ -86021,20 +86228,18 @@ }, { "access_level": "Write", - "description": "Grants permission to register one or more network interfaces as a member of a group IP address in a transit gateway multicast domain", - "privilege": "RegisterTransitGatewayMulticastGroupMembers", + "description": "Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs", + "privilege": "CreateIpamPool", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "network-interface*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipam-pool*" }, { "condition_keys": [ @@ -86042,7 +86247,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" + "resource_type": "ipam-scope*" }, { "condition_keys": [ @@ -86055,28 +86260,19 @@ }, { "access_level": "Write", - "description": "Grants permission to register one or more network interfaces as a source of a group IP address in a transit gateway multicast domain", - "privilege": "RegisterTransitGatewayMulticastGroupSources", + "description": "Grants permission to create an IPAM resource discovery", + "privilege": "CreateIpamResourceDiscovery", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "network-interface*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "dependent_actions": [ + "ec2:CreateTags", + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" + "resource_type": "ipam-resource-discovery*" }, { "condition_keys": [ @@ -86089,24 +86285,26 @@ }, { "access_level": "Write", - "description": "Grants permission to reject requests to associate cross-account subnets with a transit gateway multicast domain", - "privilege": "RejectTransitGatewayMulticastDomainAssociations", + "description": "Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM", + "privilege": "CreateIpamScope", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipam*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain" + "resource_type": "ipam-scope*" }, { "condition_keys": [ @@ -86119,16 +86317,19 @@ }, { "access_level": "Write", - "description": "Grants permission to reject a transit gateway peering attachment request", - "privilege": "RejectTransitGatewayPeeringAttachment", + "description": "Grants permission to create a 2048-bit RSA key pair", + "privilege": "CreateKeyPair", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:KeyPairType" ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "key-pair*" }, { "condition_keys": [ @@ -86141,16 +86342,19 @@ }, { "access_level": "Write", - "description": "Grants permission to reject a request to attach a VPC to a transit gateway", - "privilege": "RejectTransitGatewayVpcAttachment", + "description": "Grants permission to create a launch template", + "privilege": "CreateLaunchTemplate", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "transit-gateway-attachment*" + "dependent_actions": [ + "ec2:CreateTags", + "ssm:GetParameters" + ], + "resource_type": "launch-template*" }, { "condition_keys": [ @@ -86163,16 +86367,18 @@ }, { "access_level": "Write", - "description": "Grants permission to reject one or more VPC endpoint connection requests to a VPC endpoint service", - "privilege": "RejectVpcEndpointConnections", + "description": "Grants permission to create a new version of a launch template", + "privilege": "CreateLaunchTemplateVersion", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" + "dependent_actions": [ + "ssm:GetParameters" + ], + "resource_type": "launch-template*" }, { "condition_keys": [ @@ -86185,44 +86391,44 @@ }, { "access_level": "Write", - "description": "Grants permission to reject a VPC peering connection request", - "privilege": "RejectVpcPeeringConnection", + "description": "Grants permission to create a static route for a local gateway route table", + "privilege": "CreateLocalGatewayRoute", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AccepterVpc", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-peering-connection*" + "resource_type": "local-gateway-route-table*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to release an Elastic IP address", - "privilege": "ReleaseAddress", - "resource_types": [ + "resource_type": "local-gateway-virtual-interface-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Domain", - "ec2:PublicIpAddress", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "elastic-ip" + "resource_type": "prefix-list" }, { "condition_keys": [ @@ -86235,16 +86441,26 @@ }, { "access_level": "Write", - "description": "Grants permission to release one or more On-Demand Dedicated Hosts", - "privilege": "ReleaseHosts", + "description": "Grants permission to create a local gateway route table", + "privilege": "CreateLocalGatewayRouteTable", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "local-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "dedicated-host*" + "resource_type": "local-gateway-route-table*" }, { "condition_keys": [ @@ -86257,8 +86473,8 @@ }, { "access_level": "Write", - "description": "Grants permission to release an allocation within an Amazon VPC IP Address Manager (IPAM) pool", - "privilege": "ReleaseIpamPoolAllocation", + "description": "Grants permission to allow a service to access a local gateway route table", + "privilege": "CreateLocalGatewayRouteTablePermission", "resource_types": [ { "condition_keys": [ @@ -86266,7 +86482,7 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipam-pool*" + "resource_type": "local-gateway-route-table*" }, { "condition_keys": [ @@ -86279,69 +86495,34 @@ }, { "access_level": "Write", - "description": "Grants permission to replace an IAM instance profile for an instance", - "privilege": "ReplaceIamInstanceProfileAssociation", + "description": "Grants permission to create a local gateway route table virtual interface group association", + "privilege": "CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:NewInstanceProfile", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [ - "iam:PassRole" + "ec2:CreateTags" ], - "resource_type": "instance*" + "resource_type": "local-gateway-route-table*" }, { "condition_keys": [ - "ec2:Region" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to change which network ACL a subnet is associated with", - "privilege": "ReplaceNetworkAclAssociation", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:NetworkAclID", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "network-acl*" + "resource_type": "local-gateway-route-table-virtual-interface-group-association*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "subnet*" + "resource_type": "local-gateway-virtual-interface-group*" }, { "condition_keys": [ @@ -86354,18 +86535,36 @@ }, { "access_level": "Write", - "description": "Grants permission to replace an entry (rule) in a network ACL", - "privilege": "ReplaceNetworkAclEntry", + "description": "Grants permission to associate a VPC with a local gateway route table", + "privilege": "CreateLocalGatewayRouteTableVpcAssociation", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "local-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table-vpc-association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "network-acl*" + "resource_type": "vpc*" }, { "condition_keys": [ @@ -86378,18 +86577,18 @@ }, { "access_level": "Write", - "description": "Grants permission to replace a route within a route table in a VPC", - "privilege": "ReplaceRoute", + "description": "Grants permission to create a managed prefix list", + "privilege": "CreateManagedPrefixList", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "route-table*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "prefix-list*" }, { "condition_keys": [ @@ -86402,54 +86601,40 @@ }, { "access_level": "Write", - "description": "Grants permission to change the route table that is associated with a subnet", - "privilege": "ReplaceRouteTableAssociation", + "description": "Grants permission to create a NAT gateway in a subnet", + "privilege": "CreateNatGateway", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "route-table*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:InternetGatewayID", - "ec2:ResourceTag/${TagKey}" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "internet-gateway" + "resource_type": "natgateway*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "ipv4pool-ec2" + "resource_type": "subnet*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "ipv6pool-ec2" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "elastic-ip" }, { "condition_keys": [ @@ -86462,24 +86647,29 @@ }, { "access_level": "Write", - "description": "Grants permission to replace a route in a transit gateway route table", - "privilege": "ReplaceTransitGatewayRoute", + "description": "Grants permission to create a network ACL in a VPC", + "privilege": "CreateNetworkAcl", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:NetworkAclID" ], - "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-acl*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "transit-gateway-attachment" + "resource_type": "vpc*" }, { "condition_keys": [ @@ -86492,16 +86682,18 @@ }, { "access_level": "Write", - "description": "Grants permission to replace a VPN tunnel", - "privilege": "ReplaceVpnTunnel", + "description": "Grants permission to create a numbered entry (a rule) in a network ACL", + "privilege": "CreateNetworkAclEntry", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "vpn-connection*" + "resource_type": "network-acl*" }, { "condition_keys": [ @@ -86514,9 +86706,19 @@ }, { "access_level": "Write", - "description": "Grants permission to submit feedback about the status of an instance", - "privilege": "ReportInstanceStatus", + "description": "Grants permission to create a Network Access Scope", + "privilege": "CreateNetworkInsightsAccessScope", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-access-scope*" + }, { "condition_keys": [ "ec2:Region" @@ -86528,39 +86730,62 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Spot Fleet request", - "privilege": "RequestSpotFleet", + "description": "Grants permission to create a path to analyze for reachability", + "privilege": "CreateNetworkInsightsPath", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "spot-fleet-request*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-path*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "ec2:RootDeviceType", + "ec2:Tenancy" ], "dependent_actions": [], - "resource_type": "image" + "resource_type": "instance" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:KeyPairType", + "ec2:InternetGatewayID", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "key-pair" + "resource_type": "internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" }, { "condition_keys": [ @@ -86568,53 +86793,42 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "launch-template" + "resource_type": "transit-gateway" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "vpc-endpoint" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "security-group" + "resource_type": "vpc-endpoint-service" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", + "ec2:AccepterVpc", + "ec2:RequesterVpc", "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" + "ec2:VpcPeeringConnectionID" ], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "vpc-peering-connection" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "subnet" + "resource_type": "vpn-gateway" }, { "condition_keys": [ @@ -86627,62 +86841,30 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Spot Instance request", - "privilege": "RequestSpotInstances", + "description": "Grants permission to create a network interface in a subnet", + "privilege": "CreateNetworkInterface", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" - ], - "resource_type": "spot-instances-request*" - }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:NetworkInterfaceID" ], - "dependent_actions": [], - "resource_type": "image" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:KeyPairName", - "ec2:KeyPairType", - "ec2:ResourceTag/${TagKey}" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "key-pair" + "resource_type": "network-interface*" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AuthorizedUser", "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:Permission", "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", + "ec2:SubnetID", "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "network-interface" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "subnet*" }, { "condition_keys": [ @@ -86696,34 +86878,6 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" - ], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "dependent_actions": [], - "resource_type": "subnet" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "ec2:Region" ], "dependent_actions": [], @@ -86732,22 +86886,24 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reset the attribute of the specified IP address", - "privilege": "ResetAddressAttribute", + "access_level": "Permissions management", + "description": "Grants permission to create a permission for an AWS-authorized user to perform certain operations on a network interface", + "privilege": "CreateNetworkInterfacePermission", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AllocationId", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Domain", - "ec2:PublicIpAddress", - "ec2:ResourceTag/${TagKey}" + "ec2:AuthorizedService", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:Permission", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "elastic-ip*" + "resource_type": "network-interface*" }, { "condition_keys": [ @@ -86760,34 +86916,20 @@ }, { "access_level": "Write", - "description": "Grants permission to reset the default customer master key (CMK) for EBS encryption for your account to use the AWS-managed CMK for EBS", - "privilege": "ResetEbsDefaultKmsKeyId", + "description": "Grants permission to create a placement group", + "privilege": "CreatePlacementGroup", "resource_types": [ { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reset an attribute of an Amazon FPGA Image (AFI) to its default value", - "privilege": "ResetFpgaImageAttribute", - "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}" + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], - "resource_type": "fpga-image*" + "resource_type": "placement-group*" }, { "condition_keys": [ @@ -86800,23 +86942,18 @@ }, { "access_level": "Write", - "description": "Grants permission to reset an attribute of an Amazon Machine Image (AMI) to its default value", - "privilege": "ResetImageAttribute", + "description": "Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM)", + "privilege": "CreatePublicIpv4Pool", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "image*" + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "ipv4pool-ec2*" }, { "condition_keys": [ @@ -86829,74 +86966,67 @@ }, { "access_level": "Write", - "description": "Grants permission to reset an attribute of an instance to its default value", - "privilege": "ResetInstanceAttribute", + "description": "Grants permission to create a root volume replacement task", + "privilege": "CreateReplaceRootVolumeTask", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", "ec2:InstanceID", "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", "ec2:ProductCode", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", "ec2:Tenancy" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "instance*" }, { "condition_keys": [ - "ec2:Region" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reset an attribute of a network interface", - "privilege": "ResetNetworkInterfaceAttribute", - "resource_types": [ + "resource_type": "replace-root-volume-task*" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:VolumeID" ], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "volume*" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to reset permission settings for a snapshot", - "privilege": "ResetSnapshotAttribute", - "resource_types": [ + "resource_type": "image" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", "ec2:Owner", "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", @@ -86905,7 +87035,7 @@ "ec2:VolumeSize" ], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "snapshot" }, { "condition_keys": [ @@ -86918,8 +87048,8 @@ }, { "access_level": "Write", - "description": "Grants permission to restore an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform", - "privilege": "RestoreAddressToClassic", + "description": "Grants permission to create a listing for Standard Reserved Instances to be sold in the Reserved Instance Marketplace", + "privilege": "CreateReservedInstancesListing", "resource_types": [ { "condition_keys": [ @@ -86932,20 +87062,19 @@ }, { "access_level": "Write", - "description": "Grants permission to restore an Amazon Machine Image (AMI) from the Recycle Bin", - "privilege": "RestoreImageFromRecycleBin", + "description": "Grants permission to start a task that restores an AMI from an S3 object previously created by using CreateStoreImageTask", + "privilege": "CreateRestoreImageTask", "resource_types": [ { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "ec2:ImageID", - "ec2:ImageType", - "ec2:Owner", - "ec2:Public", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "ec2:Owner" + ], + "dependent_actions": [ + "ec2:CreateTags" ], - "dependent_actions": [], "resource_type": "image*" }, { @@ -86959,16 +87088,18 @@ }, { "access_level": "Write", - "description": "Grants permission to restore the entries from a previous version of a managed prefix list to a new version of the prefix list", - "privilege": "RestoreManagedPrefixListVersion", - "resource_types": [ + "description": "Grants permission to create a route in a VPC route table", + "privilege": "CreateRoute", + "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "prefix-list*" + "resource_type": "route-table*" }, { "condition_keys": [ @@ -86981,22 +87112,29 @@ }, { "access_level": "Write", - "description": "Grants permission to restore an Amazon EBS snapshot from the Recycle Bin", - "privilege": "RestoreSnapshotFromRecycleBin", + "description": "Grants permission to create a route table for a VPC", + "privilege": "CreateRouteTable", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:RouteTableID" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "route-table*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Encrypted", - "ec2:Owner", - "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "vpc*" }, { "condition_keys": [ @@ -87009,23 +87147,73 @@ }, { "access_level": "Write", - "description": "Grants permission to restore an archived Amazon EBS snapshot for use temporarily or permanently, or modify the restore period or restore type for a snapshot that was previously temporarily restored", - "privilege": "RestoreSnapshotTier", + "description": "Grants permission to create a security group", + "privilege": "CreateSecurityGroup", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:SecurityGroupID" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "security-group*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:Encrypted", - "ec2:Owner", - "ec2:ParentVolume", "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a snapshot of an EBS volume and store it in Amazon S3", + "privilege": "CreateSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:OutpostArn", + "ec2:ParentVolume", "ec2:SnapshotID", - "ec2:SnapshotTime", + "ec2:SourceOutpostArn", "ec2:VolumeSize" ], - "dependent_actions": [], + "dependent_actions": [ + "ec2:CreateTags" + ], "resource_type": "snapshot*" }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, { "condition_keys": [ "ec2:Region" @@ -87037,22 +87225,53 @@ }, { "access_level": "Write", - "description": "Grants permission to remove an inbound authorization rule from a Client VPN endpoint", - "privilege": "RevokeClientVpnIngress", + "description": "Grants permission to create crash-consistent snapshots of multiple EBS volumes and store them in Amazon S3", + "privilege": "CreateSnapshots", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceID", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:PlacementGroup", "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:OutpostArn", + "ec2:ParentVolume", + "ec2:SnapshotID", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" ], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" }, { "condition_keys": [ @@ -87065,18 +87284,35 @@ }, { "access_level": "Write", - "description": "Grants permission to remove one or more outbound rules from a VPC security group", - "privilege": "RevokeSecurityGroupEgress", + "description": "Grants permission to create a data feed for Spot Instances to view Spot Instance usage logs", + "privilege": "CreateSpotDatafeedSubscription", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to store an AMI as a single object in an S3 bucket", + "privilege": "CreateStoreImageTask", "resource_types": [ { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:RootDeviceType" ], "dependent_actions": [], - "resource_type": "security-group*" + "resource_type": "image*" }, { "condition_keys": [ @@ -87089,18 +87325,37 @@ }, { "access_level": "Write", - "description": "Grants permission to remove one or more inbound rules from a security group", - "privilege": "RevokeSecurityGroupIngress", + "description": "Grants permission to create a subnet in a VPC", + "privilege": "CreateSubnet", "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:SubnetID" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "subnet*" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "security-group*" + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" }, { "condition_keys": [ @@ -87113,28 +87368,203 @@ }, { "access_level": "Write", - "description": "Grants permission to launch one or more instances", - "privilege": "RunInstances", + "description": "Grants permission to create a subnet CIDR reservation", + "privilege": "CreateSubnetCidrReservation", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for Amazon EC2 resources", + "privilege": "CreateTags", "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation-fleet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "carrier-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "coip-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "customer-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AutoPlacement", + "ec2:AvailabilityZone", + "ec2:HostRecovery", + "ec2:InstanceType", + "ec2:Quantity", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dedicated-host" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:DhcpOptionsID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dhcp-options" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "egress-only-internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ElasticGpuType", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-gpu" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "export-image-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "export-instance-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fpga-image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "host-reservation" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ImageID", "ec2:ImageType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", "ec2:Owner", "ec2:Public", "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType" ], - "dependent_actions": [ - "ec2:CreateTags" + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], - "resource_type": "image*" + "dependent_actions": [], + "resource_type": "import-image-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "import-snapshot-task" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", "ec2:EbsOptimized", "ec2:InstanceAutoRecovery", @@ -87143,112 +87573,105 @@ "ec2:InstanceMetadataTags", "ec2:InstanceProfile", "ec2:InstanceType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", "ec2:MetadataHttpEndpoint", "ec2:MetadataHttpPutResponseHopLimit", "ec2:MetadataHttpTokens", "ec2:PlacementGroup", "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", "ec2:RootDeviceType", "ec2:Tenancy" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "instance" }, { "condition_keys": [ - "ec2:AssociatePublicIpAddress", - "ec2:AuthorizedService", - "ec2:AvailabilityZone", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:NetworkInterfaceID", - "ec2:Subnet", - "ec2:Vpc" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID" ], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "instance-connect-endpoint" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "security-group*" + "resource_type": "instance-event-window" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" + "ec2:InternetGatewayID", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "subnet*" + "resource_type": "internet-gateway" }, { "condition_keys": [ - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:ParentSnapshot", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "ipam" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "capacity-reservation" + "resource_type": "ipam-pool" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ElasticGpuType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "elastic-gpu" + "resource_type": "ipam-resource-discovery" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "elastic-inference" + "resource_type": "ipam-resource-discovery-association" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "group" + "resource_type": "ipam-scope" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv6pool-ec2" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:IsLaunchTemplateResource", "ec2:KeyPairName", "ec2:KeyPairType", - "ec2:LaunchTemplate", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -87257,284 +87680,229 @@ { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "launch-template" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "license-configuration" + "resource_type": "local-gateway" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "placement-group" + "resource_type": "local-gateway-route-table" }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:VolumeSize" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "local-gateway-route-table-virtual-interface-group-association" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to launch one or more Scheduled Instances", - "privilege": "RunScheduledInstances", - "resource_types": [ + "resource_type": "local-gateway-route-table-vpc-association" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to search for routes in a local gateway route table", - "privilege": "SearchLocalGatewayRoutes", - "resource_types": [ + "resource_type": "local-gateway-virtual-interface" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "local-gateway-route-table*" + "resource_type": "local-gateway-virtual-interface-group" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to search for groups, sources, and members in a transit gateway multicast domain", - "privilege": "SearchTransitGatewayMulticastGroups", - "resource_types": [ + "resource_type": "natgateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-acl" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "transit-gateway-multicast-domain*" + "resource_type": "network-insights-access-scope" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to search for routes in a transit gateway route table", - "privilege": "SearchTransitGatewayRoutes", - "resource_types": [ + "resource_type": "network-insights-access-scope-analysis" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "transit-gateway-route-table*" + "resource_type": "network-insights-analysis" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send a diagnostic interrupt to an Amazon EC2 instance", - "privilege": "SendDiagnosticInterrupt", - "resource_types": [ + "resource_type": "network-insights-path" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", + "ec2:AuthorizedUser", "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", + "ec2:NetworkInterfaceID", + "ec2:Permission", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:Subnet", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "network-interface" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to interrupt a Spot Instance", - "privilege": "SendSpotInstanceInterruptions", - "resource_types": [ + "resource_type": "placement-group" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "prefix-list" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a stopped instance", - "privilege": "StartInstances", - "resource_types": [ + "resource_type": "replace-root-volume-task" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", "ec2:InstanceType", - "ec2:PlacementGroup", + "ec2:ReservedInstancesOfferingType", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", "ec2:Tenancy" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "reserved-instances" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], "dependent_actions": [], - "resource_type": "license-configuration" + "resource_type": "route-table" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a Network Access Scope analysis", - "privilege": "StartNetworkInsightsAccessScopeAnalysis", - "resource_types": [ + "resource_type": "security-group" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], - "dependent_actions": [ - "ec2:CreateTags" + "dependent_actions": [], + "resource_type": "security-group-rule" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" ], - "resource_type": "network-insights-access-scope*" + "dependent_actions": [], + "resource_type": "snapshot" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "network-insights-access-scope-analysis*" + "resource_type": "spot-fleet-request" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start analyzing a specified path", - "privilege": "StartNetworkInsightsAnalysis", - "resource_types": [ + "resource_type": "spot-instances-request" + }, { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateTags" + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" ], - "resource_type": "network-insights-analysis*" + "dependent_actions": [], + "resource_type": "subnet" }, { "condition_keys": [ @@ -87542,1536 +87910,26119 @@ "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "network-insights-path*" + "resource_type": "subnet-cidr-reservation" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start the private DNS verification process for a VPC endpoint service", - "privilege": "StartVpcEndpointServicePrivateDnsVerification", - "resource_types": [ + "resource_type": "traffic-mirror-filter" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "vpc-endpoint-service*" + "resource_type": "traffic-mirror-session" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop an Amazon EBS-backed instance", - "privilege": "StopInstances", - "resource_types": [ + "resource_type": "traffic-mirror-target" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "transit-gateway" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to terminate active Client VPN endpoint connections", - "privilege": "TerminateClientVpnConnections", - "resource_types": [ + "resource_type": "transit-gateway-attachment" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "client-vpn-endpoint*" + "resource_type": "transit-gateway-connect-peer" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to shut down one or more instances", - "privilege": "TerminateInstances", - "resource_types": [ + "resource_type": "transit-gateway-multicast-domain" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "transit-gateway-policy-table" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to unassign one or more IPv6 addresses from a network interface", - "privilege": "UnassignIpv6Addresses", - "resource_types": [ + "resource_type": "transit-gateway-route-table" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "transit-gateway-route-table-announcement" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to unassign one or more secondary private IP addresses from a network interface", - "privilege": "UnassignPrivateIpAddresses", - "resource_types": [ + "resource_type": "verified-access-endpoint" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:AvailabilityZone", - "ec2:NetworkInterfaceID", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "network-interface*" + "resource_type": "verified-access-group" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to unassign secondary private IPv4 addresses from a private NAT gateway", - "privilege": "UnassignPrivateNatGatewayAddress", - "resource_types": [ + "resource_type": "verified-access-instance" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "natgateway*" + "resource_type": "verified-access-policy" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disable detailed monitoring for a running instance", - "privilege": "UnmonitorInstances", - "resource_types": [ + "resource_type": "verified-access-trust-provider" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:PlacementGroup", - "ec2:ProductCode", + "ec2:Encrypted", + "ec2:ParentSnapshot", "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" ], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "volume" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update descriptions for one or more outbound rules in a VPC security group", - "privilege": "UpdateSecurityGroupRuleDescriptionsEgress", - "resource_types": [ + "resource_type": "vpc" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "security-group*" + "resource_type": "vpc-endpoint" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update descriptions for one or more inbound rules in a security group", - "privilege": "UpdateSecurityGroupRuleDescriptionsIngress", - "resource_types": [ + "resource_type": "vpc-endpoint-connection" + }, { "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "security-group*" + "resource_type": "vpc-endpoint-service" }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop advertising an address range that was provisioned for use in AWS through bring your own IP addresses (BYOIP)", - "privilege": "WithdrawByoipCidr", - "resource_types": [ + "resource_type": "vpc-endpoint-service-permission" + }, { "condition_keys": [ - "ec2:Region" + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:elastic-ip/${AllocationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:AllocationId", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Domain", - "ec2:PublicIpAddress", + "resource_type": "vpc-flow-log" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AccepterVpc", + "ec2:RequesterVpc", + "ec2:ResourceTag/${TagKey}", + "ec2:VpcPeeringConnectionID" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AuthenticationType", + "ec2:DPDTimeoutSeconds", + "ec2:GatewayType", + "ec2:IKEVersions", + "ec2:InsideTunnelCidr", + "ec2:InsideTunnelIpv6Cidr", + "ec2:Phase1DHGroup", + "ec2:Phase1EncryptionAlgorithms", + "ec2:Phase1IntegrityAlgorithms", + "ec2:Phase1LifetimeSeconds", + "ec2:Phase2DHGroup", + "ec2:Phase2EncryptionAlgorithms", + "ec2:Phase2IntegrityAlgorithms", + "ec2:Phase2LifetimeSeconds", + "ec2:RekeyFuzzPercentage", + "ec2:RekeyMarginTimeSeconds", + "ec2:ReplayWindowSizePackets", + "ec2:ResourceTag/${TagKey}", + "ec2:RoutingType" + ], + "dependent_actions": [], + "resource_type": "vpn-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway" + }, + { + "condition_keys": [ + "ec2:CreateAction", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a traffic mirror filter", + "privilege": "CreateTrafficMirrorFilter", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a traffic mirror filter rule", + "privilege": "CreateTrafficMirrorFilterRule", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter-rule*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a traffic mirror session", + "privilege": "CreateTrafficMirrorSession", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-session*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-target*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a traffic mirror target", + "privilege": "CreateTrafficMirrorTarget", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "traffic-mirror-target*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:VpceServiceName", + "ec2:VpceServiceOwner" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a transit gateway", + "privilege": "CreateTransitGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Connect attachment from a specified transit gateway attachment", + "privilege": "CreateTransitGatewayConnect", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Connect peer between a transit gateway and an appliance", + "privilege": "CreateTransitGatewayConnectPeer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-connect-peer*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a multicast domain for a transit gateway", + "privilege": "CreateTransitGatewayMulticastDomain", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request a transit gateway peering attachment between a requester and accepter transit gateway", + "privilege": "CreateTransitGatewayPeeringAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a transit gateway policy table", + "privilege": "CreateTransitGatewayPolicyTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-policy-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a transit gateway prefix list reference", + "privilege": "CreateTransitGatewayPrefixListReference", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a static route for a transit gateway route table", + "privilege": "CreateTransitGatewayRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a route table for a transit gateway", + "privilege": "CreateTransitGatewayRouteTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an announcement for a transit gateway route table", + "privilege": "CreateTransitGatewayRouteTableAnnouncement", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table-announcement*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to attach a VPC to a transit gateway", + "privilege": "CreateTransitGatewayVpcAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Verified Access endpoint", + "privilege": "CreateVerifiedAccessEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "verified-access-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:Permission", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Verified Access group", + "privilege": "CreateVerifiedAccessGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "verified-access-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Verified Access instance", + "privilege": "CreateVerifiedAccessInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a verified trust provider", + "privilege": "CreateVerifiedAccessTrustProvider", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "verified-access-trust-provider*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EBS volume", + "privilege": "CreateVolume", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:KmsKeyId", + "ec2:ParentSnapshot", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a VPC with a specified CIDR block", + "privilege": "CreateVpc", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", + "ec2:VpcID" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv6pool-ec2" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a VPC endpoint for an AWS service", + "privilege": "CreateVpcEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:VpcID" + ], + "dependent_actions": [ + "ec2:CreateTags", + "route53:AssociateVPCWithHostedZone" + ], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:VpceServiceName", + "ec2:VpceServiceOwner" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID" + ], + "dependent_actions": [], + "resource_type": "route-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a connection notification for a VPC endpoint or VPC endpoint service", + "privilege": "CreateVpcEndpointConnectionNotification", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect", + "privilege": "CreateVpcEndpointServiceConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:VpceServicePrivateDnsName" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request a VPC peering connection between two VPCs", + "privilege": "CreateVpcPeeringConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AccepterVpc", + "ec2:RequesterVpc", + "ec2:VpcPeeringConnectionID" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a VPN connection between a virtual private gateway or transit gateway and a customer gateway", + "privilege": "CreateVpnConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "customer-gateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AuthenticationType", + "ec2:DPDTimeoutSeconds", + "ec2:GatewayType", + "ec2:IKEVersions", + "ec2:InsideTunnelCidr", + "ec2:InsideTunnelIpv6Cidr", + "ec2:Phase1DHGroup", + "ec2:Phase1EncryptionAlgorithms", + "ec2:Phase1IntegrityAlgorithms", + "ec2:Phase1LifetimeSeconds", + "ec2:Phase2DHGroup", + "ec2:Phase2EncryptionAlgorithms", + "ec2:Phase2IntegrityAlgorithms", + "ec2:Phase2LifetimeSeconds", + "ec2:RekeyFuzzPercentage", + "ec2:RekeyMarginTimeSeconds", + "ec2:ReplayWindowSizePackets", + "ec2:RoutingType" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a static route for a VPN connection between a virtual private gateway and a customer gateway", + "privilege": "CreateVpnConnectionRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a virtual private gateway", + "privilege": "CreateVpnGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "vpn-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a carrier gateway", + "privilege": "DeleteCarrierGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "carrier-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Client VPN endpoint", + "privilege": "DeleteClientVpnEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route from a Client VPN endpoint", + "privilege": "DeleteClientVpnRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a range of customer-owned IP (CoIP) addresses", + "privilege": "DeleteCoipCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "coip-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a pool of customer-owned IP (CoIP) addresses", + "privilege": "DeleteCoipPool", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "coip-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deny a service from accessing a customer-owned IP (CoIP) pool", + "privilege": "DeleteCoipPoolPermission", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "coip-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a customer gateway", + "privilege": "DeleteCustomerGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "customer-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a set of DHCP options", + "privilege": "DeleteDhcpOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:DhcpOptionsID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dhcp-options*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an egress-only internet gateway", + "privilege": "DeleteEgressOnlyInternetGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "egress-only-internet-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more EC2 Fleets", + "privilege": "DeleteFleets", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more flow logs", + "privilege": "DeleteFlowLogs", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-flow-log*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon FPGA Image (AFI)", + "privilege": "DeleteFpgaImage", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fpga-image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EC2 Instance Connect Endpoint", + "privilege": "DeleteInstanceConnectEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID" + ], + "dependent_actions": [], + "resource_type": "instance-connect-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified event window", + "privilege": "DeleteInstanceEventWindow", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-event-window*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an internet gateway", + "privilege": "DeleteInternetGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:InternetGatewayID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) and remove all monitored data associated with the IPAM including the historical data for CIDRs", + "privilege": "DeleteIpam", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "DeleteIpamPool", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an IPAM resource discovery", + "privilege": "DeleteIpamResourceDiscovery", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the scope for an Amazon VPC IP Address Manager (IPAM)", + "privilege": "DeleteIpamScope", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a key pair by removing the public key from Amazon EC2", + "privilege": "DeleteKeyPair", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "key-pair" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a launch template and its associated versions", + "privilege": "DeleteLaunchTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more versions of a launch template", + "privilege": "DeleteLaunchTemplateVersions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route from a local gateway route table", + "privilege": "DeleteLocalGatewayRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a local gateway route table", + "privilege": "DeleteLocalGatewayRouteTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deny a service from accessing a local gateway route table", + "privilege": "DeleteLocalGatewayRouteTablePermission", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a local gateway route table virtual interface group association", + "privilege": "DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table-virtual-interface-group-association*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an association between a VPC and local gateway route table", + "privilege": "DeleteLocalGatewayRouteTableVpcAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table-vpc-association*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a managed prefix list", + "privilege": "DeleteManagedPrefixList", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a NAT gateway", + "privilege": "DeleteNatGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "natgateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a network ACL", + "privilege": "DeleteNetworkAcl", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-acl*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an inbound or outbound entry (rule) from a network ACL", + "privilege": "DeleteNetworkAclEntry", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-acl*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Network Access Scope", + "privilege": "DeleteNetworkInsightsAccessScope", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Network Access Scope analysis", + "privilege": "DeleteNetworkInsightsAccessScopeAnalysis", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a network insights analysis", + "privilege": "DeleteNetworkInsightsAnalysis", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-analysis*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a network insights path", + "privilege": "DeleteNetworkInsightsPath", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-path*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a detached network interface", + "privilege": "DeleteNetworkInterface", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete a permission that is associated with a network interface", + "privilege": "DeleteNetworkInterfacePermission", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a placement group", + "privilege": "DeletePlacementGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a public IPv4 address pool for public IPv4 CIDRs that you own and brought to Amazon to manage with Amazon VPC IP Address Manager (IPAM)", + "privilege": "DeletePublicIpv4Pool", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the queued purchases for the specified Reserved Instances", + "privilege": "DeleteQueuedReservedInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an IAM policy that enables cross-account sharing from a resource", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route from a route table", + "privilege": "DeleteRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route table", + "privilege": "DeleteRouteTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a security group", + "privilege": "DeleteSecurityGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a snapshot of an EBS volume", + "privilege": "DeleteSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a data feed for Spot Instances", + "privilege": "DeleteSpotDatafeedSubscription", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a subnet", + "privilege": "DeleteSubnet", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a subnet CIDR reservation", + "privilege": "DeleteSubnetCidrReservation", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to delete one or more tags from Amazon EC2 resources", + "privilege": "DeleteTags", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation-fleet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "carrier-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "coip-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "customer-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dedicated-host" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dhcp-options" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "egress-only-internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-gpu" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "export-image-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "export-instance-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fpga-image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "host-reservation" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "import-image-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "import-snapshot-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-connect-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-event-window" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery-association" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv6pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "key-pair" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table-virtual-interface-group-association" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table-vpc-association" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "natgateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-acl" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-analysis" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-path" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "replace-root-volume-task" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "reserved-instances" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "route-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "security-group-rule" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-fleet-request" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-instances-request" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "subnet-cidr-reservation" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-session" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-target" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-connect-peer" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-policy-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table-announcement" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-policy" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-trust-provider" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service-permission" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-flow-log" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway" + }, + { + "condition_keys": [ + "aws:TagKeys", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a traffic mirror filter", + "privilege": "DeleteTrafficMirrorFilter", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a traffic mirror filter rule", + "privilege": "DeleteTrafficMirrorFilterRule", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter-rule*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a traffic mirror session", + "privilege": "DeleteTrafficMirrorSession", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-session*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a traffic mirror target", + "privilege": "DeleteTrafficMirrorTarget", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-target*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway", + "privilege": "DeleteTransitGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway connect attachment", + "privilege": "DeleteTransitGatewayConnect", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway connect peer", + "privilege": "DeleteTransitGatewayConnectPeer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-connect-peer*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway multicast domain", + "privilege": "DeleteTransitGatewayMulticastDomain", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a peering attachment from a transit gateway", + "privilege": "DeleteTransitGatewayPeeringAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway policy table", + "privilege": "DeleteTransitGatewayPolicyTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-policy-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway prefix list reference", + "privilege": "DeleteTransitGatewayPrefixListReference", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a route from a transit gateway route table", + "privilege": "DeleteTransitGatewayRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway route table", + "privilege": "DeleteTransitGatewayRouteTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a transit gateway route table announcement", + "privilege": "DeleteTransitGatewayRouteTableAnnouncement", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table-announcement*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a VPC attachment from a transit gateway", + "privilege": "DeleteTransitGatewayVpcAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Verified Access endpoint", + "privilege": "DeleteVerifiedAccessEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Verified Access group", + "privilege": "DeleteVerifiedAccessGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Verified Access instance", + "privilege": "DeleteVerifiedAccessInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a verified trust provider", + "privilege": "DeleteVerifiedAccessTrustProvider", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-trust-provider*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EBS volume", + "privilege": "DeleteVolume", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a VPC", + "privilege": "DeleteVpc", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more VPC endpoint connection notifications", + "privilege": "DeleteVpcEndpointConnectionNotifications", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more VPC endpoint service configurations", + "privilege": "DeleteVpcEndpointServiceConfigurations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more VPC endpoints", + "privilege": "DeleteVpcEndpoints", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:VpceServiceName" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a VPC peering connection", + "privilege": "DeleteVpcPeeringConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AccepterVpc", + "ec2:RequesterVpc", + "ec2:ResourceTag/${TagKey}", + "ec2:VpcPeeringConnectionID" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a VPN connection", + "privilege": "DeleteVpnConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a static route for a VPN connection between a virtual private gateway and a customer gateway", + "privilege": "DeleteVpnConnectionRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a virtual private gateway", + "privilege": "DeleteVpnGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to release an IP address range that was provisioned through bring your own IP addresses (BYOIP), and to delete the corresponding address pool", + "privilege": "DeprovisionByoipCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deprovision an Autonomous System Number (ASN) from an Amazon Web Services account", + "privilege": "DeprovisionIpamByoasn", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deprovision a CIDR provisioned from an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "DeprovisionIpamPoolCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deprovision a CIDR from a public IPv4 pool", + "privilege": "DeprovisionPublicIpv4PoolCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister an Amazon Machine Image (AMI)", + "privilege": "DeregisterImage", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove tags from the set of tags to include in notifications about scheduled events for your instances", + "privilege": "DeregisterInstanceEventNotificationAttributes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister one or more network interface members from a group IP address in a transit gateway multicast domain", + "privilege": "DeregisterTransitGatewayMulticastGroupMembers", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister one or more network interface sources from a group IP address in a transit gateway multicast domain", + "privilege": "DeregisterTransitGatewayMulticastGroupSources", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the attributes of the AWS account", + "privilege": "DescribeAccountAttributes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an Elastic IP address transfer", + "privilege": "DescribeAddressTransfers", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Elastic IP addresses", + "privilege": "DescribeAddresses", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the attributes of the specified Elastic IP addresses", + "privilege": "DescribeAddressesAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the longer ID format settings for all resource types", + "privilege": "DescribeAggregateIdFormat", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more of the Availability Zones that are available to you", + "privilege": "DescribeAvailabilityZones", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the current infrastructure performance metric subscriptions", + "privilege": "DescribeAwsNetworkPerformanceMetricSubscriptions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more bundling tasks", + "privilege": "DescribeBundleTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the IP address ranges that were provisioned through bring your own IP addresses (BYOIP)", + "privilege": "DescribeByoipCidrs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe Capacity Block offerings available for purchase", + "privilege": "DescribeCapacityBlockOfferings", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Capacity Reservation Fleets", + "privilege": "DescribeCapacityReservationFleets", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Capacity Reservations", + "privilege": "DescribeCapacityReservations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Carrier Gateways", + "privilege": "DescribeCarrierGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more linked EC2-Classic instances", + "privilege": "DescribeClassicLinkInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the authorization rules for a Client VPN endpoint", + "privilege": "DescribeClientVpnAuthorizationRules", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe active client connections and connections that have been terminated within the last 60 minutes for a Client VPN endpoint", + "privilege": "DescribeClientVpnConnections", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Client VPN endpoints", + "privilege": "DescribeClientVpnEndpoints", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the routes for a Client VPN endpoint", + "privilege": "DescribeClientVpnRoutes", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the target networks that are associated with a Client VPN endpoint", + "privilege": "DescribeClientVpnTargetNetworks", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the specified customer-owned address pools or all of your customer-owned address pools", + "privilege": "DescribeCoipPools", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more conversion tasks", + "privilege": "DescribeConversionTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more customer gateways", + "privilege": "DescribeCustomerGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more DHCP options sets", + "privilege": "DescribeDhcpOptions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more egress-only internet gateways", + "privilege": "DescribeEgressOnlyInternetGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an Elastic Graphics accelerator that is associated with an instance", + "privilege": "DescribeElasticGpus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more export image tasks", + "privilege": "DescribeExportImageTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more export instance tasks", + "privilege": "DescribeExportTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe fast-launch enabled Windows AMIs", + "privilege": "DescribeFastLaunchImages", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the state of fast snapshot restores for snapshots", + "privilege": "DescribeFastSnapshotRestores", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the events for an EC2 Fleet during a specified time", + "privilege": "DescribeFleetHistory", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the running instances for an EC2 Fleet", + "privilege": "DescribeFleetInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more EC2 Fleets", + "privilege": "DescribeFleets", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more flow logs", + "privilege": "DescribeFlowLogs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the attributes of an Amazon FPGA Image (AFI)", + "privilege": "DescribeFpgaImageAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Owner", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fpga-image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Amazon FPGA Images (AFIs)", + "privilege": "DescribeFpgaImages", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the Dedicated Host Reservations that are available to purchase", + "privilege": "DescribeHostReservationOfferings", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the Dedicated Host Reservations that are associated with Dedicated Hosts in the AWS account", + "privilege": "DescribeHostReservations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Dedicated Hosts", + "privilege": "DescribeHosts", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the IAM instance profile associations", + "privilege": "DescribeIamInstanceProfileAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the ID format settings for resources", + "privilege": "DescribeIdFormat", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the ID format settings for resources for an IAM user, IAM role, or root user", + "privilege": "DescribeIdentityIdFormat", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an attribute of an Amazon Machine Image (AMI)", + "privilege": "DescribeImageAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more images (AMIs, AKIs, and ARIs)", + "privilege": "DescribeImages", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe import virtual machine or import snapshot tasks", + "privilege": "DescribeImportImageTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe import snapshot tasks", + "privilege": "DescribeImportSnapshotTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the attributes of an instance", + "privilege": "DescribeInstanceAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe EC2 Instance Connect Endpoints", + "privilege": "DescribeInstanceConnectEndpoints", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the credit option for CPU usage of one or more burstable performance instances", + "privilege": "DescribeInstanceCreditSpecifications", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the set of tags to include in notifications about scheduled events for your instances", + "privilege": "DescribeInstanceEventNotificationAttributes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the specified event windows or all event windows", + "privilege": "DescribeInstanceEventWindows", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the status of one or more instances", + "privilege": "DescribeInstanceStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe a tree-based hierarchy that represents the physical host placement of EC2 instances", + "privilege": "DescribeInstanceTopology", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the set of instance types that are offered in a location", + "privilege": "DescribeInstanceTypeOfferings", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the details of instance types that are offered in a location", + "privilege": "DescribeInstanceTypes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more instances", + "privilege": "DescribeInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more internet gateways", + "privilege": "DescribeInternetGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe a bring your own Autonomous System Number (BYOASN) that you've brought to IPAM", + "privilege": "DescribeIpamByoasn", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) pools", + "privilege": "DescribeIpamPools", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe IPAM resource discoveries", + "privilege": "DescribeIpamResourceDiscoveries", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe resource discovery associations with an Amazon VPC IPAM", + "privilege": "DescribeIpamResourceDiscoveryAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe Amazon VPC IP Address Manager (IPAM) scopes", + "privilege": "DescribeIpamScopes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an Amazon VPC IP Address Manager (IPAM)", + "privilege": "DescribeIpams", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more IPv6 address pools", + "privilege": "DescribeIpv6Pools", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more key pairs", + "privilege": "DescribeKeyPairs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more launch template versions", + "privilege": "DescribeLaunchTemplateVersions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [ + "ssm:GetParameters" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more launch templates", + "privilege": "DescribeLaunchTemplates", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to allow a service to describe local gateway route table permissions", + "privilege": "DescribeLocalGatewayRouteTablePermissions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the associations between virtual interface groups and local gateway route tables", + "privilege": "DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an association between VPCs and local gateway route tables", + "privilege": "DescribeLocalGatewayRouteTableVpcAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more local gateway route tables", + "privilege": "DescribeLocalGatewayRouteTables", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe local gateway virtual interface groups", + "privilege": "DescribeLocalGatewayVirtualInterfaceGroups", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe local gateway virtual interfaces", + "privilege": "DescribeLocalGatewayVirtualInterfaces", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more local gateways", + "privilege": "DescribeLocalGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the lock status for a snapshot", + "privilege": "DescribeLockedSnapshots", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe your EC2 Mac Dedicated hosts", + "privilege": "DescribeMacHosts", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe your managed prefix lists and any AWS-managed prefix lists", + "privilege": "DescribeManagedPrefixLists", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe Elastic IP addresses that are being moved to the EC2-VPC platform", + "privilege": "DescribeMovingAddresses", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more NAT gateways", + "privilege": "DescribeNatGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more network ACLs", + "privilege": "DescribeNetworkAcls", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Network Access Scope analyses", + "privilege": "DescribeNetworkInsightsAccessScopeAnalyses", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the Network Access Scopes", + "privilege": "DescribeNetworkInsightsAccessScopes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more network insights analyses", + "privilege": "DescribeNetworkInsightsAnalyses", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more network insights paths", + "privilege": "DescribeNetworkInsightsPaths", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe a network interface attribute", + "privilege": "DescribeNetworkInterfaceAttribute", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the permissions that are associated with a network interface", + "privilege": "DescribeNetworkInterfacePermissions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more network interfaces", + "privilege": "DescribeNetworkInterfaces", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more placement groups", + "privilege": "DescribePlacementGroups", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe available AWS services in a prefix list format", + "privilege": "DescribePrefixLists", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference", + "privilege": "DescribePrincipalIdFormat", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more IPv4 address pools", + "privilege": "DescribePublicIpv4Pools", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more AWS Regions that are currently available in your account", + "privilege": "DescribeRegions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe a root volume replacement task", + "privilege": "DescribeReplaceRootVolumeTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more purchased Reserved Instances in your account", + "privilege": "DescribeReservedInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe your account's Reserved Instance listings in the Reserved Instance Marketplace", + "privilege": "DescribeReservedInstancesListings", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the modifications made to one or more Reserved Instances", + "privilege": "DescribeReservedInstancesModifications", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the Reserved Instance offerings that are available for purchase", + "privilege": "DescribeReservedInstancesOfferings", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more route tables", + "privilege": "DescribeRouteTables", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to find available schedules for Scheduled Instances", + "privilege": "DescribeScheduledInstanceAvailability", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Scheduled Instances in your account", + "privilege": "DescribeScheduledInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the VPCs on the other side of a VPC peering connection that are referencing specified VPC security groups", + "privilege": "DescribeSecurityGroupReferences", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more of your security group rules", + "privilege": "DescribeSecurityGroupRules", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more security groups", + "privilege": "DescribeSecurityGroups", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an attribute of a snapshot", + "privilege": "DescribeSnapshotAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the storage tier status for Amazon EBS snapshots", + "privilege": "DescribeSnapshotTierStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more EBS snapshots", + "privilege": "DescribeSnapshots", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the data feed for Spot Instances", + "privilege": "DescribeSpotDatafeedSubscription", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the running instances for a Spot Fleet", + "privilege": "DescribeSpotFleetInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-fleet-request*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the events for a Spot Fleet request during a specified time", + "privilege": "DescribeSpotFleetRequestHistory", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-fleet-request*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Spot Fleet requests", + "privilege": "DescribeSpotFleetRequests", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more Spot Instance requests", + "privilege": "DescribeSpotInstanceRequests", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the Spot Instance price history", + "privilege": "DescribeSpotPriceHistory", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the stale security group rules for security groups in a specified VPC", + "privilege": "DescribeStaleSecurityGroups", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the progress of the AMI store tasks", + "privilege": "DescribeStoreImageTasks", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more subnets", + "privilege": "DescribeSubnets", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more tags for an Amazon EC2 resource", + "privilege": "DescribeTags", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more traffic mirror filters", + "privilege": "DescribeTrafficMirrorFilters", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more traffic mirror sessions", + "privilege": "DescribeTrafficMirrorSessions", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more traffic mirror targets", + "privilege": "DescribeTrafficMirrorTargets", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more attachments between resources and transit gateways", + "privilege": "DescribeTransitGatewayAttachments", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more transit gateway connect peers", + "privilege": "DescribeTransitGatewayConnectPeers", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more transit gateway connect attachments", + "privilege": "DescribeTransitGatewayConnects", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more transit gateway multicast domains", + "privilege": "DescribeTransitGatewayMulticastDomains", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more transit gateway peering attachments", + "privilege": "DescribeTransitGatewayPeeringAttachments", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe a transit gateway policy table", + "privilege": "DescribeTransitGatewayPolicyTables", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe a transit gateway route table announcement", + "privilege": "DescribeTransitGatewayRouteTableAnnouncements", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more transit gateway route tables", + "privilege": "DescribeTransitGatewayRouteTables", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more VPC attachments on a transit gateway", + "privilege": "DescribeTransitGatewayVpcAttachments", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more transit gateways", + "privilege": "DescribeTransitGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more network interface trunk associations", + "privilege": "DescribeTrunkInterfaceAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the specified Verified Access endpoints or all Verified Access endpoints", + "privilege": "DescribeVerifiedAccessEndpoints", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the specified Verified Access groups or all Verified Access groups", + "privilege": "DescribeVerifiedAccessGroups", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the current logging configuration for the Verified Access instances", + "privilege": "DescribeVerifiedAccessInstanceLoggingConfigurations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the AWS Web Application Firewall (WAF) web access control list (ACL) associations for a Verified Access instance", + "privilege": "DescribeVerifiedAccessInstanceWebAclAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the specified Verified Access instances or all Verified Access instances", + "privilege": "DescribeVerifiedAccessInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe details of existing Verified Access trust providers", + "privilege": "DescribeVerifiedAccessTrustProviders", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an attribute of an EBS volume", + "privilege": "DescribeVolumeAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the status of one or more EBS volumes", + "privilege": "DescribeVolumeStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more EBS volumes", + "privilege": "DescribeVolumes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the current modification status of one or more EBS volumes", + "privilege": "DescribeVolumesModifications", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an attribute of a VPC", + "privilege": "DescribeVpcAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the ClassicLink status of one or more VPCs", + "privilege": "DescribeVpcClassicLink", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the ClassicLink DNS support status of one or more VPCs", + "privilege": "DescribeVpcClassicLinkDnsSupport", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the connection notifications for VPC endpoints and VPC endpoint services", + "privilege": "DescribeVpcEndpointConnectionNotifications", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the VPC endpoint connections to your VPC endpoint services", + "privilege": "DescribeVpcEndpointConnections", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe VPC endpoint service configurations (your services)", + "privilege": "DescribeVpcEndpointServiceConfigurations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the principals (service consumers) that are permitted to discover your VPC endpoint service", + "privilege": "DescribeVpcEndpointServicePermissions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe all supported AWS services that can be specified when creating a VPC endpoint", + "privilege": "DescribeVpcEndpointServices", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more VPC endpoints", + "privilege": "DescribeVpcEndpoints", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more VPC peering connections", + "privilege": "DescribeVpcPeeringConnections", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more VPCs", + "privilege": "DescribeVpcs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more VPN connections", + "privilege": "DescribeVpnConnections", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe one or more virtual private gateways", + "privilege": "DescribeVpnGateways", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unlink (detach) a linked EC2-Classic instance from a VPC", + "privilege": "DetachClassicLinkVpc", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to detach an internet gateway from a VPC", + "privilege": "DetachInternetGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:InternetGatewayID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to detach a network interface from an instance", + "privilege": "DetachNetworkInterface", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to detach a trust provider from a Verified Access instance", + "privilege": "DetachVerifiedAccessTrustProvider", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-trust-provider*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to detach an EBS volume from an instance", + "privilege": "DetachVolume", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to detach a virtual private gateway from a VPC", + "privilege": "DetachVpnGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable Elastic IP address transfer", + "privilege": "DisableAddressTransfer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable infrastructure performance metric subscriptions", + "privilege": "DisableAwsNetworkPerformanceMetricSubscription", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable EBS encryption by default for your account", + "privilege": "DisableEbsEncryptionByDefault", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable faster launching for Windows AMIs", + "privilege": "DisableFastLaunch", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable fast snapshot restores for one or more snapshots in specified Availability Zones", + "privilege": "DisableFastSnapshotRestores", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable an AMI", + "privilege": "DisableImage", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable block public access for AMIs at the account level in the specified AWS Region", + "privilege": "DisableImageBlockPublicAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel the deprecation of the specified AMI", + "privilege": "DisableImageDeprecation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account", + "privilege": "DisableIpamOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [ + "organizations:DeregisterDelegatedAdministrator" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable access to the EC2 serial console of all instances for your account", + "privilege": "DisableSerialConsoleAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable the block public access for snapshots setting for a Region", + "privilege": "DisableSnapshotBlockPublicAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable a resource attachment from propagating routes to the specified propagation route table", + "privilege": "DisableTransitGatewayRouteTablePropagation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table-announcement" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable a virtual private gateway from propagating routes to a specified route table of a VPC", + "privilege": "DisableVgwRoutePropagation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable ClassicLink for a VPC", + "privilege": "DisableVpcClassicLink", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable ClassicLink DNS support for a VPC", + "privilege": "DisableVpcClassicLinkDnsSupport", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an Elastic IP address from an instance or network interface", + "privilege": "DisassociateAddress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a target network from a Client VPN endpoint", + "privilege": "DisassociateClientVpnTargetNetwork", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an ACM certificate from a IAM role", + "privilege": "DisassociateEnclaveCertificateIamRole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificate*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "role*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an IAM instance profile from a running or stopped instance", + "privilege": "DisassociateIamInstanceProfile", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate one or more targets from an event window", + "privilege": "DisassociateInstanceEventWindow", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-event-window*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an Autonomous System Number (ASN) from a BYOIP CIDR", + "privilege": "DisassociateIpamByoasn", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a resource discovery from an Amazon VPC IPAM", + "privilege": "DisassociateIpamResourceDiscovery", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery-association*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a secondary Elastic IP address from a public NAT gateway", + "privilege": "DisassociateNatGatewayAddress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "natgateway*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:Permission", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a subnet from a route table", + "privilege": "DisassociateRouteTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:InternetGatewayID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv6pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a CIDR block from a subnet", + "privilege": "DisassociateSubnetCidrBlock", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate one or more subnets from a transit gateway multicast domain", + "privilege": "DisassociateTransitGatewayMulticastDomain", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a policy table from a transit gateway", + "privilege": "DisassociateTransitGatewayPolicyTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-policy-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a resource attachment from a transit gateway route table", + "privilege": "DisassociateTransitGatewayRouteTable", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a branch network interface to a trunk network interface", + "privilege": "DisassociateTrunkInterface", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an AWS Web Application Firewall (WAF) web access control list (ACL) from a Verified Access instance", + "privilege": "DisassociateVerifiedAccessInstanceWebAcl", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a CIDR block from a VPC", + "privilege": "DisassociateVpcCidrBlock", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable Elastic IP address transfer", + "privilege": "EnableAddressTransfer", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable infrastructure performance subscriptions", + "privilege": "EnableAwsNetworkPerformanceMetricSubscription", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable EBS encryption by default for your account", + "privilege": "EnableEbsEncryptionByDefault", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable faster launching for Windows AMIs", + "privilege": "EnableFastLaunch", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable fast snapshot restores for one or more snapshots in specified Availability Zones", + "privilege": "EnableFastSnapshotRestores", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to re-enable a disabled AMI", + "privilege": "EnableImage", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable block public access for AMIs at the account level in the specified AWS Region", + "privilege": "EnableImageBlockPublicAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable deprecation of the specified AMI at the specified date and time", + "privilege": "EnableImageDeprecation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account", + "privilege": "EnableIpamOrganizationAdminAccount", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable organization sharing of reachability analyzer", + "privilege": "EnableReachabilityAnalyzerOrganizationSharing", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:EnableAWSServiceAccess" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable access to the EC2 serial console of all instances for your account", + "privilege": "EnableSerialConsoleAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or modify the block public access for snapshots setting for a Region", + "privilege": "EnableSnapshotBlockPublicAccess", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable an attachment to propagate routes to a propagation route table", + "privilege": "EnableTransitGatewayRouteTablePropagation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table-announcement" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable a virtual private gateway to propagate routes to a VPC route table", + "privilege": "EnableVgwRoutePropagation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable I/O operations for a volume that had I/O operations disabled", + "privilege": "EnableVolumeIO", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable a VPC for ClassicLink", + "privilege": "EnableVpcClassicLink", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable a VPC to support DNS hostname resolution for ClassicLink", + "privilege": "EnableVpcClassicLinkDnsSupport", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to download the client certificate revocation list for a Client VPN endpoint", + "privilege": "ExportClientVpnClientCertificateRevocationList", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to download the contents of the Client VPN endpoint configuration file for a Client VPN endpoint", + "privilege": "ExportClientVpnClientConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to export an Amazon Machine Image (AMI) to a VM file", + "privilege": "ExportImage", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "export-image-task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to export routes from a transit gateway route table to an Amazon S3 bucket", + "privilege": "ExportTransitGatewayRoutes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the list of roles associated with an ACM certificate", + "privilege": "GetAssociatedEnclaveCertificateIamRoles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificate*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the IPv6 CIDR block associations for a specified IPv6 address pool", + "privilege": "GetAssociatedIpv6PoolCidrs", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get network performance data", + "privilege": "GetAwsNetworkPerformanceData", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get usage information about a Capacity Reservation", + "privilege": "GetCapacityReservationUsage", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:CapacityReservationFleet", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the allocations from the specified customer-owned address pool", + "privilege": "GetCoipPoolUsage", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "coip-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the console output for an instance", + "privilege": "GetConsoleOutput", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a JPG-format screenshot of a running instance", + "privilege": "GetConsoleScreenshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the default credit option for CPU usage of a burstable performance instance family", + "privilege": "GetDefaultCreditSpecification", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the ID of the default customer master key (CMK) for EBS encryption by default", + "privilege": "GetEbsDefaultKmsKeyId", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe whether EBS encryption by default is enabled for your account", + "privilege": "GetEbsEncryptionByDefault", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to generate a CloudFormation template to streamline the integration of VPC flow logs with Amazon Athena", + "privilege": "GetFlowLogsIntegrationTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-flow-log*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the resource groups to which a Capacity Reservation has been added", + "privilege": "GetGroupsForCapacityReservation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:CapacityReservationFleet", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to preview a reservation purchase with configurations that match those of a Dedicated Host", + "privilege": "GetHostReservationPurchasePreview", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the current state of block public access for AMIs at the account level in the specified AWS Region", + "privilege": "GetImageBlockPublicAccessState", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the default instance metadata service (IMDS) settings set for your account in the specified Region", + "privilege": "GetInstanceMetadataDefaults", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view a list of instance types with specified instance attributes", + "privilege": "GetInstanceTypesFromInstanceRequirements", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the binary representation of the UEFI variable store", + "privilege": "GetInstanceUefiData", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve historical information about a CIDR within an Amazon VPC IP Address Manager (IPAM) scope", + "privilege": "GetIpamAddressHistory", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve IPAM discovered accounts", + "privilege": "GetIpamDiscoveredAccounts", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the public IP addresses that have been discovered by IPAM", + "privilege": "GetIpamDiscoveredPublicAddresses", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the resource CIDRs that are monitored as part of a resource discovery", + "privilege": "GetIpamDiscoveredResourceCidrs", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "GetIpamPoolAllocations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "GetIpamPoolCidrs", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the resources in an Amazon VPC IP Address Manager (IPAM) scope", + "privilege": "GetIpamResourceCidrs", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the configuration data of the specified instance for use with a new launch template or launch template version", + "privilege": "GetLaunchTemplateData", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the resources that are associated with the specified managed prefix list", + "privilege": "GetManagedPrefixListAssociations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the entries for a specified managed prefix list", + "privilege": "GetManagedPrefixListEntries", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the findings for one or more Network Access Scope analyses", + "privilege": "GetNetworkInsightsAccessScopeAnalysisFindings", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the content for a specified Network Access Scope", + "privilege": "GetNetworkInsightsAccessScopeContent", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the encrypted administrator password for a running Windows instance", + "privilege": "GetPasswordData", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a quote and exchange information for exchanging one or more Convertible Reserved Instances for a new Convertible Reserved Instance", + "privilege": "GetReservedInstancesExchangeQuote", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an IAM policy that enables cross-account sharing", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of security groups for a specified VPC", + "privilege": "GetSecurityGroupsForVpc", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the access status of your account to the EC2 serial console of all instances", + "privilege": "GetSerialConsoleAccessStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the current state of the block public access for snapshots setting for a Region", + "privilege": "GetSnapshotBlockPublicAccessState", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to calculate the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements", + "privilege": "GetSpotPlacementScores", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the subnet CIDR reservations", + "privilege": "GetSubnetCidrReservations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the route tables to which a resource attachment propagates routes", + "privilege": "GetTransitGatewayAttachmentPropagations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about the associations for a transit gateway multicast domain", + "privilege": "GetTransitGatewayMulticastDomainAssociations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about associations for a transit gateway policy table", + "privilege": "GetTransitGatewayPolicyTableAssociations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-policy-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about associations for a transit gateway policy table entry", + "privilege": "GetTransitGatewayPolicyTableEntries", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-policy-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about prefix list references for a transit gateway route table", + "privilege": "GetTransitGatewayPrefixListReferences", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about associations for a transit gateway route table", + "privilege": "GetTransitGatewayRouteTableAssociations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get information about the route table propagations for a transit gateway route table", + "privilege": "GetTransitGatewayRouteTablePropagations", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to show the Verified Access policy associated with the endpoint", + "privilege": "GetVerifiedAccessEndpointPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to show the contents of the Verified Access policy associated with the group", + "privilege": "GetVerifiedAccessGroupPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to show the AWS Web Application Firewall (WAF) web access control list (ACL) for a Verified Access instance", + "privilege": "GetVerifiedAccessInstanceWebAcl", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to download an AWS-provided sample configuration file to be used with the customer gateway device", + "privilege": "GetVpnConnectionDeviceSampleConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vpn-connection-device-type*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to obtain a list of customer gateway devices for which sample configuration files can be provided", + "privilege": "GetVpnConnectionDeviceTypes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view available tunnel endpoint maintenance events", + "privilege": "GetVpnTunnelReplacementStatus", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to transfer existing BYOIP IPv4 CIDRs to IPAM", + "privilege": "ImportByoipCidrToIpam", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload a client certificate revocation list to a Client VPN endpoint", + "privilege": "ImportClientVpnClientCertificateRevocationList", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI)", + "privilege": "ImportImage", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:RootDeviceType" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "import-image-task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an import instance task using metadata from a disk image", + "privilege": "ImportInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:InstanceID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import a public key from an RSA key pair that was created with a third-party tool", + "privilege": "ImportKeyPair", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "key-pair*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import a disk into an EBS snapshot", + "privilege": "ImportSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "import-snapshot-task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an import volume task using metadata from a disk image", + "privilege": "ImportVolume", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to temporarily inject errors for target API requests", + "privilege": "InjectApiError", + "resource_types": [ + { + "condition_keys": [ + "ec2:FisActionId", + "ec2:FisTargetArns", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Amazon Machine Images (AMIs) that are currently in the Recycle Bin", + "privilege": "ListImagesInRecycleBin", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Amazon EBS snapshots that are currently in the Recycle Bin", + "privilege": "ListSnapshotsInRecycleBin", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to lock an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions", + "privilege": "LockSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotCoolOffPeriod", + "ec2:SnapshotID", + "ec2:SnapshotLockDuration", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of the specified Elastic IP address", + "privilege": "ModifyAddressAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the opt-in status of the Local Zone and Wavelength Zone group for your account", + "privilege": "ModifyAvailabilityZoneGroup", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a Capacity Reservation's capacity and the conditions under which it is to be released", + "privilege": "ModifyCapacityReservation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:CapacityReservationFleet", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a Capacity Reservation Fleet", + "privilege": "ModifyCapacityReservationFleet", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:ModifyCapacityReservation" + ], + "resource_type": "capacity-reservation-fleet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a Client VPN endpoint", + "privilege": "ModifyClientVpnEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change the account level default credit option for CPU usage of burstable performance instances", + "privilege": "ModifyDefaultCreditSpecification", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change the default customer master key (CMK) for EBS encryption by default for your account", + "privilege": "ModifyEbsDefaultKmsKeyId", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an EC2 Fleet", + "privilege": "ModifyFleet", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of an Amazon FPGA Image (AFI)", + "privilege": "ModifyFpgaImageAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fpga-image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a Dedicated Host", + "privilege": "ModifyHosts", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dedicated-host*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the ID format for a resource", + "privilege": "ModifyIdFormat", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the ID format of a resource for a specific principal in your account", + "privilege": "ModifyIdentityIdFormat", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of an Amazon Machine Image (AMI)", + "privilege": "ModifyImageAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of an instance", + "privilege": "ModifyInstanceAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the Capacity Reservation settings for a stopped instance", + "privilege": "ModifyInstanceCapacityReservationAttributes", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the credit option for CPU usage on an instance", + "privilege": "ModifyInstanceCreditSpecification", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the start time for a scheduled EC2 instance event", + "privilege": "ModifyInstanceEventStartTime", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified event window", + "privilege": "ModifyInstanceEventWindow", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "instance-event-window*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the recovery behaviour for an instance", + "privilege": "ModifyInstanceMaintenanceOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the default instance metadata service (IMDS) settings for your account in the specified Region", + "privilege": "ModifyInstanceMetadataDefaults", + "resource_types": [ + { + "condition_keys": [ + "ec2:Attribute/${AttributeName}", + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the metadata options for an instance", + "privilege": "ModifyInstanceMetadataOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the placement attributes for an instance", + "privilege": "ModifyInstancePlacement", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dedicated-host" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM)", + "privilege": "ModifyIpam", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "ModifyIpamPool", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) resource CIDR", + "privilege": "ModifyIpamResourceCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a resource discovery", + "privilege": "ModifyIpamResourceDiscovery", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-resource-discovery*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) scope", + "privilege": "ModifyIpamScope", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-scope*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a launch template", + "privilege": "ModifyLaunchTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a local gateway route", + "privilege": "ModifyLocalGatewayRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-virtual-interface-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:Permission", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a managed prefix list", + "privilege": "ModifyManagedPrefixList", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of a network interface", + "privilege": "ModifyNetworkInterfaceAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the options for instance hostnames for the specified instance", + "privilege": "ModifyPrivateDnsNameOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify attributes of one or more Reserved Instances", + "privilege": "ModifyReservedInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:InstanceType", + "ec2:ReservedInstancesOfferingType", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "reserved-instances*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the rules of a security group", + "privilege": "ModifySecurityGroupRules", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "security-group-rule*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to add or remove permission settings for a snapshot", + "privilege": "ModifySnapshotAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Add/group", + "ec2:Add/userId", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Remove/group", + "ec2:Remove/userId", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to archive Amazon EBS snapshots", + "privilege": "ModifySnapshotTier", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a Spot Fleet request", + "privilege": "ModifySpotFleetRequest", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-fleet-request*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of a subnet", + "privilege": "ModifySubnetAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to allow or restrict mirroring network services", + "privilege": "ModifyTrafficMirrorFilterNetworkServices", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a traffic mirror rule", + "privilege": "ModifyTrafficMirrorFilterRule", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter*" + }, + { + "condition_keys": [ + "ec2:Attribute", + "ec2:Attribute/${AttributeName}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter-rule*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a traffic mirror session", + "privilege": "ModifyTrafficMirrorSession", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-session*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-filter" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "traffic-mirror-target" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a transit gateway", + "privilege": "ModifyTransitGateway", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a transit gateway prefix list reference", + "privilege": "ModifyTransitGatewayPrefixListReference", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a VPC attachment on a transit gateway", + "privilege": "ModifyTransitGatewayVpcAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configuration of a Verified Access endpoint", + "privilege": "ModifyVerifiedAccessEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified Verified Access endpoint policy", + "privilege": "ModifyVerifiedAccessEndpointPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified Verified Access Group configuration", + "privilege": "ModifyVerifiedAccessGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified Verified Access group policy", + "privilege": "ModifyVerifiedAccessGroupPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configuration of the specified Verified Access instance", + "privilege": "ModifyVerifiedAccessInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the logging configuration for the specified Verified Access instance", + "privilege": "ModifyVerifiedAccessInstanceLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configuration of the specified Verified Access trust provider", + "privilege": "ModifyVerifiedAccessTrustProvider", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-trust-provider*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the parameters of an EBS volume", + "privilege": "ModifyVolume", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of a volume", + "privilege": "ModifyVolumeAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of a VPC", + "privilege": "ModifyVpcAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an attribute of a VPC endpoint", + "privilege": "ModifyVpcEndpoint", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID" + ], + "dependent_actions": [], + "resource_type": "route-table" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a connection notification for a VPC endpoint or VPC endpoint service", + "privilege": "ModifyVpcEndpointConnectionNotification", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the attributes of a VPC endpoint service configuration", + "privilege": "ModifyVpcEndpointServiceConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}", + "ec2:VpceServicePrivateDnsName" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the payer responsibility for a VPC endpoint service", + "privilege": "ModifyVpcEndpointServicePayerResponsibility", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to modify the permissions for a VPC endpoint service", + "privilege": "ModifyVpcEndpointServicePermissions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the VPC peering connection options on one side of a VPC peering connection", + "privilege": "ModifyVpcPeeringConnectionOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AccepterVpc", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:RequesterVpc", + "ec2:ResourceTag/${TagKey}", + "ec2:VpcPeeringConnectionID" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the instance tenancy attribute of a VPC", + "privilege": "ModifyVpcTenancy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "dependent_actions": [], + "resource_type": "vpc*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the target gateway of a Site-to-Site VPN connection", + "privilege": "ModifyVpnConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AuthenticationType", + "ec2:DPDTimeoutSeconds", + "ec2:GatewayType", + "ec2:IKEVersions", + "ec2:InsideTunnelCidr", + "ec2:InsideTunnelIpv6Cidr", + "ec2:Phase1DHGroup", + "ec2:Phase1EncryptionAlgorithms", + "ec2:Phase1IntegrityAlgorithms", + "ec2:Phase1LifetimeSeconds", + "ec2:Phase2DHGroup", + "ec2:Phase2EncryptionAlgorithms", + "ec2:Phase2IntegrityAlgorithms", + "ec2:Phase2LifetimeSeconds", + "ec2:RekeyFuzzPercentage", + "ec2:RekeyMarginTimeSeconds", + "ec2:ReplayWindowSizePackets", + "ec2:ResourceTag/${TagKey}", + "ec2:RoutingType" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the connection options for your Site-to-Site VPN connection", + "privilege": "ModifyVpnConnectionOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the certificate for a Site-to-Site VPN connection", + "privilege": "ModifyVpnTunnelCertificate", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the options for a Site-to-Site VPN connection", + "privilege": "ModifyVpnTunnelOptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AuthenticationType", + "ec2:DPDTimeoutSeconds", + "ec2:GatewayType", + "ec2:IKEVersions", + "ec2:InsideTunnelCidr", + "ec2:InsideTunnelIpv6Cidr", + "ec2:Phase1DHGroup", + "ec2:Phase1EncryptionAlgorithms", + "ec2:Phase1IntegrityAlgorithms", + "ec2:Phase1LifetimeSeconds", + "ec2:Phase2DHGroup", + "ec2:Phase2EncryptionAlgorithms", + "ec2:Phase2IntegrityAlgorithms", + "ec2:Phase2LifetimeSeconds", + "ec2:RekeyFuzzPercentage", + "ec2:RekeyMarginTimeSeconds", + "ec2:ReplayWindowSizePackets", + "ec2:ResourceTag/${TagKey}", + "ec2:RoutingType" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable detailed monitoring for a running instance", + "privilege": "MonitorInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to move an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform", + "privilege": "MoveAddressToVpc", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to move a BYOIP IPv4 CIDR to Amazon VPC IP Address Manager (IPAM) from a public IPv4 pool", + "privilege": "MoveByoipCidrToIpam", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to temporarily pause I/O operations for a target Amazon EBS volume", + "privilege": "PauseVolumeIO", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:ParentSnapshot", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision an address range for use in AWS through bring your own IP addresses (BYOIP), and to create a corresponding address pool", + "privilege": "ProvisionByoipCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision an Autonomous System Number (ASN) for use in an Amazon Web Services account", + "privilege": "ProvisionIpamByoasn", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision a CIDR to an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "ProvisionIpamPoolCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision a CIDR to a public IPv4 pool", + "privilege": "ProvisionPublicIpv4PoolCidr", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to purchase a Capacity Block offering", + "privilege": "PurchaseCapacityBlock", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:CapacityReservationFleet" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "capacity-reservation*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to purchase a reservation with configurations that match those of a Dedicated Host", + "privilege": "PurchaseHostReservation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "dedicated-host*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to purchase a Reserved Instance offering", + "privilege": "PurchaseReservedInstancesOffering", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to purchase one or more Scheduled Instances with a specified schedule", + "privilege": "PurchaseScheduledInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to attach an IAM policy that enables cross-account sharing to a resource", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "verified-access-group" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request a reboot of one or more instances", + "privilege": "RebootInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register an Amazon Machine Image (AMI)", + "privilege": "RegisterImage", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:ImageID", + "ec2:Owner" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add tags to the set of tags to include in notifications about scheduled events for your instances", + "privilege": "RegisterInstanceEventNotificationAttributes", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register one or more network interfaces as a member of a group IP address in a transit gateway multicast domain", + "privilege": "RegisterTransitGatewayMulticastGroupMembers", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register one or more network interfaces as a source of a group IP address in a transit gateway multicast domain", + "privilege": "RegisterTransitGatewayMulticastGroupSources", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject requests to associate cross-account subnets with a transit gateway multicast domain", + "privilege": "RejectTransitGatewayMulticastDomainAssociations", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject a transit gateway peering attachment request", + "privilege": "RejectTransitGatewayPeeringAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject a request to attach a VPC to a transit gateway", + "privilege": "RejectTransitGatewayVpcAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject one or more VPC endpoint connection requests to a VPC endpoint service", + "privilege": "RejectVpcEndpointConnections", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reject a VPC peering connection request", + "privilege": "RejectVpcPeeringConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AccepterVpc", + "ec2:RequesterVpc", + "ec2:ResourceTag/${TagKey}", + "ec2:VpcPeeringConnectionID" + ], + "dependent_actions": [], + "resource_type": "vpc-peering-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to release an Elastic IP address", + "privilege": "ReleaseAddress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to release one or more On-Demand Dedicated Hosts", + "privilege": "ReleaseHosts", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "dedicated-host*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to release an allocation within an Amazon VPC IP Address Manager (IPAM) pool", + "privilege": "ReleaseIpamPoolAllocation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipam-pool*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace an IAM instance profile for an instance", + "privilege": "ReplaceIamInstanceProfileAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change which network ACL a subnet is associated with", + "privilege": "ReplaceNetworkAclAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-acl*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace an entry (rule) in a network ACL", + "privilege": "ReplaceNetworkAclEntry", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:NetworkAclID", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-acl*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace a route within a route table in a VPC", + "privilege": "ReplaceRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change the route table that is associated with a subnet", + "privilege": "ReplaceRouteTableAssociation", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:InternetGatewayID", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "internet-gateway" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv4pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "ipv6pool-ec2" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-gateway" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace a route in a transit gateway route table", + "privilege": "ReplaceTransitGatewayRoute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-attachment" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace a VPN tunnel", + "privilege": "ReplaceVpnTunnel", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpn-connection*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to submit feedback about the status of an instance", + "privilege": "ReportInstanceStatus", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Spot Fleet request", + "privilege": "RequestSpotFleet", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "spot-fleet-request*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "key-pair" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Spot Instance request", + "privilege": "RequestSpotInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags", + "iam:PassRole" + ], + "resource_type": "spot-instances-request*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "key-pair" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:Permission", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset the attribute of the specified IP address", + "privilege": "ResetAddressAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AllocationId", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-ip*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset the default customer master key (CMK) for EBS encryption for your account to use the AWS-managed CMK for EBS", + "privilege": "ResetEbsDefaultKmsKeyId", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset an attribute of an Amazon FPGA Image (AFI) to its default value", + "privilege": "ResetFpgaImageAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "fpga-image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset an attribute of an Amazon Machine Image (AMI) to its default value", + "privilege": "ResetImageAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset an attribute of an instance to its default value", + "privilege": "ResetInstanceAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset an attribute of a network interface", + "privilege": "ResetNetworkInterfaceAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to reset permission settings for a snapshot", + "privilege": "ResetSnapshotAttribute", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform", + "privilege": "RestoreAddressToClassic", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore an Amazon Machine Image (AMI) from the Recycle Bin", + "privilege": "RestoreImageFromRecycleBin", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [], + "resource_type": "image*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore the entries from a previous version of a managed prefix list to a new version of the prefix list", + "privilege": "RestoreManagedPrefixListVersion", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "prefix-list*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore an Amazon EBS snapshot from the Recycle Bin", + "privilege": "RestoreSnapshotFromRecycleBin", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to restore an archived Amazon EBS snapshot for use temporarily or permanently, or modify the restore period or restore type for a snapshot that was previously temporarily restored", + "privilege": "RestoreSnapshotTier", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an inbound authorization rule from a Client VPN endpoint", + "privilege": "RevokeClientVpnIngress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove one or more outbound rules from a VPC security group", + "privilege": "RevokeSecurityGroupEgress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove one or more inbound rules from a security group", + "privilege": "RevokeSecurityGroupIngress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to launch one or more instances", + "privilege": "RunInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Owner", + "ec2:Public", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "dependent_actions": [ + "ec2:CreateTags", + "iam:PassRole", + "ssm:GetParameters" + ], + "resource_type": "image*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AssociatePublicIpAddress", + "ec2:AuthorizedService", + "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:NetworkInterfaceID", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "subnet*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "capacity-reservation" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ElasticGpuType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "elastic-gpu" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "elastic-inference" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:LaunchTemplate", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "key-pair" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "launch-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-configuration" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "placement-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotID", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:ParentSnapshot", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to launch one or more Scheduled Instances", + "privilege": "RunScheduledInstances", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to search for routes in a local gateway route table", + "privilege": "SearchLocalGatewayRoutes", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "local-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to search for groups, sources, and members in a transit gateway multicast domain", + "privilege": "SearchTransitGatewayMulticastGroups", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-multicast-domain*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to search for routes in a transit gateway route table", + "privilege": "SearchTransitGatewayRoutes", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "transit-gateway-route-table*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a diagnostic interrupt to an Amazon EC2 instance", + "privilege": "SendDiagnosticInterrupt", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to interrupt a Spot Instance", + "privilege": "SendSpotInstanceInterruptions", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a stopped instance", + "privilege": "StartInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-configuration" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a Network Access Scope analysis", + "privilege": "StartNetworkInsightsAccessScopeAnalysis", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-access-scope*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "network-insights-access-scope-analysis*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start analyzing a specified path", + "privilege": "StartNetworkInsightsAnalysis", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateTags" + ], + "resource_type": "network-insights-analysis*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "network-insights-path*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the private DNS verification process for a VPC endpoint service", + "privilege": "StartVpcEndpointServicePrivateDnsVerification", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "vpc-endpoint-service*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop an Amazon EBS-backed instance", + "privilege": "StopInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to terminate active Client VPN endpoint connections", + "privilege": "TerminateClientVpnConnections", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "dependent_actions": [], + "resource_type": "client-vpn-endpoint*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to shut down one or more instances", + "privilege": "TerminateInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unassign one or more IPv6 addresses from a network interface", + "privilege": "UnassignIpv6Addresses", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unassign one or more secondary private IP addresses from a network interface", + "privilege": "UnassignPrivateIpAddresses", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:NetworkInterfaceID", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "network-interface*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unassign secondary private IPv4 addresses from a private NAT gateway", + "privilege": "UnassignPrivateNatGatewayAddress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "natgateway*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unlock a snapshot that is locked in governance mode or in compliance mode while still in the cooling-off period", + "privilege": "UnlockSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:Encrypted", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotCoolOffPeriod", + "ec2:SnapshotID", + "ec2:SnapshotLockDuration", + "ec2:SnapshotTime", + "ec2:VolumeSize" + ], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable detailed monitoring for a running instance", + "privilege": "UnmonitorInstances", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update descriptions for one or more outbound rules in a VPC security group", + "privilege": "UpdateSecurityGroupRuleDescriptionsEgress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update descriptions for one or more inbound rules in a security group", + "privilege": "UpdateSecurityGroupRuleDescriptionsIngress", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "dependent_actions": [], + "resource_type": "security-group*" + }, + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop advertising an address range that was provisioned for use in AWS through bring your own IP addresses (BYOIP)", + "privilege": "WithdrawByoipCidr", + "resource_types": [ + { + "condition_keys": [ + "ec2:Region" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:elastic-ip/${AllocationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:AllocationId", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Domain", + "ec2:PublicIpAddress", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "elastic-ip" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation-fleet/${CapacityReservationFleetId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "capacity-reservation-fleet" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation/${CapacityReservationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:CapacityReservationFleet", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "capacity-reservation" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:carrier-gateway/${CarrierGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:Vpc" + ], + "resource": "carrier-gateway" + }, + { + "arn": "arn:${Partition}:acm:${Region}:${Account}:certificate/${CertificateId}", + "condition_keys": [], + "resource": "certificate" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:client-vpn-endpoint/${ClientVpnEndpointId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ClientRootCertificateChainArn", + "ec2:CloudwatchLogGroupArn", + "ec2:CloudwatchLogStreamArn", + "ec2:DirectoryArn", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SamlProviderArn", + "ec2:ServerCertificateArn" + ], + "resource": "client-vpn-endpoint" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:customer-gateway/${CustomerGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "customer-gateway" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:dedicated-host/${DedicatedHostId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AutoPlacement", + "ec2:AvailabilityZone", + "ec2:HostRecovery", + "ec2:InstanceType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Quantity", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "dedicated-host" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:dhcp-options/${DhcpOptionsId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:DhcpOptionsID", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "dhcp-options" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:egress-only-internet-gateway/${EgressOnlyInternetGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "egress-only-internet-gateway" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:elastic-gpu/${ElasticGpuId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:ElasticGpuType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "elastic-gpu" + }, + { + "arn": "arn:${Partition}:elastic-inference:${Region}:${Account}:elastic-inference-accelerator/${AcceleratorId}", + "condition_keys": [], + "resource": "elastic-inference" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:export-image-task/${ExportImageTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "export-image-task" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:export-instance-task/${ExportTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "export-instance-task" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:fleet/${FleetId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "fleet" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:fpga-image/${FpgaImageId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "fpga-image" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:host-reservation/${HostReservationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "host-reservation" + }, + { + "arn": "arn:${Partition}:ec2:${Region}::image/${ImageId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:ImageID", + "ec2:ImageType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Owner", + "ec2:Public", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType" + ], + "resource": "image" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:import-image-task/${ImportImageTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "import-image-task" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:import-snapshot-task/${ImportSnapshotTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "import-snapshot-task" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance-connect-endpoint/${InstanceConnectEndpointId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID" + ], + "resource": "instance-connect-endpoint" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance-event-window/${InstanceEventWindowId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "instance-event-window" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:EbsOptimized", + "ec2:InstanceAutoRecovery", + "ec2:InstanceID", + "ec2:InstanceMarketType", + "ec2:InstanceMetadataTags", + "ec2:InstanceProfile", + "ec2:InstanceType", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:MetadataHttpEndpoint", + "ec2:MetadataHttpPutResponseHopLimit", + "ec2:MetadataHttpTokens", + "ec2:NewInstanceProfile", + "ec2:PlacementGroup", + "ec2:ProductCode", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RootDeviceType", + "ec2:Tenancy" + ], + "resource": "instance" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:internet-gateway/${InternetGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:InternetGatewayID", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "internet-gateway" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam/${IpamId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam-pool/${IpamPoolId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam-pool" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam-resource-discovery-association/${IpamResourceDiscoveryAssociationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam-resource-discovery-association" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam-resource-discovery/${IpamResourceDiscoveryId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam-resource-discovery" + }, + { + "arn": "arn:${Partition}:ec2::${Account}:ipam-scope/${IpamScopeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipam-scope" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:coip-pool/${Ipv4PoolCoipId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "coip-pool" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:ipv4pool-ec2/${Ipv4PoolEc2Id}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipv4pool-ec2" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:ipv6pool-ec2/${Ipv6PoolEc2Id}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "ipv6pool-ec2" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:key-pair/${KeyPairName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:IsLaunchTemplateResource", + "ec2:KeyPairName", + "ec2:KeyPairType", + "ec2:LaunchTemplate", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "key-pair" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:launch-template/${LaunchTemplateId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "launch-template" + }, + { + "arn": "arn:${Partition}:license-manager:${Region}:${Account}:license-configuration:${LicenseConfigurationId}", + "condition_keys": [], + "resource": "license-configuration" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway/${LocalGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "local-gateway" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-route-table-virtual-interface-group-association/${LocalGatewayRouteTableVirtualInterfaceGroupAssociationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "local-gateway-route-table-virtual-interface-group-association" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-route-table-vpc-association/${LocalGatewayRouteTableVpcAssociationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "local-gateway-route-table-vpc-association" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-route-table/${LocalGatewayRoutetableId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "local-gateway-route-table" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-virtual-interface-group/${LocalGatewayVirtualInterfaceGroupId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "local-gateway-virtual-interface-group" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-virtual-interface/${LocalGatewayVirtualInterfaceId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "local-gateway-virtual-interface" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:natgateway/${NatGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "natgateway" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-acl/${NaclId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:NetworkAclID", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Vpc" + ], + "resource": "network-acl" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope-analysis/${NetworkInsightsAccessScopeAnalysisId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "network-insights-access-scope-analysis" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope/${NetworkInsightsAccessScopeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "network-insights-access-scope" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-analysis/${NetworkInsightsAnalysisId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "network-insights-analysis" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-path/${NetworkInsightsPathId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "network-insights-path" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-interface/${NetworkInterfaceId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:AssociatePublicIpAddress", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AuthorizedService", + "ec2:AuthorizedUser", + "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:NetworkInterfaceID", + "ec2:Permission", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Subnet", + "ec2:Vpc" + ], + "resource": "network-interface" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:placement-group/${PlacementGroupName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:PlacementGroupName", + "ec2:PlacementGroupStrategy", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "placement-group" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:prefix-list/${PrefixListId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "prefix-list" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:replace-root-volume-task/${ReplaceRootVolumeTaskId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "replace-root-volume-task" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:reserved-instances/${ReservationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:InstanceType", + "ec2:Region", + "ec2:ReservedInstancesOfferingType", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy" + ], + "resource": "reserved-instances" + }, + { + "arn": "arn:${Partition}:resource-groups:${Region}:${Account}:group/${GroupName}", + "condition_keys": [], + "resource": "group" + }, + { + "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", + "condition_keys": [], + "resource": "role" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-table/${RouteTableId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:RouteTableID", + "ec2:Vpc" + ], + "resource": "route-table" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:security-group/${SecurityGroupId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SecurityGroupID", + "ec2:Vpc" + ], + "resource": "security-group" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:security-group-rule/${SecurityGroupRuleId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "security-group-rule" + }, + { + "arn": "arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Add/group", + "ec2:Add/userId", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:OutpostArn", + "ec2:Owner", + "ec2:ParentVolume", + "ec2:Region", + "ec2:Remove/group", + "ec2:Remove/userId", + "ec2:ResourceTag/${TagKey}", + "ec2:SnapshotCoolOffPeriod", + "ec2:SnapshotID", + "ec2:SnapshotLockDuration", + "ec2:SnapshotTime", + "ec2:SourceOutpostArn", + "ec2:VolumeSize" + ], + "resource": "snapshot" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:spot-fleet-request/${SpotFleetRequestId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "spot-fleet-request" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:spot-instances-request/${SpotInstanceRequestId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "spot-instances-request" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:subnet-cidr-reservation/${SubnetCidrReservationId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "subnet-cidr-reservation" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:subnet/${SubnetId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:IsLaunchTemplateResource", + "ec2:LaunchTemplate", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:SubnetID", + "ec2:Vpc" + ], + "resource": "subnet" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-filter/${TrafficMirrorFilterId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "traffic-mirror-filter" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-filter-rule/${TrafficMirrorFilterRuleId}", + "condition_keys": [ + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region" + ], + "resource": "traffic-mirror-filter-rule" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-session/${TrafficMirrorSessionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "traffic-mirror-session" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-target/${TrafficMirrorTargetId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "traffic-mirror-target" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway-attachment" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-connect-peer/${TransitGatewayConnectPeerId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway-connect-peer" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway/${TransitGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-multicast-domain/${TransitGatewayMulticastDomainId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway-multicast-domain" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-policy-table/${TransitGatewayPolicyTableId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway-policy-table" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-route-table-announcement/${TransitGatewayRouteTableAnnouncementId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway-route-table-announcement" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-route-table/${TransitGatewayRouteTableId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "transit-gateway-route-table" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-endpoint/${VerifiedAccessEndpointId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "verified-access-endpoint" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-group/${VerifiedAccessGroupId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "verified-access-group" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-instance/${VerifiedAccessInstanceId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "verified-access-instance" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-policy/${VerifiedAccessPolicyId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "verified-access-policy" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-trust-provider/${VerifiedAccessTrustProviderId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "verified-access-trust-provider" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:volume/${VolumeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AvailabilityZone", + "ec2:Encrypted", + "ec2:IsLaunchTemplateResource", + "ec2:KmsKeyId", + "ec2:LaunchTemplate", + "ec2:ParentSnapshot", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:VolumeID", + "ec2:VolumeIops", + "ec2:VolumeSize", + "ec2:VolumeThroughput", + "ec2:VolumeType" + ], + "resource": "volume" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-connection/${VpcEndpointConnectionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "vpc-endpoint-connection" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint/${VpcEndpointId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:VpceServiceName", + "ec2:VpceServiceOwner" + ], + "resource": "vpc-endpoint" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-service/${VpcEndpointServiceId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:VpceServicePrivateDnsName" + ], + "resource": "vpc-endpoint-service" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-service-permission/${VpcEndpointServicePermissionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "vpc-endpoint-service-permission" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-flow-log/${VpcFlowLogId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Region", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "vpc-flow-log" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc/${VpcId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Ipv4IpamPoolId", + "ec2:Ipv6IpamPoolId", + "ec2:Region", + "ec2:ResourceTag/${TagKey}", + "ec2:Tenancy", + "ec2:VpcID" + ], + "resource": "vpc" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-peering-connection/${VpcPeeringConnectionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:AccepterVpc", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:Region", + "ec2:RequesterVpc", + "ec2:ResourceTag/${TagKey}", + "ec2:VpcPeeringConnectionID" + ], + "resource": "vpc-peering-connection" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection-device-type/${VpnConnectionDeviceTypeId}", + "condition_keys": [ + "ec2:Region" + ], + "resource": "vpn-connection-device-type" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection/${VpnConnectionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ec2:Attribute", + "ec2:Attribute/${AttributeName}", + "ec2:AuthenticationType", + "ec2:DPDTimeoutSeconds", + "ec2:GatewayType", + "ec2:IKEVersions", + "ec2:InsideTunnelCidr", + "ec2:InsideTunnelIpv6Cidr", + "ec2:Phase1DHGroup", + "ec2:Phase1EncryptionAlgorithms", + "ec2:Phase1IntegrityAlgorithms", + "ec2:Phase1LifetimeSeconds", + "ec2:Phase2DHGroup", + "ec2:Phase2EncryptionAlgorithms", + "ec2:Phase2IntegrityAlgorithms", + "ec2:Phase2LifetimeSeconds", + "ec2:Region", + "ec2:RekeyFuzzPercentage", + "ec2:RekeyMarginTimeSeconds", + "ec2:ReplayWindowSizePackets", + "ec2:ResourceTag/${TagKey}", + "ec2:RoutingType" + ], + "resource": "vpn-connection" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-gateway/${VpnGatewayId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", "ec2:Region", "ec2:ResourceTag/${TagKey}" ], - "resource": "elastic-ip" + "resource": "vpn-gateway" + } + ], + "service_name": "Amazon EC2" + }, + { + "conditions": [ + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "ec2-instance-connect:maxTunnelDuration", + "description": "Filters access by maximum session duration associated with the instance", + "type": "Numeric" + }, + { + "condition": "ec2-instance-connect:privateIpAddress", + "description": "Filters access by private IP Address associated with the instance", + "type": "IPAddress" + }, + { + "condition": "ec2-instance-connect:remotePort", + "description": "Filters access by port number associated with the instance", + "type": "Numeric" + }, + { + "condition": "ec2:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "ec2:osuser", + "description": "Filters access by specifying the default user name for the AMI that you used to launch your instance", + "type": "String" + } + ], + "prefix": "ec2-instance-connect", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to establish SSH connection to an EC2 instance using EC2 Instance Connect Endpoint", + "privilege": "OpenTunnel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance-connect-endpoint*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}", + "ec2-instance-connect:remotePort", + "ec2-instance-connect:privateIpAddress", + "ec2-instance-connect:MaxTunnelDuration" + ], + "dependent_actions": [], + "resource_type": "instance-connect-endpoint" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to push an SSH public key to the specified EC2 instance to be used for standard SSH", + "privilege": "SendSSHPublicKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + }, + { + "condition_keys": [ + "ec2:osuser" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to push an SSH public key to the specified EC2 instance to be used for serial console SSH", + "privilege": "SendSerialConsoleSSHPublicKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "instance" + }, + { + "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance-connect-endpoint/${InstanceConnectEndpointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ec2:ResourceTag/${TagKey}" + ], + "resource": "instance-connect-endpoint" + } + ], + "service_name": "Amazon EC2 Instance Connect" + }, + { + "conditions": [ + { + "condition": "ec2:SourceInstanceARN", + "description": "Filters access by the ARN of the instance from which the request originated", + "type": "ARN" + }, + { + "condition": "ssm:SourceInstanceARN", + "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile", + "type": "ARN" + } + ], + "prefix": "ec2messages", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to acknowledge a message, ensuring it will not be delivered again", + "privilege": "AcknowledgeMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a message", + "privilege": "DeleteMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to fail a message, signifying the message could not be processed successfully, ensuring it cannot be replied to or delivered again", + "privilege": "FailMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to route traffic to the correct endpoint based on the given destination for the messages", + "privilege": "GetEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to deliver messages to clients/instances using long polling", + "privilege": "GetMessages", + "resource_types": [ + { + "condition_keys": [ + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send replies from clients/instances to upstream service", + "privilege": "SendReply", + "resource_types": [ + { + "condition_keys": [ + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "Amazon Message Delivery Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "ecr:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource", + "type": "String" + } + ], + "prefix": "ecr", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to check the availability of multiple image layers in a specified registry and repository", + "privilege": "BatchCheckLayerAvailability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a list of specified images within a specified repository", + "privilege": "BatchDeleteImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get detailed information for specified images within a specified repository", + "privilege": "BatchGetImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve repository scanning configuration for a list of repositories", + "privilege": "BatchGetRepositoryScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to retrieve the image from the upstream registry and import it to your private registry", + "privilege": "BatchImportUpstreamImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed", + "privilege": "CompleteLayerUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create new pull-through cache rule", + "privilege": "CreatePullThroughCacheRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an image repository", + "privilege": "CreateRepository", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ecr:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create the repository creation template", + "privilege": "CreateRepositoryCreationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ecr:PutLifecyclePolicy", + "ecr:SetRepositoryPolicy" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified lifecycle policy", + "privilege": "DeleteLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the pull-through cache rule", + "privilege": "DeletePullThroughCacheRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the registry policy", + "privilege": "DeleteRegistryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing image repository", + "privilege": "DeleteRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the repository creation template", + "privilege": "DeleteRepositoryCreationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the repository policy from a specified repository", + "privilege": "DeleteRepositoryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve replication status about an image in a registry, including failure reason if replication fails", + "privilege": "DescribeImageReplicationStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the image scan findings for the specified image", + "privilege": "DescribeImageScanFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date", + "privilege": "DescribeImages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the pull-through cache rules", + "privilege": "DescribePullThroughCacheRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the registry settings", + "privilege": "DescribeRegistry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe image repositories in a registry", + "privilege": "DescribeRepositories", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the repository creation template", + "privilege": "DescribeRepositoryCreationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a token that is valid for a specified registry for 12 hours", + "privilege": "GetAuthorizationToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the download URL corresponding to an image layer", + "privilege": "GetDownloadUrlForLayer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the specified lifecycle policy", + "privilege": "GetLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the results of the specified lifecycle policy preview request", + "privilege": "GetLifecyclePolicyPreview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the registry policy", + "privilege": "GetRegistryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve registry scanning configuration", + "privilege": "GetRegistryScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the repository policy for a specified repository", + "privilege": "GetRepositoryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify Amazon ECR that you intend to upload an image layer", + "privilege": "InitiateLayerUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the image IDs for a given repository", + "privilege": "ListImages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for an Amazon ECR resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update the image manifest associated with an image", + "privilege": "PutImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the image scanning configuration for a repository", + "privilege": "PutImageScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the image tag mutability settings for a repository", + "privilege": "PutImageTagMutability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update a lifecycle policy", + "privilege": "PutLifecyclePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to update the registry policy", + "privilege": "PutRegistryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update registry scanning configuration", + "privilege": "PutRegistryScanningConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the replication configuration for the registry", + "privilege": "PutReplicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replicate images to the destination registry", + "privilege": "ReplicateImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to apply a repository policy on a specified repository to control access permissions", + "privilege": "SetRepositoryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an image scan", + "privilege": "StartImageScan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a preview of the specified lifecycle policy", + "privilege": "StartLifecyclePolicyPreview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon ECR resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag an Amazon ECR resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the pull-through cache rule", + "privilege": "UpdatePullThroughCacheRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload an image layer part to Amazon ECR", + "privilege": "UploadLayerPart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to validate the pull-through cache rule", + "privilege": "ValidatePullThroughCacheRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ecr:${Region}:${Account}:repository/${RepositoryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecr:ResourceTag/${TagKey}" + ], + "resource": "repository" + } + ], + "service_name": "Amazon Elastic Container Registry" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters create requests based on the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters create requests based on the presence of mandatory tags in the request", + "type": "ArrayOfString" + }, + { + "condition": "ecr-public:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value associated with the resource", + "type": "String" + } + ], + "prefix": "ecr-public", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to check the availability of multiple image layers in a specified registry and repository", + "privilege": "BatchCheckLayerAvailability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a list of specified images within a specified repository", + "privilege": "BatchDeleteImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed", + "privilege": "CompleteLayerUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an image repository", + "privilege": "CreateRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ecr-public:TagResource" + ], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing image repository", + "privilege": "DeleteRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the repository policy from a specified repository", + "privilege": "DeleteRepositoryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe all the image tags for a given repository", + "privilege": "DescribeImageTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date", + "privilege": "DescribeImages", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the catalog data associated with a registry", + "privilege": "DescribeRegistries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe image repositories in a registry", + "privilege": "DescribeRepositories", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a token that is valid for a specified registry for 12 hours", + "privilege": "GetAuthorizationToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the catalog data associated with a registry", + "privilege": "GetRegistryCatalogData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the catalog data associated with a repository", + "privilege": "GetRepositoryCatalogData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the repository policy for a specified repository", + "privilege": "GetRepositoryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify Amazon ECR that you intend to upload an image layer", + "privilege": "InitiateLayerUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for an Amazon ECR resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update the image manifest associated with an image", + "privilege": "PutImage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and update the catalog data associated with a registry", + "privilege": "PutRegistryCatalogData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "registry*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the catalog data associated with a repository", + "privilege": "PutRepositoryCatalogData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to apply a repository policy on a specified repository to control access permissions", + "privilege": "SetRepositoryPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon ECR resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag an Amazon ECR resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload an image layer part to Amazon ECR Public", + "privilege": "UploadLayerPart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ecr-public::${Account}:repository/${RepositoryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecr-public:ResourceTag/${TagKey}" + ], + "resource": "repository" + }, + { + "arn": "arn:${Partition}:ecr-public::${Account}:registry/${RegistryId}", + "condition_keys": [], + "resource": "registry" + } + ], + "service_name": "Amazon Elastic Container Registry Public" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "ecs:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" + }, + { + "condition": "ecs:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "ecs:account-setting", + "description": "Filters access by the Amazon ECS account setting name", + "type": "String" + }, + { + "condition": "ecs:capacity-provider", + "description": "Filters access by the ARN of an Amazon ECS capacity provider", + "type": "ARN" + }, + { + "condition": "ecs:cluster", + "description": "Filters access by the ARN of an Amazon ECS cluster", + "type": "ARN" + }, + { + "condition": "ecs:container-instances", + "description": "Filters access by the ARN of an Amazon ECS container instance", + "type": "ARN" + }, + { + "condition": "ecs:container-name", + "description": "Filters access by the name of an Amazon ECS container which is defined in the ECS task definition", + "type": "String" + }, + { + "condition": "ecs:enable-ebs-volumes", + "description": "Filters access by the Amazon ECS managed Amazon EBS volume capability of your ECS task or service", + "type": "String" + }, + { + "condition": "ecs:enable-execute-command", + "description": "Filters access by the execute-command capability of your Amazon ECS task or Amazon ECS service", + "type": "String" + }, + { + "condition": "ecs:enable-service-connect", + "description": "Filters access by the enable field value in the Service Connect configuration", + "type": "String" + }, + { + "condition": "ecs:namespace", + "description": "Filters access by the ARN of AWS Cloud Map namespace which is defined in the Service Connect Configuration", + "type": "ARN" + }, + { + "condition": "ecs:service", + "description": "Filters access by the ARN of an Amazon ECS service", + "type": "ARN" + }, + { + "condition": "ecs:task", + "description": "Filters access by the ARN of an Amazon ECS task", + "type": "ARN" + }, + { + "condition": "ecs:task-definition", + "description": "Filters access by the ARN of an Amazon ECS task definition", + "type": "ARN" + } + ], + "prefix": "ecs", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling", + "privilege": "CreateCapacityProvider", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new Amazon ECS cluster", + "privilege": "CreateCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ecs:capacity-provider" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to run and maintain a desired number of tasks from a specified task definition via service creation", + "privilege": "CreateService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "ecs:cluster", + "ecs:capacity-provider", + "ecs:task-definition", + "ecs:enable-ebs-volumes", + "ecs:enable-execute-command", + "ecs:enable-service-connect", + "ecs:namespace" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new Amazon ECS task set", + "privilege": "CreateTaskSet", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ecs:cluster", + "ecs:capacity-provider", + "ecs:service", + "ecs:task-definition" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are disabled for new resources that are created", + "privilege": "DeleteAccountSetting", + "resource_types": [ + { + "condition_keys": [ + "ecs:account-setting" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete one or more custom attributes from an Amazon ECS resource", + "privilege": "DeleteAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified capacity provider", + "privilege": "DeleteCapacityProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capacity-provider*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified cluster", + "privilege": "DeleteCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a specified service within a cluster", + "privilege": "DeleteService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified task definitions by family and revision", + "privilege": "DeleteTaskDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-definition*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified task set", + "privilege": "DeleteTaskSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster", + "ecs:service" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister an Amazon ECS container instance from the specified cluster", + "privilege": "DeregisterContainerInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister the specified task definition by family and revision", + "privilege": "DeregisterTaskDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe one or more Amazon ECS capacity providers", + "privilege": "DescribeCapacityProviders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capacity-provider*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describes one or more of your clusters", + "privilege": "DescribeClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describes Amazon ECS container instances", + "privilege": "DescribeContainerInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified services running in your cluster", + "privilege": "DescribeServices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a task definition. You can specify a family and revision to find information about a specific task definition, or you can simply specify the family to find the latest ACTIVE revision in that family", + "privilege": "DescribeTaskDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe Amazon ECS task sets", + "privilege": "DescribeTaskSets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster", + "ecs:service" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a specified task or tasks", + "privilege": "DescribeTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to get an endpoint for the Amazon ECS agent to poll for updates", + "privilege": "DiscoverPollEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to run a command remotely on an Amazon ECS container", + "privilege": "ExecuteCommand", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster", + "ecs:container-name", + "ecs:task" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the protection status of tasks in an Amazon ECS service", + "privilege": "GetTaskProtection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the account settings for an Amazon ECS resource for a specified principal", + "privilege": "ListAccountSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to lists the attributes for Amazon ECS resources within a specified target type and cluster", + "privilege": "ListAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of existing clusters", + "privilege": "ListClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of container instances in a specified cluster", + "privilege": "ListContainerInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of services that are running in a specified cluster", + "privilege": "ListServices", + "resource_types": [ + { + "condition_keys": [ + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of services that are running in a specified AWS Cloud Map Namespace", + "privilege": "ListServicesByNamespace", + "resource_types": [ + { + "condition_keys": [ + "ecs:namespace" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of tags for the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capacity-provider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-definition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of task definition families that are registered to your account (which may include task definition families that no longer have any ACTIVE task definitions)", + "privilege": "ListTaskDefinitionFamilies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of task definitions that are registered to your account", + "privilege": "ListTaskDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of tasks for a specified cluster", + "privilege": "ListTasks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to an agent to connect with the Amazon ECS service to report status and get commands", + "privilege": "Poll", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are enabled for new resources that are created. Enabling this setting is required to use new Amazon ECS features such as resource tagging", + "privilege": "PutAccountSetting", + "resource_types": [ + { + "condition_keys": [ + "ecs:account-setting" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the ARN and resource ID format of a resource type for all IAM users on an account for which no individual account setting has been set. Enabling this setting is required to use new Amazon ECS features such as resource tagging", + "privilege": "PutAccountSettingDefault", + "resource_types": [ + { + "condition_keys": [ + "ecs:account-setting" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update an attribute on an Amazon ECS resource", + "privilege": "PutAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the available capacity providers and the default capacity provider strategy for a cluster", + "privilege": "PutClusterCapacityProviders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:capacity-provider" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register an EC2 instance into the specified cluster", + "privilege": "RegisterContainerInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register a new task definition from the supplied family and containerDefinitions", + "privilege": "RegisterTaskDefinition", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a task using random placement and the default Amazon ECS scheduler", + "privilege": "RunTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-definition*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ecs:cluster", + "ecs:capacity-provider", + "ecs:enable-ebs-volumes", + "ecs:enable-execute-command" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a new task from the specified task definition on the specified container instance or instances", + "privilege": "StartTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-definition*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "ecs:cluster", + "ecs:container-instances", + "ecs:enable-ebs-volumes", + "ecs:enable-execute-command" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a telemetry session", + "privilege": "StartTelemetrySession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop a running task", + "privilege": "StopTask", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send an acknowledgement that attachments changed states", + "privilege": "SubmitAttachmentStateChanges", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send an acknowledgement that a container changed states", + "privilege": "SubmitContainerStateChange", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send an acknowledgement that a task changed states", + "privilege": "SubmitTaskStateChange", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag the specified resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capacity-provider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-definition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "ecs:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag the specified resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capacity-provider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-definition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified capacity provider", + "privilege": "UpdateCapacityProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "capacity-provider*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configuration or settings to use for a cluster", + "privilege": "UpdateCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the settings to use for a cluster", + "privilege": "UpdateClusterSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the Amazon ECS container agent on a specified container instance", + "privilege": "UpdateContainerAgent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to the user to modify the status of an Amazon ECS container instance", + "privilege": "UpdateContainerInstancesState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "container-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the parameters of a service", + "privilege": "UpdateService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster", + "ecs:capacity-provider", + "ecs:enable-ebs-volumes", + "ecs:enable-execute-command", + "ecs:enable-service-connect", + "ecs:namespace", + "ecs:task-definition" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the primary task set used in a service", + "privilege": "UpdateServicePrimaryTaskSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the protection status of a task", + "privilege": "UpdateTaskProtection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified task set", + "privilege": "UpdateTaskSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task-set*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:cluster", + "ecs:service" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "cluster" + }, + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:container-instance/${ClusterName}/${ContainerInstanceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "container-instance" + }, + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "service" + }, + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:task/${ClusterName}/${TaskId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "task" + }, + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:task-definition/${TaskDefinitionFamilyName}:${TaskDefinitionRevisionNumber}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "task-definition" + }, + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:capacity-provider/${CapacityProviderName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "capacity-provider" + }, + { + "arn": "arn:${Partition}:ecs:${Region}:${Account}:task-set/${ClusterName}/${ServiceName}/${TaskSetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ecs:ResourceTag/${TagKey}" + ], + "resource": "task-set" + } + ], + "service_name": "Amazon Elastic Container Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a key that is present in the request the user makes to the EKS service", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the list of all the tag key names present in the request the user makes to the EKS service", + "type": "ArrayOfString" + }, + { + "condition": "eks:accessEntryType", + "description": "Filters access by the access entry type present in the access entry requests the user makes to the EKS service", + "type": "String" + }, + { + "condition": "eks:accessScope", + "description": "Filters access by the accessScope present in the associate / disassociate access policy requests the user makes to the EKS service", + "type": "String" + }, + { + "condition": "eks:bootstrapClusterCreatorAdminPermissions", + "description": "Filters access by the bootstrapClusterCreatorAdminPermissions present in the create cluster request", + "type": "Bool" + }, + { + "condition": "eks:clientId", + "description": "Filters access by the clientId present in the associateIdentityProviderConfig request the user makes to the EKS service", + "type": "String" + }, + { + "condition": "eks:clusterName", + "description": "Filters access by the clusterName present in the access entry requests the user makes to the EKS service", + "type": "String" + }, + { + "condition": "eks:issuerUrl", + "description": "Filters access by the issuerUrl present in the associateIdentityProviderConfig request the user makes to the EKS service", + "type": "String" + }, + { + "condition": "eks:kubernetesGroups", + "description": "Filters access by the kubernetesGroups present in the access entry requests the user makes to the EKS service", + "type": "ArrayOfString" + }, + { + "condition": "eks:namespaces", + "description": "Filters access by the namespaces present in the associate / disassociate access policy requests the user makes to the EKS service", + "type": "ArrayOfString" + }, + { + "condition": "eks:policyArn", + "description": "Filters access by the policyArn present in the access entry requests the user makes to the EKS service", + "type": "ARN" + }, + { + "condition": "eks:principalArn", + "description": "Filters access by the principalArn present in the access entry requests requests the user makes to the EKS service", + "type": "ARN" + }, + { + "condition": "eks:username", + "description": "Filters access by the Kubernetes username present in the access entry requests the user makes to the EKS service", + "type": "String" + } + ], + "prefix": "eks", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to view Kubernetes objects via AWS EKS console", + "privilege": "AccessKubernetesApi", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate an Amazon EKS access policy to an Amazon EKS access entry", + "privilege": "AssociateAccessPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry*" + }, + { + "condition_keys": [ + "eks:policyArn", + "eks:namespaces", + "eks:accessScope" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate encryption configuration to a cluster", + "privilege": "AssociateEncryptionConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate an identity provider configuration to a cluster", + "privilege": "AssociateIdentityProviderConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "eks:clientId", + "eks:issuerUrl" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon EKS access entry", + "privilege": "CreateAccessEntry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "eks:principalArn", + "eks:kubernetesGroups", + "eks:username", + "eks:accessEntryType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon EKS add-on", + "privilege": "CreateAddon", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon EKS cluster", + "privilege": "CreateCluster", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "eks:bootstrapClusterCreatorAdminPermissions" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EKS Anywhere subscription", + "privilege": "CreateEksAnywhereSubscription", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Fargate profile", + "privilege": "CreateFargateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon EKS Nodegroup", + "privilege": "CreateNodegroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EKS Pod Identity association", + "privilege": "CreatePodIdentityAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon EKS access entry", + "privilege": "DeleteAccessEntry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon EKS add-on", + "privilege": "DeleteAddon", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon EKS cluster", + "privilege": "DeleteCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to describe an EKS Anywhere subscription", + "privilege": "DeleteEksAnywhereSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eks-anywhere-subscription*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Fargate profile", + "privilege": "DeleteFargateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fargateprofile*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon EKS Nodegroup", + "privilege": "DeleteNodegroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EKS Pod Identity association", + "privilege": "DeletePodIdentityAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "podidentityassociation*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister an External cluster", + "privilege": "DeregisterCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an Amazon EKS access entry", + "privilege": "DescribeAccessEntry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive information about an Amazon EKS add-on", + "privilege": "DescribeAddon", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list configuration options about an Amazon EKS add-on", + "privilege": "DescribeAddonConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive version information about the add-ons that Amazon EKS Add-ons supports", + "privilege": "DescribeAddonVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive information about an Amazon EKS cluster", + "privilege": "DescribeCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an EKS Anywhere subscription", + "privilege": "DescribeEksAnywhereSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eks-anywhere-subscription*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive information about an AWS Fargate profile associated with a cluster", + "privilege": "DescribeFargateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fargateprofile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive information about an Idp config associated with a cluster", + "privilege": "DescribeIdentityProviderConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identityproviderconfig*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive information of a detected insight for a specified cluster", + "privilege": "DescribeInsight", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptive information about an Amazon EKS nodegroup", + "privilege": "DescribeNodegroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an EKS Pod Identity association", + "privilege": "DescribePodIdentityAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "podidentityassociation*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a given update for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)", + "privilege": "DescribeUpdate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an Amazon EKS access policy from an Amazon EKS acces entry", + "privilege": "DisassociateAccessPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry*" + }, + { + "condition_keys": [ + "eks:policyArn", + "eks:namespaces", + "eks:accessScope" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an asssociated Idp config", + "privilege": "DisassociateIdentityProviderConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identityproviderconfig*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all Amazon EKS access entries", + "privilege": "ListAccessEntries", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Amazon EKS access policies", + "privilege": "ListAccessPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster", + "privilege": "ListAddons", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list associated access policy on and Amazon EKS access entry", + "privilege": "ListAssociatedAccessPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region)", + "privilege": "ListClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list EKS Anywhere subscriptions", + "privilege": "ListEksAnywhereSubscriptions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster", + "privilege": "ListFargateProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster", + "privilege": "ListIdentityProviderConfigs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all detected insights for a specified cluster", + "privilege": "ListInsights", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster", + "privilege": "ListNodegroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list EKS Pod Identity associations", + "privilege": "ListPodIdentityAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eks-anywhere-subscription" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fargateprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identityproviderconfig" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the updates for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)", + "privilege": "ListUpdates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register an External cluster", + "privilege": "RegisterCluster", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag the specified resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eks-anywhere-subscription" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fargateprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identityproviderconfig" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "podidentityassociation" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag the specified resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eks-anywhere-subscription" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fargateprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "identityproviderconfig" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "podidentityassociation" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an Amazon EKS access entry", + "privilege": "UpdateAccessEntry", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-entry*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Amazon EKS add-on configurations, such as the VPC-CNI version", + "privilege": "UpdateAddon", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "addon*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Amazon EKS cluster configurations (eg: API server endpoint access)", + "privilege": "UpdateClusterConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the Kubernetes version of an Amazon EKS cluster", + "privilege": "UpdateClusterVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an EKS Anywhere subscription", + "privilege": "UpdateEksAnywhereSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eks-anywhere-subscription*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Amazon EKS nodegroup configurations (eg: min/max/desired capacity or labels)", + "privilege": "UpdateNodegroupConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the Kubernetes version of an Amazon EKS nodegroup", + "privilege": "UpdateNodegroupVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "nodegroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an EKS Pod Identity association", + "privilege": "UpdatePodIdentityAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "podidentityassociation*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:nodegroup/${ClusterName}/${NodegroupName}/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "nodegroup" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:addon/${ClusterName}/${AddonName}/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "addon" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:fargateprofile/${ClusterName}/${FargateProfileName}/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "fargateprofile" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:identityproviderconfig/${ClusterName}/${IdentityProviderType}/${IdentityProviderConfigName}/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "identityproviderconfig" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:eks-anywhere-subscription/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "eks-anywhere-subscription" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:podidentityassociation/${ClusterName}/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "podidentityassociation" + }, + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:access-entry/${ClusterName}/${IamIdentityType}/${IamIdentityAccountID}/${IamIdentityName}/${UUID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "eks:accessEntryType", + "eks:clusterName", + "eks:kubernetesGroups", + "eks:principalArn", + "eks:username" + ], + "resource": "access-entry" + }, + { + "arn": "arn:${Partition}:eks::aws:cluster-access-policy/${AccessPolicyName}", + "condition_keys": [], + "resource": "access-policy" + } + ], + "service_name": "Amazon Elastic Kubernetes Service" + }, + { + "conditions": [ + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair", + "type": "String" + } + ], + "prefix": "eks-auth", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to exchange a Kubernetes service account token for temporary AWS credentials", + "privilege": "AssumeRoleForPodIdentity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" + } + ], + "service_name": "Amazon EKS Auth" + }, + { + "conditions": [], + "prefix": "elastic-inference", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to customer for connecting to Elastic Inference accelerator", + "privilege": "Connect", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accelerator*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the locations in which a given accelerator type or set of types is present in a given region", + "privilege": "DescribeAcceleratorOfferings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the accelerator types available in a given region, as well as their characteristics, such as memory and throughput", + "privilege": "DescribeAcceleratorTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe information over a provided set of accelerators belonging to an account", + "privilege": "DescribeAccelerators", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all tags on an Amazon RDS resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to assign one or more tags (key-value pairs) to the specified QuickSight resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag or tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elastic-inference:${Region}:${Account}:elastic-inference-accelerator/${AcceleratorId}", + "condition_keys": [], + "resource": "accelerator" + } + ], + "service_name": "Amazon Elastic Inference" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticache:AtRestEncryptionEnabled", + "description": "Filters access by the AtRestEncryptionEnabled parameter present in the request or default false value if parameter is not present", + "type": "Bool" + }, + { + "condition": "elasticache:AuthTokenEnabled", + "description": "Filters access by the presence of non empty AuthToken parameter in the request", + "type": "Bool" + }, + { + "condition": "elasticache:AutomaticFailoverEnabled", + "description": "Filters access by the AutomaticFailoverEnabled parameter in the request", + "type": "Bool" + }, + { + "condition": "elasticache:CacheNodeType", + "description": "Filters access by the cacheNodeType parameter present in the request. This key can be used to restrict which cache node types can be used on cluster creation or scaling operations", + "type": "String" + }, + { + "condition": "elasticache:CacheParameterGroupName", + "description": "Filters access by the CacheParameterGroupName parameter in the request", + "type": "String" + }, + { + "condition": "elasticache:ClusterModeEnabled", + "description": "Filters access by the cluster mode parameter present in the request. Default value for single node group (shard) creations is false", + "type": "Bool" + }, + { + "condition": "elasticache:DataStorageUnit", + "description": "Filters access by the CacheUsageLimits.DataStorage.Unit parameter in the CreateServerlessCache and ModifyServerlessCache request", + "type": "String" + }, + { + "condition": "elasticache:EngineType", + "description": "Filters access by the engine type present in creation requests. For replication group creations, default engine 'redis' is used as key if parameter is not present", + "type": "String" + }, + { + "condition": "elasticache:EngineVersion", + "description": "Filters access by the engineVersion parameter present in creation or cluster modification requests", + "type": "String" + }, + { + "condition": "elasticache:KmsKeyId", + "description": "Filters access by the KmsKeyId parameter in the request", + "type": "String" + }, + { + "condition": "elasticache:MaximumDataStorage", + "description": "Filters access by the CacheUsageLimits.DataStorage.Maximum parameter in the CreateServerlessCache and ModifyServerlessCache request", + "type": "Numeric" + }, + { + "condition": "elasticache:MaximumECPUPerSecond", + "description": "Filters access by the CacheUsageLimits.ECPUPerSecond.Maximum parameter in the CreateServerlessCache and ModifyServerlessCache request", + "type": "Numeric" + }, + { + "condition": "elasticache:MultiAZEnabled", + "description": "Filters access by the AZMode parameter, MultiAZEnabled parameter or the number of availability zones that the cluster or replication group can be placed in", + "type": "Bool" + }, + { + "condition": "elasticache:NumNodeGroups", + "description": "Filters access by the NumNodeGroups or NodeGroupCount parameter specified in the request. This key can be used to restrict the number of node groups (shards) clusters can have after creation or scaling operations", + "type": "Numeric" + }, + { + "condition": "elasticache:ReplicasPerNodeGroup", + "description": "Filters access by the number of replicas per node group (shards) specified in creations or scaling requests", + "type": "Numeric" + }, + { + "condition": "elasticache:SnapshotRetentionLimit", + "description": "Filters access by the SnapshotRetentionLimit parameter in the request", + "type": "Numeric" + }, + { + "condition": "elasticache:TransitEncryptionEnabled", + "description": "Filters access by the TransitEncryptionEnabled parameter present in the request. For replication group creations, default value 'false' is used as key if parameter is not present", + "type": "Bool" + }, + { + "condition": "elasticache:UserAuthenticationMode", + "description": "Filters access by the UserAuthenticationMode parameter in the request", + "type": "String" + } + ], + "prefix": "elasticache", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to add tags to an ElastiCache resource", + "privilege": "AddTagsToResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reserved-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscache" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to authorize an EC2 security group on a ElastiCache security group", + "privilege": "AuthorizeCacheSecurityGroupIngress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:AuthorizeSecurityGroupIngress" + ], + "resource_type": "securitygroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to apply ElastiCache service updates to sets of clusters and replication groups", + "privilege": "BatchApplyUpdateAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "s3:GetObject" + ], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to stop ElastiCache service updates from being executed on a set of clusters", + "privilege": "BatchStopUpdateAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to complete an online migration of data from hosted Redis on Amazon EC2 to ElastiCache", + "privilege": "CompleteMigration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to connect as a specified ElastiCache user to an ElastiCache Replication Group or ElastiCache serverless cache", + "privilege": "Connect", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscache" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to make a copy of an existing serverless cache snapshot", + "privilege": "CopyServerlessCacheSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:KmsKeyId" + ], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "serverlesscachesnapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to make a copy of an existing snapshot", + "privilege": "CopySnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:PutObject" + ], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticache:KmsKeyId" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a cache cluster", + "privilege": "CreateCacheCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticache:AddTagsToResource", + "s3:GetObject" + ], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticache:CacheNodeType", + "elasticache:EngineVersion", + "elasticache:EngineType", + "elasticache:MultiAZEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:SnapshotRetentionLimit", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [ + "elasticache:CacheNodeType", + "elasticache:EngineVersion", + "elasticache:EngineType", + "elasticache:MultiAZEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:SnapshotRetentionLimit", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a parameter group", + "privilege": "CreateCacheParameterGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a cache security group", + "privilege": "CreateCacheSecurityGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "securitygroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a cache subnet group", + "privilege": "CreateCacheSubnetGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "subnetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a global replication group", + "privilege": "CreateGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a replication group", + "privilege": "CreateReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticache:AddTagsToResource", + "s3:GetObject" + ], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [ + "elasticache:NumNodeGroups", + "elasticache:CacheNodeType", + "elasticache:ReplicasPerNodeGroup", + "elasticache:EngineVersion", + "elasticache:EngineType", + "elasticache:AtRestEncryptionEnabled", + "elasticache:TransitEncryptionEnabled", + "elasticache:AutomaticFailoverEnabled", + "elasticache:MultiAZEnabled", + "elasticache:ClusterModeEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:SnapshotRetentionLimit", + "elasticache:KmsKeyId", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "globalreplicationgroup" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticache:NumNodeGroups", + "elasticache:CacheNodeType", + "elasticache:ReplicasPerNodeGroup", + "elasticache:EngineVersion", + "elasticache:EngineType", + "elasticache:AtRestEncryptionEnabled", + "elasticache:TransitEncryptionEnabled", + "elasticache:AutomaticFailoverEnabled", + "elasticache:MultiAZEnabled", + "elasticache:ClusterModeEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:SnapshotRetentionLimit", + "elasticache:KmsKeyId", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a serverless cache", + "privilege": "CreateServerlessCache", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:EngineType", + "elasticache:EngineVersion", + "elasticache:SnapshotRetentionLimit", + "elasticache:KmsKeyId", + "elasticache:MaximumDataStorage", + "elasticache:DataStorageUnit", + "elasticache:MaximumECPUPerSecond" + ], + "dependent_actions": [ + "ec2:CreateTags", + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "elasticache:AddTagsToResource", + "s3:GetObject" + ], + "resource_type": "serverlesscache*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "usergroup" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a copy of a serverless cache at a specific moment in time", + "privilege": "CreateServerlessCacheSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "serverlesscache*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:KmsKeyId" + ], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a copy of an entire Redis cluster at a specific moment in time", + "privilege": "CreateSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticache:KmsKeyId" + ], + "dependent_actions": [ + "elasticache:AddTagsToResource", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:PutObject" + ], + "resource_type": "snapshot*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a user for Redis. Users are supported from Redis 6.0 onwards", + "privilege": "CreateUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticache:UserAuthenticationMode" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a user group for Redis. Groups are supported from Redis 6.0 onwards", + "privilege": "CreateUserGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "usergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to decrease the number of node groups in global replication groups", + "privilege": "DecreaseNodeGroupsInGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + }, + { + "condition_keys": [ + "elasticache:NumNodeGroups" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to decrease the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group", + "privilege": "DecreaseReplicaCount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:ReplicasPerNodeGroup" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a previously provisioned cluster", + "privilege": "DeleteCacheCluster", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified cache parameter group", + "privilege": "DeleteCacheParameterGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a cache security group", + "privilege": "DeleteCacheSecurityGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a cache subnet group", + "privilege": "DeleteCacheSubnetGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "subnetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing global replication group", + "privilege": "DeleteGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing replication group", + "privilege": "DeleteReplicationGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a serverless cache", + "privilege": "DeleteServerlessCache", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:DescribeTags" + ], + "resource_type": "serverlesscache*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a serverless cache snapshot", + "privilege": "DeleteServerlessCacheSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing snapshot", + "privilege": "DeleteSnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing user and thus remove it from all user groups and replication groups where it was assigned", + "privilege": "DeleteUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing user group", + "privilege": "DeleteUserGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about provisioned cache clusters", + "privilege": "DescribeCacheClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list available cache engines and their versions", + "privilege": "DescribeCacheEngineVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list cache parameter group descriptions", + "privilege": "DescribeCacheParameterGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the detailed parameter list for a particular cache parameter group", + "privilege": "DescribeCacheParameters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list cache security group descriptions", + "privilege": "DescribeCacheSecurityGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list cache subnet group descriptions", + "privilege": "DescribeCacheSubnetGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the default engine and system parameter information for the specified cache engine", + "privilege": "DescribeEngineDefaultParameters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list events related to clusters, cache security groups, and cache parameter groups", + "privilege": "DescribeEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about global replication groups", + "privilege": "DescribeGlobalReplicationGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about provisioned replication groups", + "privilege": "DescribeReplicationGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about purchased reserved cache nodes", + "privilege": "DescribeReservedCacheNodes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reserved-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list available reserved cache node offerings", + "privilege": "DescribeReservedCacheNodesOfferings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about serverless cache snapshots", + "privilege": "DescribeServerlessCacheSnapshots", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "serverlesscache" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list serverless caches", + "privilege": "DescribeServerlessCaches", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "serverlesscache*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list details of the service updates", + "privilege": "DescribeServiceUpdates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about cluster or replication group snapshots", + "privilege": "DescribeSnapshots", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list details of the update actions for a set of clusters or replication groups", + "privilege": "DescribeUpdateActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about Redis user groups", + "privilege": "DescribeUserGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about Redis users", + "privilege": "DescribeUsers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a secondary replication group from the global replication group", + "privilege": "DisassociateGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to export a copy of a serverless cache at a specific moment in time to s3 bucket", + "privilege": "ExportServerlessCacheSnapshot", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [ + "s3:DeleteObject", + "s3:ListAllMyBuckets", + "s3:PutObject" + ], + "resource_type": "serverlesscachesnapshot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to failover the primary region to a selected secondary region of a global replication group", + "privilege": "FailoverGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to increase the number of node groups in a global replication group", + "privilege": "IncreaseNodeGroupsInGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + }, + { + "condition_keys": [ + "elasticache:NumNodeGroups" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to increase the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group", + "privilege": "IncreaseReplicaCount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:ReplicasPerNodeGroup" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to test an AZ power interruption for an ElastiCache resource", + "privilege": "InterruptClusterAzPower", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list available node type that can be used to scale a particular Redis cluster or replication group", + "privilege": "ListAllowedNodeTypeModifications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for an ElastiCache resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reserved-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscache" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify settings for a cluster", + "privilege": "ModifyCacheCluster", + "resource_types": [ + { + "condition_keys": [ + "elasticache:CacheNodeType", + "elasticache:EngineVersion", + "elasticache:MultiAZEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:SnapshotRetentionLimit", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify parameters of a cache parameter group", + "privilege": "ModifyCacheParameterGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an existing cache subnet group", + "privilege": "ModifyCacheSubnetGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify settings for a global replication group", + "privilege": "ModifyGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + }, + { + "condition_keys": [ + "elasticache:CacheNodeType", + "elasticache:EngineVersion", + "elasticache:AutomaticFailoverEnabled" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the settings for a replication group", + "privilege": "ModifyReplicationGroup", + "resource_types": [ + { + "condition_keys": [ + "elasticache:CacheNodeType", + "elasticache:EngineVersion", + "elasticache:AutomaticFailoverEnabled", + "elasticache:MultiAZEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:SnapshotRetentionLimit", + "elasticache:CacheParameterGroupName", + "elasticache:TransitEncryptionEnabled", + "elasticache:ClusterModeEnabled" + ], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add shards, remove shards, or rebalance the keyspaces among existing shards of a replication group", + "privilege": "ModifyReplicationGroupShardConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:NumNodeGroups" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify parameters for a serverless cache", + "privilege": "ModifyServerlessCache", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:EngineVersion", + "elasticache:SnapshotRetentionLimit", + "elasticache:MaximumDataStorage", + "elasticache:DataStorageUnit", + "elasticache:MaximumECPUPerSecond" + ], + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeTags" + ], + "resource_type": "serverlesscache*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "usergroup" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change Redis user password(s) and/or access string", + "privilege": "ModifyUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:UserAuthenticationMode" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change list of users that belong to the user group", + "privilege": "ModifyUserGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to purchase a reserved cache node offering", + "privilege": "PurchaseReservedCacheNodesOffering", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticache:AddTagsToResource" + ], + "resource_type": "reserved-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to perform a key space rebalance operation to redistribute slots and ensure uniform key distribution across existing shards in a global replication group", + "privilege": "RebalanceSlotsInGlobalReplicationGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "globalreplicationgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reboot some, or all, of the cache nodes within a provisioned cache cluster or replication group (cluster mode disabled)", + "privilege": "RebootCacheCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from a ElastiCache resource", + "privilege": "RemoveTagsFromResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reserved-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscache" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "serverlesscachesnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "usergroup" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify parameters of a cache parameter group back to their default values", + "privilege": "ResetCacheParameterGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticache:CacheParameterGroupName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an EC2 security group ingress from a ElastiCache security group", + "privilege": "RevokeCacheSecurityGroupIngress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securitygroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis", + "privilege": "StartMigration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to test automatic failover on a specified node group in a replication group", + "privilege": "TestFailover", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to test a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis", + "privilege": "TestMigration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "replicationgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:parametergroup:${CacheParameterGroupName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:CacheParameterGroupName" + ], + "resource": "parametergroup" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:securitygroup:${CacheSecurityGroupName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "securitygroup" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:subnetgroup:${CacheSubnetGroupName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "subnetgroup" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:replicationgroup:${ReplicationGroupId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:AtRestEncryptionEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:AutomaticFailoverEnabled", + "elasticache:CacheNodeType", + "elasticache:CacheParameterGroupName", + "elasticache:ClusterModeEnabled", + "elasticache:EngineType", + "elasticache:EngineVersion", + "elasticache:KmsKeyId", + "elasticache:MultiAZEnabled", + "elasticache:NumNodeGroups", + "elasticache:ReplicasPerNodeGroup", + "elasticache:SnapshotRetentionLimit", + "elasticache:TransitEncryptionEnabled" + ], + "resource": "replicationgroup" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:cluster:${CacheClusterId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:AuthTokenEnabled", + "elasticache:CacheNodeType", + "elasticache:CacheParameterGroupName", + "elasticache:EngineType", + "elasticache:EngineVersion", + "elasticache:MultiAZEnabled", + "elasticache:SnapshotRetentionLimit" + ], + "resource": "cluster" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:reserved-instance:${ReservedCacheNodeId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "reserved-instance" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:snapshot:${SnapshotName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:KmsKeyId" + ], + "resource": "snapshot" + }, + { + "arn": "arn:${Partition}:elasticache::${Account}:globalreplicationgroup:${GlobalReplicationGroupId}", + "condition_keys": [ + "elasticache:AtRestEncryptionEnabled", + "elasticache:AuthTokenEnabled", + "elasticache:AutomaticFailoverEnabled", + "elasticache:CacheNodeType", + "elasticache:CacheParameterGroupName", + "elasticache:ClusterModeEnabled", + "elasticache:EngineType", + "elasticache:EngineVersion", + "elasticache:KmsKeyId", + "elasticache:MultiAZEnabled", + "elasticache:NumNodeGroups", + "elasticache:ReplicasPerNodeGroup", + "elasticache:SnapshotRetentionLimit", + "elasticache:TransitEncryptionEnabled" + ], + "resource": "globalreplicationgroup" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:user:${UserId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:UserAuthenticationMode" + ], + "resource": "user" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:usergroup:${UserGroupId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "usergroup" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:serverlesscache:${ServerlessCacheName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:DataStorageUnit", + "elasticache:EngineType", + "elasticache:EngineVersion", + "elasticache:KmsKeyId", + "elasticache:MaximumDataStorage", + "elasticache:MaximumECPUPerSecond", + "elasticache:SnapshotRetentionLimit" + ], + "resource": "serverlesscache" + }, + { + "arn": "arn:${Partition}:elasticache:${Region}:${Account}:serverlesscachesnapshot:${ServerlessCacheSnapshotName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "elasticache:KmsKeyId" + ], + "resource": "serverlesscachesnapshot" + } + ], + "service_name": "Amazon ElastiCache" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticbeanstalk:FromApplication", + "description": "Filters access by an application as a dependency or a constraint on an input parameter", + "type": "ARN" + }, + { + "condition": "elasticbeanstalk:FromApplicationVersion", + "description": "Filters access by an application version as a dependency or a constraint on an input parameter", + "type": "ARN" + }, + { + "condition": "elasticbeanstalk:FromConfigurationTemplate", + "description": "Filters access by a configuration template as a dependency or a constraint on an input parameter", + "type": "ARN" + }, + { + "condition": "elasticbeanstalk:FromEnvironment", + "description": "Filters access by an environment as a dependency or a constraint on an input parameter", + "type": "ARN" + }, + { + "condition": "elasticbeanstalk:FromPlatform", + "description": "Filters access by a platform as a dependency or a constraint on an input parameter", + "type": "ARN" + }, + { + "condition": "elasticbeanstalk:FromSolutionStack", + "description": "Filters access by a solution stack as a dependency or a constraint on an input parameter", + "type": "ARN" + }, + { + "condition": "elasticbeanstalk:InApplication", + "description": "Filters access by the application that contains the resource that the action operates on", + "type": "ARN" + } + ], + "prefix": "elasticbeanstalk", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel in-progress environment configuration update or application version deployment", + "privilege": "AbortEnvironmentUpdate", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to an Elastic Beanstalk resource and to update tag values", + "privilege": "AddTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to apply a scheduled managed action immediately", + "privilege": "ApplyEnvironmentManagedAction", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate an operations role with an environment", + "privilege": "AssociateEnvironmentOperationsRole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to check CNAME availability", + "privilege": "CheckDNSAvailability", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update a group of environments, each running a separate component of a single application", + "privilege": "ComposeEnvironments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "applicationversion*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an application version for an application", + "privilege": "CreateApplicationVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "applicationversion*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a configuration template", + "privilege": "CreateConfigurationTemplate", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplication", + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromEnvironment", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to launch an environment for an application", + "privilege": "CreateEnvironment", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new version of a custom platform", + "privilege": "CreatePlatformVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create the Amazon S3 storage location for the account", + "privilege": "CreateStorageLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application along with all associated versions and configurations", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application version from an application", + "privilege": "DeleteApplicationVersion", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "applicationversion*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a configuration template", + "privilege": "DeleteConfigurationTemplate", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the draft configuration associated with the running environment", + "privilege": "DeleteEnvironmentConfiguration", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a version of a custom platform", + "privilege": "DeletePlatformVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of account attributes, including resource quotas", + "privilege": "DescribeAccountAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of application versions stored in an AWS Elastic Beanstalk storage bucket", + "privilege": "DescribeApplicationVersions", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "applicationversion" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the descriptions of existing applications", + "privilege": "DescribeApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve descriptions of environment configuration options", + "privilege": "DescribeConfigurationOptions", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "solutionstack" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a description of the settings for a configuration set", + "privilege": "DescribeConfigurationSettings", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the overall health of an environment", + "privilege": "DescribeEnvironmentHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of an environment's completed and failed managed actions", + "privilege": "DescribeEnvironmentManagedActionHistory", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of an environment's upcoming and in-progress managed actions", + "privilege": "DescribeEnvironmentManagedActions", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of AWS resources for an environment", + "privilege": "DescribeEnvironmentResources", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve descriptions for existing environments", + "privilege": "DescribeEnvironments", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of event descriptions matching a set of criteria", + "privilege": "DescribeEvents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve more detailed information about the health of environment instances", + "privilege": "DescribeInstancesHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a description of a managed platform version", + "privilege": "DescribePlatformVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate an operations role with an environment", + "privilege": "DisassociateEnvironmentOperationsRole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of the available solution stack names", + "privilege": "ListAvailableSolutionStacks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "solutionstack" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of the available platform branches", + "privilege": "ListPlatformBranches", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of the available platforms", + "privilege": "ListPlatformVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of tags of an Elastic Beanstalk resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to submit instance statistics for enhanced health", + "privilege": "PutInstanceStatistics", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete and recreate all of the AWS resources for an environment and to force a restart", + "privilege": "RebuildEnvironment", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Elastic Beanstalk resource", + "privilege": "RemoveTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to initiate a request to compile information of the deployed environment", + "privilege": "RequestEnvironmentInfo", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request an environment to restart the application container server running on each Amazon EC2 instance", + "privilege": "RestartAppServer", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the compiled information from a RequestEnvironmentInfo request", + "privilege": "RetrieveEnvironmentInfo", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to swap the CNAMEs of two environments", + "privilege": "SwapEnvironmentCNAMEs", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromEnvironment" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to terminate an environment", + "privilege": "TerminateEnvironment", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an application with specified properties", + "privilege": "UpdateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the application version lifecycle policy associated with the application", + "privilege": "UpdateApplicationResourceLifecycle", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an application version with specified properties", + "privilege": "UpdateApplicationVersion", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "applicationversion*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a configuration template with specified properties or configuration option values", + "privilege": "UpdateConfigurationTemplate", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplication", + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromEnvironment", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an environment", + "privilege": "UpdateEnvironment", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "elasticbeanstalk:FromApplicationVersion", + "elasticbeanstalk:FromConfigurationTemplate", + "elasticbeanstalk:FromSolutionStack", + "elasticbeanstalk:FromPlatform" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to an Elastic Beanstalk resource, remove tags, and to update tag values", + "privilege": "UpdateTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "applicationversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "platform" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to check the validity of a set of configuration settings for a configuration template or an environment", + "privilege": "ValidateConfigurationSettings", + "resource_types": [ + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "configurationtemplate" + }, + { + "condition_keys": [ + "elasticbeanstalk:InApplication" + ], + "dependent_actions": [], + "resource_type": "environment" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticbeanstalk:InApplication" + ], + "resource": "applicationversion" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticbeanstalk:InApplication" + ], + "resource": "configurationtemplate" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticbeanstalk:InApplication" + ], + "resource": "environment" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}::solutionstack/${SolutionStackName}", + "condition_keys": [], + "resource": "solutionstack" + }, + { + "arn": "arn:${Partition}:elasticbeanstalk:${Region}::platform/${PlatformNameWithVersion}", + "condition_keys": [], + "resource": "platform" + } + ], + "service_name": "AWS Elastic Beanstalk" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticfilesystem:AccessPointArn", + "description": "Filters access by the ARN of the access point used to mount the file system", + "type": "ARN" + }, + { + "condition": "elasticfilesystem:AccessedViaMountTarget", + "description": "Filters access by whether the file system is accessed via mount targets", + "type": "Bool" + }, + { + "condition": "elasticfilesystem:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" + }, + { + "condition": "elasticfilesystem:Encrypted", + "description": "Filters access by whether users can create only encrypted or unencrypted file systems", + "type": "Bool" + } + ], + "prefix": "elasticfilesystem", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to start a backup job for an existing file system", + "privilege": "Backup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to allow an NFS client read-access to a file system", + "privilege": "ClientMount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to allow an NFS client root-access to a file system", + "privilege": "ClientRootAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to allow an NFS client write-access to a file system", + "privilege": "ClientWrite", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "elasticfilesystem:AccessPointArn", + "elasticfilesystem:AccessedViaMountTarget" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an access point for the specified file system", + "privilege": "CreateAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticfilesystem:TagResource" + ], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new, empty file system", + "privilege": "CreateFileSystem", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticfilesystem:Encrypted" + ], + "dependent_actions": [ + "elasticfilesystem:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a mount target for a file system", + "privilege": "CreateMountTarget", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new replication configuration", + "privilege": "CreateReplicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource", + "privilege": "CreateTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified access point", + "privilege": "DeleteAccessPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a file system, permanently severing access to its contents", + "privilege": "DeleteFileSystem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the resource-level policy for a file system", + "privilege": "DeleteFileSystemPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified mount target", + "privilege": "DeleteMountTarget", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a replication configuration", + "privilege": "DeleteReplicationConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource", + "privilege": "DeleteTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the descriptions of Amazon EFS access points", + "privilege": "DescribeAccessPoints", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the account preferences in effect for an account", + "privilege": "DescribeAccountPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the BackupPolicy object for an Amazon EFS file system", + "privilege": "DescribeBackupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the resource-level policy for an Amazon EFS file system", + "privilege": "DescribeFileSystemPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called", + "privilege": "DescribeFileSystems", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system", + "privilege": "DescribeLifecycleConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the security groups in effect for a mount target", + "privilege": "DescribeMountTargetSecurityGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system", + "privilege": "DescribeMountTargets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called", + "privilege": "DescribeReplicationConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the tags associated with a file system", + "privilege": "DescribeTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the tags associated with the specified Amazon EFS resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the set of security groups in effect for a mount target", + "privilege": "ModifyMountTargetSecurityGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the account preferences of an account", + "privilege": "PutAccountPreferences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object", + "privilege": "PutBackupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system", + "privilege": "PutFileSystemPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object", + "privilege": "PutLifecycleConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a restore job for a backup of a file system", + "privilege": "Restore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to create or overwrite tags associated with the specified Amazon EFS resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticfilesystem:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to delete the specified tags from an Amazon EFS resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "access-point" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system", + "privilege": "UpdateFileSystem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the file system protection of an existing file system", + "privilege": "UpdateFileSystemProtection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "file-system*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:file-system/${FileSystemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "file-system" + }, + { + "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:access-point/${AccessPointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "access-point" + } + ], + "service_name": "Amazon Elastic File System" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" + }, + { + "condition": "elasticloadbalancing:ListenerProtocol", + "description": "Filters access by the listener protocols that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:ResourceTag/", + "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", + "type": "String" + }, + { + "condition": "elasticloadbalancing:ResourceTag/${TagKey}", + "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", + "type": "String" + }, + { + "condition": "elasticloadbalancing:Scheme", + "description": "Filters access by the load balancer scheme that are allowed in the request", + "type": "String" + }, + { + "condition": "elasticloadbalancing:SecurityGroup", + "description": "Filters access by the security-group IDs that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:SecurityPolicy", + "description": "Filters access by the SSL Security Policies that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:Subnet", + "description": "Filters access by the subnet IDs that are allowed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "elasticloadbalancing", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", + "privilege": "AddTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate one or more security groups with your load balancer in a virtual private cloud (VPC)", + "privilege": "ApplySecurityGroupsToLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add one or more subnets to the set of configured subnets for the specified load balancer", + "privilege": "AttachLoadBalancerToSubnets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:Subnet" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to specify the health check settings to use when evaluating the health state of your back-end instances", + "privilege": "ConfigureHealthCheck", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate a stickiness policy with sticky session lifetimes that follow that of an application-generated cookie", + "privilege": "CreateAppCookieStickinessPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent) or a specified expiration period", + "privilege": "CreateLBCookieStickinessPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a load balancer", + "privilege": "CreateLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "loadbalancer" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup", + "elasticloadbalancing:Subnet", + "elasticloadbalancing:Scheme", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create one or more listeners for the specified load balancer", + "privilege": "CreateLoadBalancerListeners", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a policy with the specified attributes for the specified load balancer", + "privilege": "CreateLoadBalancerPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified load balancer", + "privilege": "DeleteLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified listeners from the specified load balancer", + "privilege": "DeleteLoadBalancerListeners", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified policy from the specified load balancer. This policy must not be enabled for any listeners", + "privilege": "DeleteLoadBalancerPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister the specified instances from the specified load balancer", + "privilege": "DeregisterInstancesFromLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the state of the specified instances with respect to the specified load balancer", + "privilege": "DescribeInstanceHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the attributes for the specified load balancer", + "privilege": "DescribeLoadBalancerAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified policies", + "privilege": "DescribeLoadBalancerPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified load balancer policy types", + "privilege": "DescribeLoadBalancerPolicyTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", + "privilege": "DescribeLoadBalancers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the tags associated with the specified load balancers", + "privilege": "DescribeTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the specified subnets from the set of configured subnets for the load balancer", + "privilege": "DetachLoadBalancerFromSubnets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the specified Availability Zones from the set of Availability Zones for the specified load balancer", + "privilege": "DisableAvailabilityZonesForLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add the specified Availability Zones to the set of Availability Zones for the specified load balancer", + "privilege": "EnableAvailabilityZonesForLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the attributes of the specified load balancer", + "privilege": "ModifyLoadBalancerAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add the specified instances to the specified load balancer", + "privilege": "RegisterInstancesWithLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified load balancer", + "privilege": "RemoveTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the certificate that terminates the specified listener's SSL connections", + "privilege": "SetLoadBalancerListenerSSLCertificate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace the set of policies associated with the specified port on which the back-end server is listening with a new set of policies", + "privilege": "SetLoadBalancerPoliciesForBackendServer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to replace the current set of policies for the specified load balancer port with the specified set of policies", + "privilege": "SetLoadBalancerPoliciesOfListener", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/${LoadBalancerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "loadbalancer" + } + ], + "service_name": "AWS Elastic Load Balancing" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" + }, + { + "condition": "elasticloadbalancing:ListenerProtocol", + "description": "Filters access by the listener protocol that is allowed in the request", + "type": "String" + }, + { + "condition": "elasticloadbalancing:ResourceTag/${TagKey}", + "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", + "type": "String" + }, + { + "condition": "elasticloadbalancing:Scheme", + "description": "Filters access by the load balancer scheme that is allowed in the request", + "type": "String" + }, + { + "condition": "elasticloadbalancing:SecurityGroup", + "description": "Filters access by the security-group IDs that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:SecurityPolicy", + "description": "Filters access by the SSL Security Policies that are allowed in the request", + "type": "ArrayOfString" + }, + { + "condition": "elasticloadbalancing:Subnet", + "description": "Filters access by the subnet IDs that are allowed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "elasticloadbalancing", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add the specified certificates to the specified secure listener", + "privilege": "AddListenerCertificates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", + "privilege": "AddTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:CreateAction" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add revocations to a trust store", + "privilege": "AddTrustStoreRevocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a listener for the specified Application Load Balancer", + "privilege": "CreateListener", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a load balancer", + "privilege": "CreateLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup", + "elasticloadbalancing:Subnet", + "elasticloadbalancing:Scheme" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a rule for the specified listener", + "privilege": "CreateRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a target group", + "privilege": "CreateTargetGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a trust store", + "privilege": "CreateTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags" + ], + "resource_type": "truststore" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified listener", + "privilege": "DeleteListener", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified load balancer", + "privilege": "DeleteLoadBalancer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified rule", + "privilege": "DeleteRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified target group", + "privilege": "DeleteTargetGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the specified trust store", + "privilege": "DeleteTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister the specified targets from the specified target group", + "privilege": "DeregisterTargets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the Elastic Load Balancing resource limits for the AWS account", + "privilege": "DescribeAccountLimits", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the certificates for the specified secure listener", + "privilege": "DescribeListenerCertificates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified listeners or the listeners for the specified Application Load Balancer", + "privilege": "DescribeListeners", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the attributes for the specified load balancer", + "privilege": "DescribeLoadBalancerAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", + "privilege": "DescribeLoadBalancers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified rules or the rules for the specified listener", + "privilege": "DescribeRules", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified policies or all policies used for SSL negotiation", + "privilege": "DescribeSSLPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the tags associated with the specified resource", + "privilege": "DescribeTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the attributes for the specified target group", + "privilege": "DescribeTargetGroupAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified target groups or all of your target groups", + "privilege": "DescribeTargetGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the health of the specified targets or all of your targets", + "privilege": "DescribeTargetHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the associations with a trust store", + "privilege": "DescribeTrustStoreAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified trust stores revocations or all of your revocations related to a trust store", + "privilege": "DescribeTrustStoreRevocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the specified trust stores or all of your trust stores", + "privilege": "DescribeTrustStores", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a trust store CA certificates bundle", + "privilege": "GetTrustStoreCaCertificatesBundle", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a trust store revocation content", + "privilege": "GetTrustStoreRevocationContent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified properties of the specified listener", + "privilege": "ModifyListener", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityPolicy", + "elasticloadbalancing:ListenerProtocol" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the attributes of the specified load balancer", + "privilege": "ModifyLoadBalancerAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified rule", + "privilege": "ModifyRule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the health checks used when evaluating the health state of the targets in the specified target group", + "privilege": "ModifyTargetGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified attributes of the specified target group", + "privilege": "ModifyTargetGroupAttributes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the specified trust store", + "privilege": "ModifyTrustStore", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register the specified targets with the specified target group", + "privilege": "RegisterTargets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the specified certificates of the specified secure listener", + "privilege": "RemoveListenerCertificates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified load balancer", + "privilege": "RemoveTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener/net" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "targetgroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove revocations from a trust store", + "privilege": "RemoveTrustStoreRevocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "truststore*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the type of IP addresses used by the subnets of the specified load balancer", + "privilege": "SetIpAddressType", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set the priorities of the specified rules", + "privilege": "SetRulePriorities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/app*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "listener-rule/net*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate the specified security groups with the specified load balancer", + "privilege": "SetSecurityGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:SecurityGroup" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable the Availability Zone for the specified subnets for the specified load balancer", + "privilege": "SetSubnets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/app/" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loadbalancer/net/" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}", + "elasticloadbalancing:Subnet" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to give WebAcl permission to WAF", + "privilege": "SetWebAcl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "listener/app" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "listener-rule/app" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "listener/net" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "listener-rule/net" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "loadbalancer/app/" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "loadbalancer/net/" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "targetgroup" + }, + { + "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:truststore/${TrustStoreName}/${TrustStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "elasticloadbalancing:ResourceTag/${TagKey}" + ], + "resource": "truststore" + } + ], + "service_name": "AWS Elastic Load Balancing V2" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by whether the tag and value pair is provided with the action", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by whether the tag keys are provided with the action regardless of tag value", + "type": "ArrayOfString" + }, + { + "condition": "elasticmapreduce:ExecutionRoleArn", + "description": "Filters access by whether the execution role ARN is provided with the action", + "type": "ARN" + }, + { + "condition": "elasticmapreduce:RequestTag/${TagKey}", + "description": "Filters access by whether the tag and value pair is provided with the action", + "type": "String" + }, + { + "condition": "elasticmapreduce:ResourceTag/${TagKey}", + "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", + "type": "String" + } + ], + "prefix": "elasticmapreduce", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add an instance fleet to a running cluster", + "privilege": "AddInstanceFleet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add instance groups to a running cluster", + "privilege": "AddInstanceGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add new steps to a running cluster", + "privilege": "AddJobFlowSteps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "elasticmapreduce:ExecutionRoleArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to an Amazon EMR resource", + "privilege": "AddTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-execution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to attach an EMR notebook to a compute engine", + "privilege": "AttachEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a pending step or steps in a running cluster", + "privilege": "CancelSteps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR notebook", + "privilege": "CreateEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a persistent application history server", + "privilege": "CreatePersistentAppUI", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR notebook repository", + "privilege": "CreateRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a security configuration", + "privilege": "CreateSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR Studio", + "privilege": "CreateStudio", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to launch an EMR Studio using IAM authentication mode", + "privilege": "CreateStudioPresignedUrl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an EMR Studio session mapping", + "privilege": "CreateStudioSessionMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR notebook", + "privilege": "DeleteEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR notebook repository", + "privilege": "DeleteRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a security configuration", + "privilege": "DeleteSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR Studio", + "privilege": "DeleteStudio", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an EMR Studio session mapping", + "privilege": "DeleteStudioSessionMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to block an identity from opening a collaborative workspace", + "privilege": "DeleteWorkspaceAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about a cluster, including status, hardware and software configuration, VPC settings, and so on", + "privilege": "DescribeCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about a notebook, including status, user, role, tags, location, and more", + "privilege": "DescribeEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe details of clusters (job flows). This API is deprecated and will eventually be removed. We recommend you use ListClusters, DescribeCluster, ListSteps, ListInstanceGroups and ListBootstrapActions instead", + "privilege": "DescribeJobFlows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about a notebook execution", + "privilege": "DescribeNotebookExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-execution*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a persistent application history server", + "privilege": "DescribePersistentAppUI", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about an EMR release, such as which applications are supported", + "privilege": "DescribeReleaseLabel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an EMR notebook repository", + "privilege": "DescribeRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of a security configuration", + "privilege": "DescribeSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about a cluster step", + "privilege": "DescribeStep", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about an EMR Studio", + "privilege": "DescribeStudio", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to detach an EMR notebook from a compute engine", + "privilege": "DetachEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the auto-termination policy associated with a cluster", + "privilege": "GetAutoTerminationPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region", + "privilege": "GetBlockPublicAccessConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to retrieve HTTP basic credentials associated with a given execution IAM Role for a fine-grained access control enabled EMR Cluster", + "privilege": "GetClusterSessionCredentials", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "elasticmapreduce:ExecutionRoleArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the managed scaling policy associated with a cluster", + "privilege": "GetManagedScalingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to get a presigned URL for an application history server running on the cluster", + "privilege": "GetOnClusterAppUIPresignedURL", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to get a presigned URL for a persistent application history server", + "privilege": "GetPersistentAppUIPresignedURL", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view information about an EMR Studio session mapping", + "privilege": "GetStudioSessionMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to link an EMR notebook repository to EMR notebooks", + "privilege": "LinkRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about the bootstrap actions associated with a cluster", + "privilege": "ListBootstrapActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get the status of accessible clusters", + "privilege": "ListClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list summary information for accessible EMR notebooks", + "privilege": "ListEditors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of instance fleets in a cluster", + "privilege": "ListInstanceFleets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of instance groups in a cluster", + "privilege": "ListInstanceGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about the Amazon EC2 instances in a cluster", + "privilege": "ListInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list summary information for notebook executions", + "privilege": "ListNotebookExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list and filter the available EMR releases in the current region", + "privilege": "ListReleaseLabels", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing EMR notebook repositories", + "privilege": "ListRepositories", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list available security configurations in this account by name, along with creation dates and times", + "privilege": "ListSecurityConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list steps associated with a cluster", + "privilege": "ListSteps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list summary information about EMR Studio session mappings", + "privilege": "ListStudioSessionMappings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list summary information about EMR Studios", + "privilege": "ListStudios", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Amazon EC2 instance types that an Amazon EMR release supports", + "privilege": "ListSupportedInstanceTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list identities that are granted access to a workspace", + "privilege": "ListWorkspaceAccessIdentities", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change cluster settings such as number of steps that can be executed concurrently for a cluster", + "privilege": "ModifyCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change the target On-Demand and target Spot capacities for a instance fleet", + "privilege": "ModifyInstanceFleet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change the number and configuration of EC2 instances for an instance group", + "privilege": "ModifyInstanceGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to launch the Jupyter notebook editor for an EMR notebook from within the console", + "privilege": "OpenEditorInConsole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update an automatic scaling policy for a core instance group or task instance group", + "privilege": "PutAutoScalingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update the auto-termination policy associated with a cluster", + "privilege": "PutAutoTerminationPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region", + "privilege": "PutBlockPublicAccessConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update the managed scaling policy associated with a cluster", + "privilege": "PutManagedScalingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to allow an identity to open a collaborative workspace", + "privilege": "PutWorkspaceAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an automatic scaling policy from an instance group", + "privilege": "RemoveAutoScalingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the auto-termination policy associated with a cluster", + "privilege": "RemoveAutoTerminationPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the managed scaling policy associated with a cluster", + "privilege": "RemoveManagedScalingPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon EMR resource", + "privilege": "RemoveTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-execution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation-fleet/${CapacityReservationFleetId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "capacity-reservation-fleet" + "access_level": "Write", + "description": "Grants permission to create and launch a cluster (job flow)", + "privilege": "RunJobFlow", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation/${CapacityReservationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:CapacityReservationFleet", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "capacity-reservation" + "access_level": "Write", + "description": "Grants permission to add and remove auto terminate after step execution for a cluster", + "privilege": "SetKeepJobFlowAliveWhenNoSteps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:carrier-gateway/${CarrierGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:Vpc" - ], - "resource": "carrier-gateway" + "access_level": "Write", + "description": "Grants permission to add and remove termination protection for a cluster", + "privilege": "SetTerminationProtection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] }, { - "arn": "arn:${Partition}:acm:${Region}:${Account}:certificate/${CertificateId}", - "condition_keys": [], - "resource": "certificate" + "access_level": "Write", + "description": "Grants permission to enable or disable unhealthy node replacement for a cluster", + "privilege": "SetUnhealthyNodeReplacement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:client-vpn-endpoint/${ClientVpnEndpointId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ClientRootCertificateChainArn", - "ec2:CloudwatchLogGroupArn", - "ec2:CloudwatchLogStreamArn", - "ec2:DirectoryArn", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SamlProviderArn", - "ec2:ServerCertificateArn" - ], - "resource": "client-vpn-endpoint" + "access_level": "Write", + "description": "Grants permission to set whether all AWS Identity and Access Management (IAM) users in the AWS account can view a cluster. This API is deprecated and your cluster may be visible to all users in your account. To restrict cluster access using an IAM policy, see AWS Identity and Access Management for Amazon EMR (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-access-iam.html)", + "privilege": "SetVisibleToAllUsers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:customer-gateway/${CustomerGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "customer-gateway" + "access_level": "Write", + "description": "Grants permission to start an EMR notebook", + "privilege": "StartEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:dedicated-host/${DedicatedHostId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AutoPlacement", - "ec2:AvailabilityZone", - "ec2:HostRecovery", - "ec2:InstanceType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Quantity", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "dedicated-host" + "access_level": "Write", + "description": "Grants permission to start an EMR notebook execution", + "privilege": "StartNotebookExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "elasticmapreduce:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:dhcp-options/${DhcpOptionsId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:DhcpOptionsID", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "dhcp-options" + "access_level": "Write", + "description": "Grants permission to shut down an EMR notebook", + "privilege": "StopEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:egress-only-internet-gateway/${EgressOnlyInternetGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "egress-only-internet-gateway" + "access_level": "Write", + "description": "Grants permission to stop notebook execution", + "privilege": "StopNotebookExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "notebook-execution*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:elastic-gpu/${ElasticGpuId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:ElasticGpuType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "elastic-gpu" + "access_level": "Write", + "description": "Grants permission to terminate a cluster (job flow)", + "privilege": "TerminateJobFlows", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] }, { - "arn": "arn:${Partition}:elastic-inference:${Region}:${Account}:elastic-inference-accelerator/${AcceleratorId}", - "condition_keys": [], - "resource": "elastic-inference" + "access_level": "Write", + "description": "Grants permission to unlink an EMR notebook repository from EMR notebooks", + "privilege": "UnlinkRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:export-image-task/${ExportImageTaskId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "export-image-task" + "access_level": "Write", + "description": "Grants permission to update an EMR notebook", + "privilege": "UpdateEditor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "editor*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:export-instance-task/${ExportTaskId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "export-instance-task" + "access_level": "Write", + "description": "Grants permission to update an EMR notebook repository", + "privilege": "UpdateRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:fleet/${FleetId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "fleet" + "access_level": "Write", + "description": "Grants permission to update information about an EMR Studio", + "privilege": "UpdateStudio", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:fpga-image/${FpgaImageId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Owner", - "ec2:Public", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "fpga-image" + "access_level": "Write", + "description": "Grants permission to update an EMR Studio session mapping", + "privilege": "UpdateStudioSessionMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:host-reservation/${HostReservationId}", + "access_level": "List", + "description": "Grants permission to use the EMR console to view events from all clusters", + "privilege": "ViewEventsFromAllClustersInConsole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" + "elasticmapreduce:ResourceTag/${TagKey}" ], - "resource": "host-reservation" + "resource": "cluster" }, { - "arn": "arn:${Partition}:ec2:${Region}::image/${ImageId}", + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:editor/${EditorId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:ImageID", - "ec2:ImageType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Owner", - "ec2:Public", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType" + "elasticmapreduce:ResourceTag/${TagKey}" ], - "resource": "image" + "resource": "editor" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:import-image-task/${ImportImageTaskId}", + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:notebook-execution/${NotebookExecutionId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" + "elasticmapreduce:ResourceTag/${TagKey}" ], - "resource": "import-image-task" + "resource": "notebook-execution" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:import-snapshot-task/${ImportSnapshotTaskId}", + "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:studio/${StudioId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" + "elasticmapreduce:ResourceTag/${TagKey}" ], - "resource": "import-snapshot-task" + "resource": "studio" + } + ], + "service_name": "Amazon Elastic MapReduce" + }, + { + "conditions": [], + "prefix": "elastictranscoder", + "privileges": [ + { + "access_level": "Write", + "description": "Cancel a job that Elastic Transcoder has not begun to process", + "privilege": "CancelJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance-connect-endpoint/${InstanceConnectEndpointId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID" - ], - "resource": "instance-connect-endpoint" + "access_level": "Write", + "description": "Create a job", + "privilege": "CreateJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "preset*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance-event-window/${InstanceEventWindowId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "instance-event-window" + "access_level": "Write", + "description": "Create a pipeline", + "privilege": "CreatePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:EbsOptimized", - "ec2:InstanceAutoRecovery", - "ec2:InstanceID", - "ec2:InstanceMarketType", - "ec2:InstanceMetadataTags", - "ec2:InstanceProfile", - "ec2:InstanceType", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:MetadataHttpEndpoint", - "ec2:MetadataHttpPutResponseHopLimit", - "ec2:MetadataHttpTokens", - "ec2:NewInstanceProfile", - "ec2:PlacementGroup", - "ec2:ProductCode", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RootDeviceType", - "ec2:Tenancy" - ], - "resource": "instance" + "access_level": "Write", + "description": "Create a preset", + "privilege": "CreatePreset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:internet-gateway/${InternetGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:InternetGatewayID", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "internet-gateway" + "access_level": "Write", + "description": "Delete a pipeline", + "privilege": "DeletePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] }, { - "arn": "arn:${Partition}:ec2::${Account}:ipam/${IpamId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipam" + "access_level": "Write", + "description": "Delete a preset", + "privilege": "DeletePreset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "preset*" + } + ] }, { - "arn": "arn:${Partition}:ec2::${Account}:ipam-pool/${IpamPoolId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipam-pool" + "access_level": "List", + "description": "Get a list of the jobs that you assigned to a pipeline", + "privilege": "ListJobsByPipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] }, { - "arn": "arn:${Partition}:ec2::${Account}:ipam-resource-discovery-association/${IpamResourceDiscoveryAssociationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipam-resource-discovery-association" + "access_level": "List", + "description": "Get information about all of the jobs associated with the current AWS account that have a specified status", + "privilege": "ListJobsByStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2::${Account}:ipam-resource-discovery/${IpamResourceDiscoveryId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipam-resource-discovery" + "access_level": "List", + "description": "Get a list of the pipelines associated with the current AWS account", + "privilege": "ListPipelines", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2::${Account}:ipam-scope/${IpamScopeId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipam-scope" + "access_level": "List", + "description": "Get a list of all presets associated with the current AWS account", + "privilege": "ListPresets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:coip-pool/${Ipv4PoolCoipId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "coip-pool" + "access_level": "Read", + "description": "Get detailed information about a job", + "privilege": "ReadJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:ipv4pool-ec2/${Ipv4PoolEc2Id}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipv4pool-ec2" + "access_level": "Read", + "description": "Get detailed information about a pipeline", + "privilege": "ReadPipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:ipv6pool-ec2/${Ipv6PoolEc2Id}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "ipv6pool-ec2" + "access_level": "Read", + "description": "Get detailed information about a preset", + "privilege": "ReadPreset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "preset*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:key-pair/${KeyPairName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:IsLaunchTemplateResource", - "ec2:KeyPairName", - "ec2:KeyPairType", - "ec2:LaunchTemplate", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "key-pair" + "access_level": "Write", + "description": "Test the settings for a pipeline to ensure that Elastic Transcoder can create and process jobs", + "privilege": "TestRole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:launch-template/${LaunchTemplateId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "launch-template" + "access_level": "Write", + "description": "Update settings for a pipeline", + "privilege": "UpdatePipeline", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] }, { - "arn": "arn:${Partition}:license-manager:${Region}:${Account}:license-configuration:${LicenseConfigurationId}", + "access_level": "Write", + "description": "Update only Amazon Simple Notification Service (Amazon SNS) notifications for a pipeline", + "privilege": "UpdatePipelineNotifications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + }, + { + "access_level": "Write", + "description": "Pause or reactivate a pipeline, so the pipeline stops or restarts processing jobs, update the status for the pipeline", + "privilege": "UpdatePipelineStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pipeline*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:job/${JobId}", "condition_keys": [], - "resource": "license-configuration" + "resource": "job" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway/${LocalGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "local-gateway" + "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:pipeline/${PipelineId}", + "condition_keys": [], + "resource": "pipeline" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-route-table-virtual-interface-group-association/${LocalGatewayRouteTableVirtualInterfaceGroupAssociationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "local-gateway-route-table-virtual-interface-group-association" + "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:preset/${PresetId}", + "condition_keys": [], + "resource": "preset" + } + ], + "service_name": "Amazon Elastic Transcoder" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-route-table-vpc-association/${LocalGatewayRouteTableVpcAssociationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "local-gateway-route-table-vpc-association" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-route-table/${LocalGatewayRoutetableId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "local-gateway-route-table" + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "elemental-activations", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to complete the process of registering customer account for AWS Elemental Appliances and Software Purchases", + "privilege": "CompleteAccountRegistration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-virtual-interface-group/${LocalGatewayVirtualInterfaceGroupId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "local-gateway-virtual-interface-group" + "access_level": "Read", + "description": "Grants permission to complete the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", + "privilege": "CompleteFileUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:local-gateway-virtual-interface/${LocalGatewayVirtualInterfaceId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "local-gateway-virtual-interface" + "access_level": "Read", + "description": "Grants permission to download the Software files for AWS Elemental Appliances and Software Purchases", + "privilege": "DownloadSoftware", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:natgateway/${NatGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "natgateway" + "access_level": "Read", + "description": "Grants permission to generate Software Licenses for AWS Elemental Appliances and Software Purchases", + "privilege": "GenerateLicenses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-acl/${NaclId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:NetworkAclID", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Vpc" - ], - "resource": "network-acl" + "access_level": "Read", + "description": "Grants permission to describe an activation", + "privilege": "GetActivation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "activation*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope-analysis/${NetworkInsightsAccessScopeAnalysisId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "network-insights-access-scope-analysis" + "access_level": "Read", + "description": "Grants permission to list tags for an AWS Elemental Activations resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "activation" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope/${NetworkInsightsAccessScopeId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "network-insights-access-scope" + "access_level": "Read", + "description": "Grants permission to start the process of registering customer account for AWS Elemental Appliances and Software Purchases", + "privilege": "StartAccountRegistration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-analysis/${NetworkInsightsAnalysisId}", + "access_level": "Read", + "description": "Grants permission to start the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", + "privilege": "StartFileUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add a tag for an AWS Elemental Activations resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "activation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "activation" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag from an AWS Elemental Activations resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "activation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "activation" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:elemental-activations:${Region}:${Account}:activation/${ResourceId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "network-insights-analysis" - }, + "resource": "activation" + } + ], + "service_name": "AWS Elemental Appliances and Software Activation Service" + }, + { + "conditions": [ { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-insights-path/${NetworkInsightsPathId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "network-insights-path" + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by request tag", + "type": "String" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:network-interface/${NetworkInterfaceId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:AssociatePublicIpAddress", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AuthorizedService", - "ec2:AuthorizedUser", - "ec2:AvailabilityZone", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:NetworkInterfaceID", - "ec2:Permission", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Subnet", - "ec2:Vpc" - ], - "resource": "network-interface" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by resource tag", + "type": "String" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:placement-group/${PlacementGroupName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:PlacementGroupName", - "ec2:PlacementGroupStrategy", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "placement-group" - }, + "condition": "aws:TagKeys", + "description": "Filters access by tag keys", + "type": "ArrayOfString" + } + ], + "prefix": "elemental-appliances-software", + "privileges": [ { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:prefix-list/${PrefixListId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "prefix-list" + "access_level": "Write", + "description": "Grants permission to complete an upload of an attachment for a quote or order", + "privilege": "CompleteUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:replace-root-volume-task/${ReplaceRootVolumeTaskId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "replace-root-volume-task" + "access_level": "Write", + "description": "Grants permission to create an order", + "privilege": "CreateOrderV1", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:reserved-instances/${ReservationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:InstanceType", - "ec2:Region", - "ec2:ReservedInstancesOfferingType", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy" - ], - "resource": "reserved-instances" + "access_level": "Tagging", + "description": "Grants permission to create a quote", + "privilege": "CreateQuote", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:resource-groups:${Region}:${Account}:group/${GroupName}", - "condition_keys": [], - "resource": "group" + "access_level": "Read", + "description": "Grants permission to validate an address", + "privilege": "GetAvsCorrectAddress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", - "condition_keys": [], - "resource": "role" + "access_level": "Read", + "description": "Grants permission to list the billing addresses in the AWS Account", + "privilege": "GetBillingAddresses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:route-table/${RouteTableId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:RouteTableID", - "ec2:Vpc" - ], - "resource": "route-table" + "access_level": "Read", + "description": "Grants permission to list the delivery addresses in the AWS Account", + "privilege": "GetDeliveryAddressesV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:security-group/${SecurityGroupId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SecurityGroupID", - "ec2:Vpc" - ], - "resource": "security-group" + "access_level": "Read", + "description": "Grants permission to describe an order", + "privilege": "GetOrder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:security-group-rule/${SecurityGroupRuleId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "security-group-rule" + "access_level": "Read", + "description": "Grants permission to list the orders in the AWS Account", + "privilege": "GetOrdersV2", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Add/group", - "ec2:Add/userId", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:OutpostArn", - "ec2:Owner", - "ec2:ParentVolume", - "ec2:Region", - "ec2:Remove/group", - "ec2:Remove/userId", - "ec2:ResourceTag/${TagKey}", - "ec2:SnapshotID", - "ec2:SnapshotTime", - "ec2:SourceOutpostArn", - "ec2:VolumeSize" - ], - "resource": "snapshot" + "access_level": "Read", + "description": "Grants permission to describe a quote", + "privilege": "GetQuote", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:spot-fleet-request/${SpotFleetRequestId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "spot-fleet-request" + "access_level": "Read", + "description": "Grants permission to calculate taxes for an order", + "privilege": "GetTaxes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:spot-instances-request/${SpotInstanceRequestId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "spot-instances-request" + "access_level": "List", + "description": "Grants permission to list the quotes in the AWS Account", + "privilege": "ListQuotes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:subnet-cidr-reservation/${SubnetCidrReservationId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "subnet-cidr-reservation" + "access_level": "Read", + "description": "Grants permission to lists tags for an AWS Elemental Appliances and Software resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:subnet/${SubnetId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:IsLaunchTemplateResource", - "ec2:LaunchTemplate", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:SubnetID", - "ec2:Vpc" - ], - "resource": "subnet" + "access_level": "Write", + "description": "Grants permission to start an upload of an attachment for a quote or order", + "privilege": "StartUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-filter/${TrafficMirrorFilterId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "traffic-mirror-filter" + "access_level": "Write", + "description": "Grants permission to submit an order", + "privilege": "SubmitOrderV1", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-filter-rule/${TrafficMirrorFilterRuleId}", - "condition_keys": [ - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region" - ], - "resource": "traffic-mirror-filter-rule" + "access_level": "Tagging", + "description": "Grants permission to tag an AWS Elemental Appliances and Software resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-session/${TrafficMirrorSessionId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "traffic-mirror-session" + "access_level": "Tagging", + "description": "Grants permission to remove a tag from an AWS Elemental Appliances and Software resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-target/${TrafficMirrorTargetId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "traffic-mirror-target" - }, + "access_level": "Write", + "description": "Grants permission to modify a quote", + "privilege": "UpdateQuote", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "quote*" + } + ] + } + ], + "resources": [ { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}", + "arn": "arn:${Partition}:elemental-appliances-software:${Region}:${Account}:quote/${ResourceId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "transit-gateway-attachment" + "resource": "quote" + } + ], + "service_name": "AWS Elemental Appliances and Software" + }, + { + "conditions": [], + "prefix": "elemental-support-cases", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to verify whether the caller has the permissions to perform support case operations", + "privilege": "CheckCasePermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-connect-peer/${TransitGatewayConnectPeerId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "transit-gateway-connect-peer" + "access_level": "Write", + "description": "Grants permission to create a support case", + "privilege": "CreateCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway/${TransitGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "transit-gateway" + "access_level": "Read", + "description": "Grants permission to describe a support case in your account", + "privilege": "GetCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-multicast-domain/${TransitGatewayMulticastDomainId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "transit-gateway-multicast-domain" + "access_level": "Read", + "description": "Grants permission to list the support cases in your account", + "privilege": "GetCases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-policy-table/${TransitGatewayPolicyTableId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "transit-gateway-policy-table" + "access_level": "Write", + "description": "Grants permission to update a support case", + "privilege": "UpdateCase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Elemental Support Cases" + }, + { + "conditions": [], + "prefix": "elemental-support-content", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to search support content", + "privilege": "Query", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Elemental Support Content" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs present in the request", + "type": "String" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-route-table-announcement/${TransitGatewayRouteTableAnnouncementId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "transit-gateway-route-table-announcement" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-route-table/${TransitGatewayRouteTableId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "transit-gateway-route-table" + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys present in the request", + "type": "ArrayOfString" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-endpoint/${VerifiedAccessEndpointId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "verified-access-endpoint" + "condition": "emr-containers:ExecutionRoleArn", + "description": "Filters access by the execution role arn present in the request", + "type": "ARN" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-group/${VerifiedAccessGroupId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "verified-access-group" + "condition": "emr-containers:JobTemplateArn", + "description": "Filters access by the job template arn present in the request", + "type": "ARN" + } + ], + "prefix": "emr-containers", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel a job run", + "privilege": "CancelJobRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-instance/${VerifiedAccessInstanceId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "verified-access-instance" + "access_level": "Write", + "description": "Grants permission to create a job template", + "privilege": "CreateJobTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-policy/${VerifiedAccessPolicyId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "verified-access-policy" + "access_level": "Write", + "description": "Grants permission to create a managed endpoint", + "privilege": "CreateManagedEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "emr-containers:ExecutionRoleArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:verified-access-trust-provider/${VerifiedAccessTrustProviderId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "verified-access-trust-provider" + "access_level": "Write", + "description": "Grants permission to create a security configuration", + "privilege": "CreateSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:volume/${VolumeId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AvailabilityZone", - "ec2:Encrypted", - "ec2:IsLaunchTemplateResource", - "ec2:KmsKeyId", - "ec2:LaunchTemplate", - "ec2:ParentSnapshot", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VolumeID", - "ec2:VolumeIops", - "ec2:VolumeSize", - "ec2:VolumeThroughput", - "ec2:VolumeType" - ], - "resource": "volume" + "access_level": "Write", + "description": "Grants permission to create a virtual cluster", + "privilege": "CreateVirtualCluster", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-connection/${VpcEndpointConnectionId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "vpc-endpoint-connection" + "access_level": "Write", + "description": "Grants permission to delete a job template", + "privilege": "DeleteJobTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobTemplate*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint/${VpcEndpointId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServiceName", - "ec2:VpceServiceOwner" - ], - "resource": "vpc-endpoint" + "access_level": "Write", + "description": "Grants permission to delete a managed endpoint", + "privilege": "DeleteManagedEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-service/${VpcEndpointServiceId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:VpceServicePrivateDnsName" - ], - "resource": "vpc-endpoint-service" + "access_level": "Write", + "description": "Grants permission to delete a virtual cluster", + "privilege": "DeleteVirtualCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-endpoint-service-permission/${VpcEndpointServicePermissionId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "vpc-endpoint-service-permission" + "access_level": "Read", + "description": "Grants permission to describe a job run", + "privilege": "DescribeJobRun", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-flow-log/${VpcFlowLogId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "vpc-flow-log" + "access_level": "Read", + "description": "Grants permission to describe a job template", + "privilege": "DescribeJobTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobTemplate*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc/${VpcId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Ipv4IpamPoolId", - "ec2:Ipv6IpamPoolId", - "ec2:Region", - "ec2:ResourceTag/${TagKey}", - "ec2:Tenancy", - "ec2:VpcID" - ], - "resource": "vpc" + "access_level": "Read", + "description": "Grants permission to describe a managed endpoint", + "privilege": "DescribeManagedEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpc-peering-connection/${VpcPeeringConnectionId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:AccepterVpc", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:Region", - "ec2:RequesterVpc", - "ec2:ResourceTag/${TagKey}", - "ec2:VpcPeeringConnectionID" - ], - "resource": "vpc-peering-connection" + "access_level": "Read", + "description": "Grants permission to describe a security configuration", + "privilege": "DescribeSecurityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securityConfiguration*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection-device-type/${VpnConnectionDeviceTypeId}", - "condition_keys": [ - "ec2:Region" - ], - "resource": "vpn-connection-device-type" + "access_level": "Read", + "description": "Grants permission to describe a virtual cluster", + "privilege": "DescribeVirtualCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-connection/${VpnConnectionId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Attribute", - "ec2:Attribute/${AttributeName}", - "ec2:AuthenticationType", - "ec2:DPDTimeoutSeconds", - "ec2:GatewayType", - "ec2:IKEVersions", - "ec2:InsideTunnelCidr", - "ec2:InsideTunnelIpv6Cidr", - "ec2:Phase1DHGroup", - "ec2:Phase1EncryptionAlgorithms", - "ec2:Phase1IntegrityAlgorithms", - "ec2:Phase1LifetimeSeconds", - "ec2:Phase2DHGroup", - "ec2:Phase2EncryptionAlgorithms", - "ec2:Phase2IntegrityAlgorithms", - "ec2:Phase2LifetimeSeconds", - "ec2:PreSharedKeys", - "ec2:Region", - "ec2:RekeyFuzzPercentage", - "ec2:RekeyMarginTimeSeconds", - "ec2:ReplayWindowSizePackets", - "ec2:ResourceTag/${TagKey}", - "ec2:RoutingType" - ], - "resource": "vpn-connection" + "access_level": "Write", + "description": "Grants permission to generate a session token used to connect to a managed endpoint", + "privilege": "GetManagedEndpointSessionCredentials", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint*" + } + ] }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:vpn-gateway/${VpnGatewayId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "ec2:Region", - "ec2:ResourceTag/${TagKey}" - ], - "resource": "vpn-gateway" - } - ], - "service_name": "Amazon EC2" - }, - { - "conditions": [ + "access_level": "List", + "description": "Grants permission to list job runs associated with a virtual cluster", + "privilege": "ListJobRuns", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster*" + } + ] + }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" + "access_level": "List", + "description": "Grants permission to list job templates", + "privilege": "ListJobTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2-instance-connect:maxTunnelDuration", - "description": "Filters access by maximum session duration associated with the instance", - "type": "Numeric" + "access_level": "List", + "description": "Grants permission to list managed endpoints associated with a virtual cluster", + "privilege": "ListManagedEndpoints", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster*" + } + ] }, { - "condition": "ec2-instance-connect:privateIpAddress", - "description": "Filters access by private IP Address associated with the instance", - "type": "IPAddress" + "access_level": "List", + "description": "Grants permission to list security configurations", + "privilege": "ListSecurityConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "ec2-instance-connect:remotePort", - "description": "Filters access by port number associated with the instance", - "type": "Numeric" + "access_level": "List", + "description": "Grants permission to list tags for the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster" + } + ] }, { - "condition": "ec2:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" + "access_level": "List", + "description": "Grants permission to list virtual clusters", + "privilege": "ListVirtualClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, - { - "condition": "ec2:osuser", - "description": "Filters access by specifying the default user name for the AMI that you used to launch your instance", - "type": "String" - } - ], - "prefix": "ec2-instance-connect", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to establish SSH connection to an EC2 instance using EC2 Instance Connect Endpoint", - "privilege": "OpenTunnel", + "description": "Grants permission to start a job run", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-connect-endpoint*" + "resource_type": "virtualCluster*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}", - "ec2-instance-connect:remotePort", - "ec2-instance-connect:privateIpAddress", - "ec2-instance-connect:MaxTunnelDuration" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "emr-containers:ExecutionRoleArn", + "emr-containers:JobTemplateArn" ], "dependent_actions": [], - "resource_type": "instance-connect-endpoint" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to push an SSH public key to the specified EC2 instance to be used for standard SSH", - "privilege": "SendSSHPublicKey", + "access_level": "Tagging", + "description": "Grants permission to tag the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "jobRun" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster" }, { "condition_keys": [ - "ec2:osuser" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -89079,284 +114030,379 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to push an SSH public key to the specified EC2 instance to be used for serial console SSH", - "privilege": "SendSerialConsoleSSHPublicKey", + "access_level": "Tagging", + "description": "Grants permission to untag the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance*" + "resource_type": "jobRun" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "managedEndpoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "virtualCluster" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}", + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "instance" + "resource": "virtualCluster" }, { - "arn": "arn:${Partition}:ec2:${Region}:${Account}:instance-connect-endpoint/${InstanceConnectEndpointId}", + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/jobruns/${JobRunId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ec2:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "instance-connect-endpoint" + "resource": "jobRun" + }, + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/jobtemplates/${JobTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "jobTemplate" + }, + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/endpoints/${EndpointId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "managedEndpoint" + }, + { + "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/securityconfigurations/${SecurityConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "securityConfiguration" } ], - "service_name": "Amazon EC2 Instance Connect" + "service_name": "Amazon EMR on EKS (EMR Containers)" }, { "conditions": [ { - "condition": "ssm:SourceInstanceARN", - "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" } ], - "prefix": "ec2messages", + "prefix": "emr-serverless", "privileges": [ { "access_level": "Write", - "description": "Grants permission to acknowledge a message, ensuring it will not be delivered again", - "privilege": "AcknowledgeMessage", + "description": "Grants permission to execute interactive workloads on an application", + "privilege": "AccessInteractiveEndpoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a message", - "privilege": "DeleteMessage", + "description": "Grants permission to cancel a job run", + "privilege": "CancelJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobRun*" } ] }, { "access_level": "Write", - "description": "Grants permission to fail a message, signifying the message could not be processed successfully, ensuring it cannot be replied to or delivered again", - "privilege": "FailMessage", + "description": "Grants permission to create an Application", + "privilege": "CreateApplication", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to route traffic to the correct endpoint based on the given destination for the messages", - "privilege": "GetEndpoint", + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to deliver messages to clients/instances using long polling", - "privilege": "GetMessages", + "description": "Grants permission to get application", + "privilege": "GetApplication", "resource_types": [ { - "condition_keys": [ - "ssm:SourceInstanceARN" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send replies from clients/instances to upstream service", - "privilege": "SendReply", + "access_level": "Read", + "description": "Grants permission to get job run dashboard", + "privilege": "GetDashboardForJobRun", "resource_types": [ { - "condition_keys": [ - "ssm:SourceInstanceARN" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobRun*" } ] - } - ], - "resources": [], - "service_name": "Amazon Message Delivery Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", - "type": "ArrayOfString" }, - { - "condition": "ecr:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource", - "type": "String" - } - ], - "prefix": "ecr", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to check the availability of multiple image layers in a specified registry and repository", - "privilege": "BatchCheckLayerAvailability", + "description": "Grants permission to get a job run", + "privilege": "GetJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "jobRun*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a list of specified images within a specified repository", - "privilege": "BatchDeleteImage", + "access_level": "List", + "description": "Grants permission to list applications", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get detailed information for specified images within a specified repository", - "privilege": "BatchGetImage", + "access_level": "List", + "description": "Grants permission to list job runs associated with an application", + "privilege": "ListJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve repository scanning configuration for a list of repositories", - "privilege": "BatchGetRepositoryScanningConfiguration", + "description": "Grants permission to list tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun" } ] }, { "access_level": "Write", - "description": "Grants permission to retrieve the image from the upstream registry and import it to your private registry", - "privilege": "BatchImportUpstreamImage", + "description": "Grants permission to Start an application", + "privilege": "StartApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed", - "privilege": "CompleteLayerUpload", + "description": "Grants permission to start a job run", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create new pull-through cache rule", - "privilege": "CreatePullThroughCacheRule", + "description": "Grants permission to Stop an application", + "privilege": "StopApplication", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an image repository", - "privilege": "CreateRepository", + "access_level": "Tagging", + "description": "Grants permission to tag the specified resource", + "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ecr:TagResource" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified lifecycle policy", - "privilege": "DeleteLifecyclePolicy", + "access_level": "Tagging", + "description": "Grants permission to untag the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobRun" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the pull-through cache rule", - "privilege": "DeletePullThroughCacheRule", + "description": "Grants permission to Update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + }, + { + "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}/jobruns/${JobRunId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "jobRun" + } + ], + "service_name": "Amazon EMR Serverless" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a key that is present in the request the user makes to the entity resolution service", + "type": "String" }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the list of all the tag key names present in the request the user makes to the entity resolution service", + "type": "ArrayOfString" + } + ], + "prefix": "entityresolution", + "privileges": [ { "access_level": "Permissions management", - "description": "Grants permission to delete the registry policy", - "privilege": "DeleteRegistryPolicy", + "description": "Grants permission to give an AWS service or another account permission to use an AWS Entity Resolution resources", + "privilege": "AddPolicyStatement", "resource_types": [ { "condition_keys": [], @@ -89367,280 +114413,284 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an existing image repository", - "privilege": "DeleteRepository", + "description": "Grants permission to create a idmapping workflow", + "privilege": "CreateIdMappingWorkflow", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the repository policy from a specified repository", - "privilege": "DeleteRepositoryPolicy", + "access_level": "Write", + "description": "Grants permission to create a IdNamespace", + "privilege": "CreateIdNamespace", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve replication status about an image in a registry, including failure reason if replication fails", - "privilege": "DescribeImageReplicationStatus", + "access_level": "Write", + "description": "Grants permission to create a matching workflow", + "privilege": "CreateMatchingWorkflow", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the image scan findings for the specified image", - "privilege": "DescribeImageScanFindings", + "access_level": "Write", + "description": "Grants permission to create a schema mapping", + "privilege": "CreateSchemaMapping", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date", - "privilege": "DescribeImages", + "access_level": "Write", + "description": "Grants permission to delete a idmapping workflow", + "privilege": "DeleteIdMappingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdMappingWorkflow*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the pull-through cache rules", - "privilege": "DescribePullThroughCacheRules", + "access_level": "Write", + "description": "Grants permission to delete a IdNamespace", + "privilege": "DeleteIdNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "IdNamespace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the registry settings", - "privilege": "DescribeRegistry", + "access_level": "Write", + "description": "Grants permission to delete a matching workflow", + "privilege": "DeleteMatchingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MatchingWorkflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe image repositories in a registry", - "privilege": "DescribeRepositories", + "access_level": "Permissions management", + "description": "Delete permission given to an AWS service or another account permission to use an AWS Entity Resolution resources", + "privilege": "DeletePolicyStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a token that is valid for a specified registry for 12 hours", - "privilege": "GetAuthorizationToken", + "access_level": "Write", + "description": "Grants permission to delete a schema mapping", + "privilege": "DeleteSchemaMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SchemaMapping*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the download URL corresponding to an image layer", - "privilege": "GetDownloadUrlForLayer", + "description": "Grants permission to get a idmapping job", + "privilege": "GetIdMappingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the specified lifecycle policy", - "privilege": "GetLifecyclePolicy", + "description": "Grants permission to get a idmapping workflow", + "privilege": "GetIdMappingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the results of the specified lifecycle policy preview request", - "privilege": "GetLifecyclePolicyPreview", + "description": "Grants permission to get a IdNamespace", + "privilege": "GetIdNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdNamespace*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the registry policy", - "privilege": "GetRegistryPolicy", + "description": "Grants permission to get match Id", + "privilege": "GetMatchId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve registry scanning configuration", - "privilege": "GetRegistryScanningConfiguration", + "description": "Grants permission to get a matching job", + "privilege": "GetMatchingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the repository policy for a specified repository", - "privilege": "GetRepositoryPolicy", + "description": "Grants permission to get a matching workflow", + "privilege": "GetMatchingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "MatchingWorkflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to notify Amazon ECR that you intend to upload an image layer", - "privilege": "InitiateLayerUpload", + "access_level": "Read", + "description": "Get a resource policy for an AWS Entity Resolution resources", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the image IDs for a given repository", - "privilege": "ListImages", + "access_level": "Read", + "description": "Grants permission to get provider service", + "privilege": "GetProviderService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "ProviderService*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for an Amazon ECR resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get a schema mapping", + "privilege": "GetSchemaMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SchemaMapping*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the image manifest associated with an image", - "privilege": "PutImage", + "access_level": "List", + "description": "Grants permission to list idmapping jobs", + "privilege": "ListIdMappingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdMappingWorkflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the image scanning configuration for a repository", - "privilege": "PutImageScanningConfiguration", + "access_level": "List", + "description": "Grants permission to list idmapping workflows", + "privilege": "ListIdMappingWorkflows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the image tag mutability settings for a repository", - "privilege": "PutImageTagMutability", + "access_level": "List", + "description": "Grants permission to list IdNamespaces", + "privilege": "ListIdNamespaces", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a lifecycle policy", - "privilege": "PutLifecyclePolicy", + "access_level": "List", + "description": "Grants permission to list matching jobs", + "privilege": "ListMatchingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "MatchingWorkflow*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update the registry policy", - "privilege": "PutRegistryPolicy", + "access_level": "List", + "description": "Grants permission to list matching workflows", + "privilege": "ListMatchingWorkflows", "resource_types": [ { "condition_keys": [], @@ -89650,21 +114700,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update registry scanning configuration", - "privilege": "PutRegistryScanningConfiguration", + "access_level": "List", + "description": "Grants permission to list provider service", + "privilege": "ListProviderServices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ProviderService*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the replication configuration for the registry", - "privilege": "PutReplicationConfiguration", + "access_level": "List", + "description": "Grants permission to list schema mappings", + "privilege": "ListSchemaMappings", "resource_types": [ { "condition_keys": [], @@ -89674,63 +114724,58 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to replicate images to the destination registry", - "privilege": "ReplicateImage", + "access_level": "Read", + "description": "Grants permission to List tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to apply a repository policy on a specified repository to control access permissions", - "privilege": "SetRepositoryPolicy", + "description": "Put a resource policy for an AWS Entity Resolution resources", + "privilege": "PutPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start an image scan", - "privilege": "StartImageScan", + "description": "Grants permission to start a idmapping job", + "privilege": "StartIdMappingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdMappingWorkflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a preview of the specified lifecycle policy", - "privilege": "StartLifecyclePolicyPreview", + "description": "Grants permission to start a matching job", + "privilege": "StartMatchingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "MatchingWorkflow*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag an Amazon ECR resource", + "description": "Grants permission to adds tags to a resource", "privilege": "TagResource", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -89743,17 +114788,11 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag an Amazon ECR resource", + "description": "Grants permission to untag a resource", "privilege": "UntagResource", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository*" - }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -89763,99 +114802,169 @@ }, { "access_level": "Write", - "description": "Grants permission to upload an image layer part to Amazon ECR", - "privilege": "UploadLayerPart", + "description": "Grants permission to update a idmapping workflow", + "privilege": "UpdateIdMappingWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "IdMappingWorkflow*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a IdNamespace", + "privilege": "UpdateIdNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "IdNamespace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a matching workflow", + "privilege": "UpdateMatchingWorkflow", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MatchingWorkflow*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a schema mapping", + "privilege": "UpdateSchemaMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SchemaMapping*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to give an AWS service or another account permission to use IdNamespace within a workflow", + "privilege": "UseIdNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:ecr:${Region}:${Account}:repository/${RepositoryName}", + "arn": "arn:${Partition}:entityresolution::${Account}:matchingworkflow/${WorkflowName}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecr:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "repository" + "resource": "MatchingWorkflow" + }, + { + "arn": "arn:${Partition}:entityresolution::${Account}:schemamapping/${SchemaName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "SchemaMapping" + }, + { + "arn": "arn:${Partition}:entityresolution::${Account}:idmappingworkflow/${WorkflowName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "IdMappingWorkflow" + }, + { + "arn": "arn:${Partition}:entityresolution::${Account}:providerservice/${ProviderName}/${ProviderServiceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ProviderService" + }, + { + "arn": "arn:${Partition}:entityresolution::${Account}:idnamespace/${IdNamespaceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "IdNamespace" } ], - "service_name": "Amazon Elastic Container Registry" + "service_name": "AWS Entity Resolution" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters create requests based on the allowed set of values for each of the tags", + "description": "Filters access based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", + "description": "Filters access based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters create requests based on the presence of mandatory tags in the request", + "description": "Filters access based on the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "ecr-public:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value associated with the resource", - "type": "String" } ], - "prefix": "ecr-public", + "prefix": "es", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to check the availability of multiple image layers in a specified registry and repository", - "privilege": "BatchCheckLayerAvailability", + "access_level": "Write", + "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request", + "privilege": "AcceptInboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a list of specified images within a specified repository", - "privilege": "BatchDeleteImage", + "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request. This permission is deprecated. Use AcceptInboundConnection instead", + "privilege": "AcceptInboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to inform Amazon ECR that the image layer upload for a specified registry, repository name, and upload ID, has completed", - "privilege": "CompleteLayerUpload", + "description": "Grants permission to add the data source for the OpenSearch Service domain", + "privilege": "AddDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an image repository", - "privilege": "CreateRepository", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to an OpenSearch Service domain", + "privilege": "AddTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" }, { "condition_keys": [ @@ -89869,231 +114978,255 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an existing image repository", - "privilege": "DeleteRepository", + "description": "Grants permission to associate a package with an OpenSearch Service domain", + "privilege": "AssociatePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the repository policy from a specified repository", - "privilege": "DeleteRepositoryPolicy", + "description": "Grants permission to provide access to an Amazon OpenSearch Service domain through the use of an interface VPC endpoint", + "privilege": "AuthorizeVpcEndpointAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe all the image tags for a given repository", - "privilege": "DescribeImageTags", + "access_level": "Write", + "description": "Grants permission to cancel a change on an OpenSearch Service domain", + "privilege": "CancelDomainConfigChange", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get metadata about the images in a repository, including image size, image tags, and creation date", - "privilege": "DescribeImages", + "access_level": "Write", + "description": "Grants permission to cancel a service software update of a domain. This permission is deprecated. Use CancelServiceSoftwareUpdate instead", + "privilege": "CancelElasticsearchServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the catalog data associated with a registry", - "privilege": "DescribeRegistries", + "access_level": "Write", + "description": "Grants permission to cancel a service software update of a domain", + "privilege": "CancelServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "domain*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe image repositories in a registry", - "privilege": "DescribeRepositories", + "access_level": "Write", + "description": "Grants permission to create an Amazon OpenSearch Service domain", + "privilege": "CreateDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "domain" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a token that is valid for a specified registry for 12 hours", - "privilege": "GetAuthorizationToken", + "access_level": "Write", + "description": "Grants permission to create an OpenSearch Service domain. This permission is deprecated. Use CreateDomain instead", + "privilege": "CreateElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "domain" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the catalog data associated with a registry", - "privilege": "GetRegistryCatalogData", + "access_level": "Write", + "description": "Grants permission to create the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. OpenSearch Service creates the service-linked role for you", + "privilege": "CreateElasticsearchServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the catalog data associated with a repository", - "privilege": "GetRepositoryCatalogData", + "access_level": "Write", + "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain", + "privilege": "CreateOutboundConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the repository policy for a specified repository", - "privilege": "GetRepositoryPolicy", + "access_level": "Write", + "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain. This permission is deprecated. Use CreateOutboundConnection instead", + "privilege": "CreateOutboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify Amazon ECR that you intend to upload an image layer", - "privilege": "InitiateLayerUpload", + "description": "Grants permission to add a package for use with OpenSearch Service domains", + "privilege": "CreatePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for an Amazon ECR resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create the service-linked role required for Amazon OpenSearch Service domains that use VPC access", + "privilege": "CreateServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update the image manifest associated with an image", - "privilege": "PutImage", + "description": "Grants permission to create an Amazon OpenSearch Service-managed VPC endpoint", + "privilege": "CreateVpcEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create and update the catalog data associated with a registry", - "privilege": "PutRegistryCatalogData", + "description": "Grants permission to delete the data source for the OpenSearch Service domain", + "privilege": "DeleteDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the catalog data associated with a repository", - "privilege": "PutRepositoryCatalogData", + "description": "Grants permission to delete an Amazon OpenSearch Service domain and all of its data", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to apply a repository policy on a specified repository to control access permissions", - "privilege": "SetRepositoryPolicy", + "access_level": "Write", + "description": "Grants permission to delete an OpenSearch Service domain and all of its data. This permission is deprecated. Use DeleteDomain instead", + "privilege": "DeleteElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "domain*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an Amazon ECR resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. Use the IAM API to delete service-linked roles", + "privilege": "DeleteElasticsearchServiceRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection", + "privilege": "DeleteInboundConnection", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag an Amazon ECR resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection. This permission is deprecated. Use DeleteInboundConnection instead", + "privilege": "DeleteInboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection", + "privilege": "DeleteOutboundConnection", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -90101,189 +115234,224 @@ }, { "access_level": "Write", - "description": "Grants permission to upload an image layer part to Amazon ECR Public", - "privilege": "UploadLayerPart", + "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection. This permission is deprecated. Use DeleteOutboundConnection instead", + "privilege": "DeleteOutboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ecr-public::${Account}:repository/${RepositoryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecr-public:ResourceTag/${TagKey}" - ], - "resource": "repository" }, { - "arn": "arn:${Partition}:ecr-public::${Account}:registry/${RegistryId}", - "condition_keys": [], - "resource": "registry" - } - ], - "service_name": "Amazon Elastic Container Registry Public" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "access_level": "Write", + "description": "Grants permission to delete a package from OpenSearch Service. The package cannot be associated with any domains", + "privilege": "DeletePackage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to delete an Amazon OpenSearch Service-managed interface VPC endpoint", + "privilege": "DeleteVpcEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" + "access_level": "Read", + "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN", + "privilege": "DescribeDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to view the Auto-Tune configuration of the domain for the specified OpenSearch Service domain, including the Auto-Tune state and maintenance schedules", + "privilege": "DescribeDomainAutoTunes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:capacity-provider", - "description": "Filters access by the ARN of an Amazon ECS capacity provider", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to view detail stage progress of an OpenSearch Service domain", + "privilege": "DescribeDomainChangeProgress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:cluster", - "description": "Filters access by the ARN of an Amazon ECS cluster", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to view a description of the configuration options and status of an OpenSearch Service domain", + "privilege": "DescribeDomainConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:container-instances", - "description": "Filters access by the ARN of an Amazon ECS container instance", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to view information about domain and node health, the standby Availability Zone, number of nodes per Availability Zone, and shard count per node", + "privilege": "DescribeDomainHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:container-name", - "description": "Filters access by the name of an Amazon ECS container which is defined in the ECS task definition", - "type": "String" + "access_level": "Read", + "description": "Grants permission to view information about nodes configured for the domain and their configurations- the node id, type of node, status of node, Availability Zone, instance type and storage", + "privilege": "DescribeDomainNodes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:enable-execute-command", - "description": "Filters access by the execute-command capability of your Amazon ECS task or Amazon ECS service", - "type": "String" + "access_level": "List", + "description": "Grants permission to view a description of the domain configuration for up to five specified OpenSearch Service domains", + "privilege": "DescribeDomains", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:enable-service-connect", - "description": "Filters access by the enable field value in the Service Connect configuration", - "type": "String" + "access_level": "Read", + "description": "Grants permission to describe the status of a pre-update validation check on an OpenSearch Service domain", + "privilege": "DescribeDryRunProgress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:namespace", - "description": "Filters access by the ARN of AWS Cloud Map namespace which is defined in the Service Connect Configuration", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN. This permission is deprecated. Use DescribeDomain instead", + "privilege": "DescribeElasticsearchDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:service", - "description": "Filters access by the ARN of an Amazon ECS service", - "type": "ARN" + "access_level": "Read", + "description": "Grants permission to view a description of the configuration and status of an OpenSearch Service domain. This permission is deprecated. Use DescribeDomainConfig instead", + "privilege": "DescribeElasticsearchDomainConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:task", - "description": "Filters access by the ARN of an Amazon ECS task", - "type": "ARN" + "access_level": "List", + "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domains. This permission is deprecated. Use DescribeDomains instead", + "privilege": "DescribeElasticsearchDomains", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domain*" + } + ] }, { - "condition": "ecs:task-definition", - "description": "Filters access by the ARN of an Amazon ECS task definition", - "type": "ARN" - } - ], - "prefix": "ecs", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling", - "privilege": "CreateCapacityProvider", + "access_level": "List", + "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type. This permission is deprecated. Use DescribeInstanceTypeLimits instead", + "privilege": "DescribeElasticsearchInstanceTypeLimits", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Amazon ECS cluster", - "privilege": "CreateCluster", + "access_level": "List", + "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain", + "privilege": "DescribeInboundConnections", "resource_types": [ { - "condition_keys": [ - "ecs:capacity-provider", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to run and maintain a desired number of tasks from a specified task definition via service creation", - "privilege": "CreateService", + "access_level": "List", + "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain. This permission is deprecated. Use DescribeInboundConnections instead", + "privilege": "DescribeInboundCrossClusterSearchConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" - }, - { - "condition_keys": [ - "ecs:cluster", - "ecs:capacity-provider", - "ecs:task-definition", - "ecs:enable-execute-command", - "ecs:enable-service-connect", - "ecs:namespace", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Amazon ECS task set", - "privilege": "CreateTaskSet", + "access_level": "List", + "description": "Grants permission to view the instance count, storage, and master node limits for a given engine version and instance type", + "privilege": "DescribeInstanceTypeLimits", "resource_types": [ { - "condition_keys": [ - "ecs:cluster", - "ecs:capacity-provider", - "ecs:service", - "ecs:task-definition", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are disabled for new resources that are created", - "privilege": "DeleteAccountSetting", + "access_level": "List", + "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain", + "privilege": "DescribeOutboundConnections", "resource_types": [ { "condition_keys": [], @@ -90293,240 +115461,237 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete one or more custom attributes from an Amazon ECS resource", - "privilege": "DeleteAttributes", + "access_level": "List", + "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain. This permission is deprecated. Use DescribeOutboundConnections instead", + "privilege": "DescribeOutboundCrossClusterSearchConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe all packages available to OpenSearch Service domains", + "privilege": "DescribePackages", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified capacity provider", - "privilege": "DeleteCapacityProvider", + "access_level": "List", + "description": "Grants permission to fetch Reserved Instance offerings for Amazon OpenSearch Service. This permission is deprecated. Use DescribeReservedInstanceOfferings instead", + "privilege": "DescribeReservedElasticsearchInstanceOfferings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-provider*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified cluster", - "privilege": "DeleteCluster", + "access_level": "List", + "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased. This permission is deprecated. Use DescribeReservedInstances instead", + "privilege": "DescribeReservedElasticsearchInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified service within a cluster", - "privilege": "DeleteService", + "access_level": "List", + "description": "Grants permission to fetch Reserved Instance offerings for OpenSearch Service", + "privilege": "DescribeReservedInstanceOfferings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased", + "privilege": "DescribeReservedInstances", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified task definitions by family and revision", - "privilege": "DeleteTaskDefinitions", + "access_level": "List", + "description": "Grants permission to describe one or more Amazon OpenSearch Service-managed VPC endpoints", + "privilege": "DescribeVpcEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-definition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified task set", - "privilege": "DeleteTaskSet", + "description": "Grants permission to disassociate a package from the specified OpenSearch Service domain", + "privilege": "DissociatePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-set*" - }, - { - "condition_keys": [ - "ecs:cluster", - "ecs:service" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister an Amazon ECS container instance from the specified cluster", - "privilege": "DeregisterContainerInstance", + "access_level": "Read", + "description": "Grants permission to send cross-cluster requests to a destination domain", + "privilege": "ESCrossClusterGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "domain" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister the specified task definition by family and revision", - "privilege": "DeregisterTaskDefinition", + "description": "Grants permission to send HTTP DELETE requests to the OpenSearch APIs", + "privilege": "ESHttpDelete", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain" } ] }, { "access_level": "Read", - "description": "Grants permission to describe one or more Amazon ECS capacity providers", - "privilege": "DescribeCapacityProviders", + "description": "Grants permission to send HTTP GET requests to the OpenSearch APIs", + "privilege": "ESHttpGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-provider*" + "resource_type": "domain" } ] }, { "access_level": "Read", - "description": "Grants permission to describes one or more of your clusters", - "privilege": "DescribeClusters", + "description": "Grants permission to send HTTP HEAD requests to the OpenSearch APIs", + "privilege": "ESHttpHead", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "domain" } ] }, { - "access_level": "Read", - "description": "Grants permission to describes Amazon ECS container instances", - "privilege": "DescribeContainerInstances", + "access_level": "Write", + "description": "Grants permission to send HTTP PATCH requests to the OpenSearch APIs", + "privilege": "ESHttpPatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send HTTP POST requests to the OpenSearch APIs", + "privilege": "ESHttpPost", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the specified services running in your cluster", - "privilege": "DescribeServices", + "access_level": "Write", + "description": "Grants permission to send HTTP PUT requests to the OpenSearch APIs", + "privilege": "ESHttpPut", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" - }, + "resource_type": "domain" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to fetch a list of compatible OpenSearch and Elasticsearch versions to which an OpenSearch Service domain can be upgraded. This permission is deprecated. Use GetCompatibleVersions instead", + "privilege": "GetCompatibleElasticsearchVersions", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a task definition. You can specify a family and revision to find information about a specific task definition, or you can simply specify the family to find the latest ACTIVE revision in that family", - "privilege": "DescribeTaskDefinition", + "access_level": "List", + "description": "Grants permission to fetch list of compatible engine versions to which an OpenSearch Service domain can be upgraded", + "privilege": "GetCompatibleVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe Amazon ECS task sets", - "privilege": "DescribeTaskSets", + "description": "Grants permission to get the data source for the OpenSearch Service domain", + "privilege": "GetDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-set*" - }, - { - "condition_keys": [ - "ecs:cluster", - "ecs:service" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a specified task or tasks", - "privilege": "DescribeTasks", + "description": "Grants permission to retrieve the status of maintenance action for the node", + "privilege": "GetDomainMaintenanceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" - }, - { - "condition_keys": [ - "ecs:cluster" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Write", - "description": "Grants permission to get an endpoint for the Amazon ECS agent to poll for updates", - "privilege": "DiscoverPollEndpoint", + "access_level": "Read", + "description": "Grants permission to fetch the version history for a package", + "privilege": "GetPackageVersionHistory", "resource_types": [ { "condition_keys": [], @@ -90536,54 +115701,57 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to run a command remotely on an Amazon ECS container", - "privilege": "ExecuteCommand", + "access_level": "Read", + "description": "Grants permission to fetch the upgrade history of a given OpenSearch Service domain", + "privilege": "GetUpgradeHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to fetch the upgrade status of a given OpenSearch Service domain", + "privilege": "GetUpgradeStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" - }, - { - "condition_keys": [ - "ecs:cluster", - "ecs:container-name", - "ecs:task" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the protection status of tasks in an Amazon ECS service", - "privilege": "GetTaskProtection", + "access_level": "List", + "description": "Grants permission to retrieve a list of data source for the OpenSearch Service domain", + "privilege": "ListDataSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of maintenance actions for the OpenSearch Service domain", + "privilege": "ListDomainMaintenances", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the account settings for an Amazon ECS resource for a specified principal", - "privilege": "ListAccountSettings", + "access_level": "List", + "description": "Grants permission to display the names of all OpenSearch Service domains that the current user owns", + "privilege": "ListDomainNames", "resource_types": [ { "condition_keys": [], @@ -90594,20 +115762,20 @@ }, { "access_level": "List", - "description": "Grants permission to lists the attributes for Amazon ECS resources within a specified target type and cluster", - "privilege": "ListAttributes", + "description": "Grants permission to list all OpenSearch Service domains that a package is associated with", + "privilege": "ListDomainsForPackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of existing clusters", - "privilege": "ListClusters", + "description": "Grants permission to list all instance types and available features for a given OpenSearch version. This permission is deprecated. Use ListInstanceTypeDetails instead", + "privilege": "ListElasticsearchInstanceTypeDetails", "resource_types": [ { "condition_keys": [], @@ -90618,25 +115786,23 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of container instances in a specified cluster", - "privilege": "ListContainerInstances", + "description": "Grants permission to list all EC2 instance types that are supported for a given OpenSearch version", + "privilege": "ListElasticsearchInstanceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of services that are running in a specified cluster", - "privilege": "ListServices", + "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch Service. This permission is deprecated. Use ListVersions instead", + "privilege": "ListElasticsearchVersions", "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -90644,49 +115810,68 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of services that are running in a specified AWS Cloud Map Namespace", - "privilege": "ListServicesByNamespace", + "description": "Grants permission to list all instance types and available features for a given OpenSearch or Elasticsearch version", + "privilege": "ListInstanceTypeDetails", "resource_types": [ { - "condition_keys": [ - "ecs:namespace" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of tags for the specified resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list all packages associated with the OpenSearch Service domain", + "privilege": "ListPackagesForDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of configuration changes that are scheduled for a OpenSearch Service domain", + "privilege": "ListScheduledActions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to display all resource tags for an OpenSearch Service domain", + "privilege": "ListTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all supported OpenSearch and Elasticsearch versions in Amazon OpenSearch Service", + "privilege": "ListVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-definition" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of task definition families that are registered to your account (which may include task definition families that no longer have any ACTIVE task definitions)", - "privilege": "ListTaskDefinitionFamilies", + "description": "Grants permission to retrieve information about each AWS principal that is allowed to access a given Amazon OpenSearch Service domain through the use of an interface VPC endpoint", + "privilege": "ListVpcEndpointAccess", "resource_types": [ { "condition_keys": [], @@ -90697,8 +115882,8 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of task definitions that are registered to your account", - "privilege": "ListTaskDefinitions", + "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints in the current AWS account and Region", + "privilege": "ListVpcEndpoints", "resource_types": [ { "condition_keys": [], @@ -90709,46 +115894,32 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of tasks for a specified cluster", - "privilege": "ListTasks", + "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints associated with a particular domain", + "privilege": "ListVpcEndpointsForDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, - { - "condition_keys": [ - "ecs:cluster" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to an agent to connect with the Amazon ECS service to report status and get commands", - "privilege": "Poll", + "description": "Grants permission to purchase OpenSearch Service Reserved Instances. This permission is deprecated. Use PurchaseReservedInstanceOffering instead", + "privilege": "PurchaseReservedElasticsearchInstanceOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, - { - "condition_keys": [ - "ecs:cluster" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the ARN and resource ID format of a resource for a specified IAM user, IAM role, or the root user for an account. You can specify whether the new ARN and resource ID format are enabled for new resources that are created. Enabling this setting is required to use new Amazon ECS features such as resource tagging", - "privilege": "PutAccountSetting", + "description": "Grants permission to purchase OpenSearch reserved instances", + "privilege": "PurchaseReservedInstanceOffering", "resource_types": [ { "condition_keys": [], @@ -90759,8 +115930,8 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the ARN and resource ID format of a resource type for all IAM users on an account for which no individual account setting has been set. Enabling this setting is required to use new Amazon ECS features such as resource tagging", - "privilege": "PutAccountSettingDefault", + "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request", + "privilege": "RejectInboundConnection", "resource_types": [ { "condition_keys": [], @@ -90771,36 +115942,29 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an attribute on an Amazon ECS resource", - "privilege": "PutAttributes", + "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request. This permission is deprecated. Use RejectInboundConnection instead", + "privilege": "RejectInboundCrossClusterSearchConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, - { - "condition_keys": [ - "ecs:cluster" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the available capacity providers and the default capacity provider strategy for a cluster", - "privilege": "PutClusterCapacityProviders", + "access_level": "Tagging", + "description": "Grants permission to remove resource tags from an OpenSearch Service domain", + "privilege": "RemoveTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "domain*" }, { "condition_keys": [ - "ecs:capacity-provider" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -90809,99 +115973,95 @@ }, { "access_level": "Write", - "description": "Grants permission to register an EC2 instance into the specified cluster", - "privilege": "RegisterContainerInstance", + "description": "Grants permission to revoke access to an Amazon OpenSearch Service domain that was provided through an interface VPC endpoint", + "privilege": "RevokeVpcEndpointAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register a new task definition from the supplied family and containerDefinitions", - "privilege": "RegisterTaskDefinition", + "description": "Grants permission to initiate the maintenance on the node", + "privilege": "StartDomainMaintenance", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a task using random placement and the default Amazon ECS scheduler", - "privilege": "RunTask", + "description": "Grants permission to start a service software update of a domain. This permission is deprecated. Use StartServiceSoftwareUpdate instead", + "privilege": "StartElasticsearchServiceSoftwareUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-definition*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a service software update of a domain", + "privilege": "StartServiceSoftwareUpdate", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster", - "ecs:capacity-provider", - "ecs:enable-execute-command", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new task from the specified task definition on the specified container instance or instances", - "privilege": "StartTask", + "description": "Grants permission to update the data source for the OpenSearch Service domain", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-definition*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances", + "privilege": "UpdateDomainConfig", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster", - "ecs:container-instances", - "ecs:enable-execute-command", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a telemetry session", - "privilege": "StartTelemetrySession", + "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances. This permission is deprecated. Use UpdateDomainConfig instead", + "privilege": "UpdateElasticsearchDomainConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a package for use with OpenSearch Service domains", + "privilege": "UpdatePackage", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -90909,18 +116069,23 @@ }, { "access_level": "Write", - "description": "Grants permission to stop a running task", - "privilege": "StopTask", + "description": "Grants permission to reschedule a planned OpenSearch Service domain configuration change for a later time", + "privilege": "UpdateScheduledAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" - }, + "resource_type": "domain*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify an Amazon OpenSearch Service-managed interface VPC endpoint", + "privilege": "UpdateVpcEndpoint", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -90928,85 +116093,207 @@ }, { "access_level": "Write", - "description": "Grants permission to send an acknowledgement that attachments changed states", - "privilege": "SubmitAttachmentStateChanges", + "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a given version", + "privilege": "UpgradeDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to send an acknowledgement that a container changed states", - "privilege": "SubmitContainerStateChange", + "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a specified version. This permission is deprecated. Use UpgradeDomain instead", + "privilege": "UpgradeElasticsearchDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "domain*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domain" + }, + { + "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "es_role" + }, + { + "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "opensearchservice_role" + } + ], + "service_name": "Amazon OpenSearch Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the tags to event bus and rule actions", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource to event bus and rule actions", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tags in the request to event bus and rule actions", + "type": "ArrayOfString" + }, + { + "condition": "events:EventBusArn", + "description": "Filters access by the ARN of the event buses that can be associated with an endpoint to CreateEndpoint and UpdateEndpoint actions", + "type": "ArrayOfARN" + }, + { + "condition": "events:ManagedBy", + "description": "Filters access by AWS services. If a rule is created by an AWS service on your behalf, the value is the principal name of the service that created the rule", + "type": "String" + }, + { + "condition": "events:TargetArn", + "description": "Filters access by the ARN of a target that can be put to a rule to PutTargets actions. TargetARN doesn't include DeadLetterConfigArn", + "type": "ArrayOfARN" + }, + { + "condition": "events:creatorAccount", + "description": "Filters access by the account the rule was created in to rule actions", + "type": "String" + }, + { + "condition": "events:detail-type", + "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions", + "type": "String" + }, + { + "condition": "events:detail.eventTypeCode", + "description": "Filters access by the literal string for the detail.eventTypeCode field of the event to PutRule actions", + "type": "String" + }, + { + "condition": "events:detail.service", + "description": "Filters access by the literal string for the detail.service field of the event to PutRule actions", + "type": "String" + }, + { + "condition": "events:detail.userIdentity.principalId", + "description": "Filters access by the literal string for the detail.useridentity.principalid field of the event to PutRule actions", + "type": "String" + }, + { + "condition": "events:eventBusInvocation", + "description": "Filters access by whether the event was generated via API or cross-account bus invocation to PutEvents actions", + "type": "String" }, + { + "condition": "events:source", + "description": "Filters access by the AWS service or AWS partner event source that generated the event to PutEvents and PutRule actions. Matches the literal string of the source field of the event", + "type": "ArrayOfString" + } + ], + "prefix": "events", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to send an acknowledgement that a task changed states", - "privilege": "SubmitTaskStateChange", + "description": "Grants permission to activate partner event sources", + "privilege": "ActivateEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-source*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to cancel a replay", + "privilege": "CancelReplay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-provider" - }, + "resource_type": "replay*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new api destination", + "privilege": "CreateApiDestination", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "api-destination*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new archive", + "privilege": "CreateArchive", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service" + "resource_type": "archive*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" - }, + "resource_type": "event-bus*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new connection", + "privilege": "CreateConnection", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-definition" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an endpoint", + "privilege": "CreateEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-set" + "resource_type": "endpoint*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "ecs:CreateAction" + "events:EventBusArn" ], "dependent_actions": [], "resource_type": "" @@ -91014,49 +116301,19 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create event buses", + "privilege": "CreateEventBus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-provider" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "container-instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "service" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task-definition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task-set" + "resource_type": "event-bus*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -91065,134 +116322,131 @@ }, { "access_level": "Write", - "description": "Grants permission to update the specified capacity provider", - "privilege": "UpdateCapacityProvider", + "description": "Grants permission to create partner event sources", + "privilege": "CreatePartnerEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "capacity-provider*" + "resource_type": "event-source*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration or settings to use for a cluster", - "privilege": "UpdateCluster", + "description": "Grants permission to deactivate event sources", + "privilege": "DeactivateEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-source*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the settings to use for a cluster", - "privilege": "UpdateClusterSettings", + "description": "Grants permission to deauthorize a connection, deleting its stored authorization secrets", + "privilege": "DeauthorizeConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "connection*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Amazon ECS container agent on a specified container instance", - "privilege": "UpdateContainerAgent", + "description": "Grants permission to delete an api destination", + "privilege": "DeleteApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, - { - "condition_keys": [ - "ecs:cluster" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "api-destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to the user to modify the status of an Amazon ECS container instance", - "privilege": "UpdateContainerInstancesState", + "description": "Grants permission to delete an archive", + "privilege": "DeleteArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container-instance*" - }, - { - "condition_keys": [ - "ecs:cluster" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "archive*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the parameters of a service", - "privilege": "UpdateService", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an endpoint", + "privilege": "DeleteEndpoint", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster", - "ecs:capacity-provider", - "ecs:enable-execute-command", - "ecs:enable-service-connect", - "ecs:namespace", - "ecs:task-definition" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the primary task set used in a service", - "privilege": "UpdateServicePrimaryTaskSet", + "description": "Grants permission to delete event buses", + "privilege": "DeleteEventBus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" - }, + "resource_type": "event-bus*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete partner event sources", + "privilege": "DeletePartnerEventSource", + "resource_types": [ { - "condition_keys": [ - "ecs:cluster" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the protection status of a task", - "privilege": "UpdateTaskProtection", + "description": "Grants permission to delete rules", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "ecs:cluster" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -91200,191 +116454,124 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the specified task set", - "privilege": "UpdateTaskSet", + "access_level": "Read", + "description": "Grants permission to retrieve details about an api destination", + "privilege": "DescribeApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task-set*" + "resource_type": "api-destination*" }, { - "condition_keys": [ - "ecs:cluster", - "ecs:service" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "cluster" - }, - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:container-instance/${ClusterName}/${ContainerInstanceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "container-instance" - }, - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:service/${ClusterName}/${ServiceName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "service" - }, - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:task/${ClusterName}/${TaskId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "task" - }, - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:task-definition/${TaskDefinitionFamilyName}:${TaskDefinitionRevisionNumber}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "task-definition" - }, - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:capacity-provider/${CapacityProviderName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "capacity-provider" - }, - { - "arn": "arn:${Partition}:ecs:${Region}:${Account}:task-set/${ClusterName}/${ServiceName}/${TaskSetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "ecs:ResourceTag/${TagKey}" - ], - "resource": "task-set" - } - ], - "service_name": "Amazon Elastic Container Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a key that is present in the request the user makes to the EKS service", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names present in the request the user makes to the EKS service", - "type": "ArrayOfString" }, { - "condition": "eks:clientId", - "description": "Filters access by the clientId present in the associateIdentityProviderConfig request the user makes to the EKS service", - "type": "String" + "access_level": "Read", + "description": "Grants permission to retrieve details about an archive", + "privilege": "DescribeArchive", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "archive*" + } + ] }, - { - "condition": "eks:issuerUrl", - "description": "Filters access by the issuerUrl present in the associateIdentityProviderConfig request the user makes to the EKS service", - "type": "String" - } - ], - "prefix": "eks", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to view Kubernetes objects via AWS EKS console", - "privilege": "AccessKubernetesApi", + "description": "Grants permission to retrieve details about a conection", + "privilege": "DescribeConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "connection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate encryption configuration to a cluster", - "privilege": "AssociateEncryptionConfig", + "access_level": "Read", + "description": "Grants permission to retrieve details about an endpoint", + "privilege": "DescribeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an identity provider configuration to a cluster", - "privilege": "AssociateIdentityProviderConfig", + "access_level": "Read", + "description": "Grants permission to retrieve details about event buses", + "privilege": "DescribeEventBus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, + "resource_type": "event-bus" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details about event sources", + "privilege": "DescribeEventSource", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "eks:clientId", - "eks:issuerUrl" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon EKS add-on", - "privilege": "CreateAddon", + "access_level": "Read", + "description": "Grants permission to retrieve details about partner event sources", + "privilege": "DescribePartnerEventSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, + "resource_type": "event-source*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the details of a replay", + "privilege": "DescribeReplay", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "replay*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon EKS cluster", - "privilege": "CreateCluster", + "access_level": "Read", + "description": "Grants permission to retrieve details about rules", + "privilege": "DescribeRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -91393,18 +116580,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Fargate profile", - "privilege": "CreateFargateProfile", + "description": "Grants permission to disable rules", + "privilege": "DisableRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -91413,18 +116605,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon EKS Nodegroup", - "privilege": "CreateNodegroup", + "description": "Grants permission to enable rules", + "privilege": "EnableRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "rule-on-custom-event-bus" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:creatorAccount", + "events:ManagedBy" ], "dependent_actions": [], "resource_type": "" @@ -91433,80 +116630,80 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon EKS add-on", - "privilege": "DeleteAddon", + "description": "Grants permission to invoke an api destination", + "privilege": "InvokeApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon*" + "resource_type": "api-destination*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon EKS cluster", - "privilege": "DeleteCluster", + "access_level": "List", + "description": "Grants permission to retrieve a list of api destinations", + "privilege": "ListApiDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Fargate profile", - "privilege": "DeleteFargateProfile", + "access_level": "List", + "description": "Grants permission to retrieve a list of archives", + "privilege": "ListArchives", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fargateprofile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon EKS Nodegroup", - "privilege": "DeleteNodegroup", + "access_level": "List", + "description": "Grants permission to retrieve a list of connections", + "privilege": "ListConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister an External cluster", - "privilege": "DeregisterCluster", + "access_level": "List", + "description": "Grants permission to retrieve a list of endpoints", + "privilege": "ListEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptive information about an Amazon EKS add-on", - "privilege": "DescribeAddon", + "access_level": "List", + "description": "Grants permission to retrieve a list of the event buses in your account", + "privilege": "ListEventBuses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list configuration options about an Amazon EKS add-on", - "privilege": "DescribeAddonConfiguration", + "access_level": "List", + "description": "Grants permission to to retrieve a list of event sources shared with this account", + "privilege": "ListEventSources", "resource_types": [ { "condition_keys": [], @@ -91516,262 +116713,317 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptive version information about the add-ons that Amazon EKS Add-ons supports", - "privilege": "DescribeAddonVersions", + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS account IDs associated with an event source", + "privilege": "ListPartnerEventSourceAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-source*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptive information about an Amazon EKS cluster", - "privilege": "DescribeCluster", + "access_level": "List", + "description": "Grants permission to retrieve a list partner event sources", + "privilege": "ListPartnerEventSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptive information about an AWS Fargate profile associated with a cluster", - "privilege": "DescribeFargateProfile", + "access_level": "List", + "description": "Grants permission to retrieve a list of replays", + "privilege": "ListReplays", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fargateprofile*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptive information about an Idp config associated with a cluster", - "privilege": "DescribeIdentityProviderConfig", + "access_level": "List", + "description": "Grants permission to retrieve a list of the names of the rules associated with a target", + "privilege": "ListRuleNamesByTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "identityproviderconfig*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve descriptive information about an Amazon EKS nodegroup", - "privilege": "DescribeNodegroup", + "access_level": "List", + "description": "Grants permission to retrieve a list of the Amazon EventBridge rules in the account", + "privilege": "ListRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a given update for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)", - "privilege": "DescribeUpdate", + "access_level": "List", + "description": "Grants permission to retrieve a list of tags associated with an Amazon EventBridge resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an asssociated Idp config", - "privilege": "DisassociateIdentityProviderConfig", - "resource_types": [ + "resource_type": "rule-on-default-event-bus" + }, { - "condition_keys": [], + "condition_keys": [ + "events:creatorAccount" + ], "dependent_actions": [], - "resource_type": "identityproviderconfig*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the Amazon EKS add-ons in your AWS account (in the specified or default region) for a given cluster", - "privilege": "ListAddons", + "description": "Grants permission to retrieve a list of targets defined for a rule", + "privilege": "ListTargetsByRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the Amazon EKS clusters in your AWS account (in the specified or default region)", - "privilege": "ListClusters", - "resource_types": [ + "resource_type": "rule-on-custom-event-bus" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule-on-default-event-bus" + }, + { + "condition_keys": [ + "events:creatorAccount" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the AWS Fargate profiles in your AWS account (in the specified or default region) associated with a given cluster", - "privilege": "ListFargateProfiles", + "access_level": "Write", + "description": "Grants permission to send custom events to Amazon EventBridge", + "privilege": "PutEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-bus*" + }, + { + "condition_keys": [ + "events:detail-type", + "events:source", + "events:eventBusInvocation" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Idp configs in your AWS account (in the specified or default region) associated with a given cluster", - "privilege": "ListIdentityProviderConfigs", + "access_level": "Write", + "description": "Grants permission to sends custom events to Amazon EventBridge", + "privilege": "PutPartnerEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon EKS nodegroups in your AWS account (in the specified or default region) attached to given cluster", - "privilege": "ListNodegroups", + "access_level": "Permissions management", + "description": "Grants permission to use the PutPermission action to grants permission to another AWS account to put events to your default event bus", + "privilege": "PutPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for the specified resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create or updates rules", + "privilege": "PutRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "rule-on-default-event-bus" }, + { + "condition_keys": [ + "events:detail.userIdentity.principalId", + "events:detail-type", + "events:source", + "events:detail.service", + "events:detail.eventTypeCode", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "events:creatorAccount", + "events:ManagedBy" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add targets to a rule", + "privilege": "PutTargets", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fargateprofile" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identityproviderconfig" + "resource_type": "rule-on-default-event-bus" }, + { + "condition_keys": [ + "events:TargetArn", + "events:creatorAccount", + "events:ManagedBy" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to revoke the permission of another AWS account to put events to your default event bus", + "privilege": "RemovePermission", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the updates for a given Amazon EKS cluster/nodegroup/add-on (in the specified or default region)", - "privilege": "ListUpdates", + "access_level": "Write", + "description": "Grants permission to removes targets from a rule", + "privilege": "RemoveTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon" + "resource_type": "rule-on-default-event-bus" }, { - "condition_keys": [], + "condition_keys": [ + "events:creatorAccount", + "events:ManagedBy" + ], "dependent_actions": [], - "resource_type": "nodegroup" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register an External cluster", - "privilege": "RegisterCluster", + "description": "Grants permission to retrieve credentials from a connection", + "privilege": "RetrieveConnectionCredentials", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to start a replay of an archive", + "privilege": "StartReplay", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon" + "resource_type": "archive*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "event-bus*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fargateprofile" + "resource_type": "replay*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add a tag to an Amazon EventBridge resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identityproviderconfig" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -91779,38 +117031,41 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to test whether an event pattern matches the provided event", + "privilege": "TestEventPattern", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove a tag from an Amazon EventBridge resource", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fargateprofile" + "resource_type": "event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "identityproviderconfig" + "resource_type": "rule-on-custom-event-bus" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup" + "resource_type": "rule-on-default-event-bus" }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "events:creatorAccount" ], "dependent_actions": [], "resource_type": "" @@ -91819,574 +117074,448 @@ }, { "access_level": "Write", - "description": "Grants permission to update Amazon EKS add-on configurations, such as the VPC-CNI version", - "privilege": "UpdateAddon", + "description": "Grants permission to update an api destination", + "privilege": "UpdateApiDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "addon*" + "resource_type": "api-destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to update Amazon EKS cluster configurations (eg: API server endpoint access)", - "privilege": "UpdateClusterConfig", + "description": "Grants permission to update an archive", + "privilege": "UpdateArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "archive*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Kubernetes version of an Amazon EKS cluster", - "privilege": "UpdateClusterVersion", + "description": "Grants permission to update a connection", + "privilege": "UpdateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "connection*" } ] }, { "access_level": "Write", - "description": "Grants permission to update Amazon EKS nodegroup configurations (eg: min/max/desired capacity or labels)", - "privilege": "UpdateNodegroupConfig", + "description": "Grants permission to update an endpoint", + "privilege": "UpdateEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "nodegroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the Kubernetes version of an Amazon EKS nodegroup", - "privilege": "UpdateNodegroupVersion", - "resource_types": [ + "resource_type": "endpoint*" + }, { - "condition_keys": [], + "condition_keys": [ + "events:EventBusArn" + ], "dependent_actions": [], - "resource_type": "nodegroup*" + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster" + "arn": "arn:${Partition}:events:${Region}::event-source/${EventSourceName}", + "condition_keys": [], + "resource": "event-source" }, { - "arn": "arn:${Partition}:eks:${Region}:${Account}:nodegroup/${ClusterName}/${NodegroupName}/${UUID}", + "arn": "arn:${Partition}:events:${Region}:${Account}:event-bus/${EventBusName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "nodegroup" + "resource": "event-bus" }, { - "arn": "arn:${Partition}:eks:${Region}:${Account}:addon/${ClusterName}/${AddonName}/${UUID}", + "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "addon" + "resource": "rule-on-default-event-bus" }, { - "arn": "arn:${Partition}:eks:${Region}:${Account}:fargateprofile/${ClusterName}/${FargateProfileName}/${UUID}", + "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${EventBusName}/${RuleName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "fargateprofile" + "resource": "rule-on-custom-event-bus" }, { - "arn": "arn:${Partition}:eks:${Region}:${Account}:identityproviderconfig/${ClusterName}/${IdentityProviderType}/${IdentityProviderConfigName}/${UUID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "identityproviderconfig" + "arn": "arn:${Partition}:events:${Region}:${Account}:archive/${ArchiveName}", + "condition_keys": [], + "resource": "archive" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:replay/${ReplayName}", + "condition_keys": [], + "resource": "replay" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:connection/${ConnectionName}", + "condition_keys": [], + "resource": "connection" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:api-destination/${ApiDestinationName}", + "condition_keys": [], + "resource": "api-destination" + }, + { + "arn": "arn:${Partition}:events:${Region}:${Account}:endpoint/${EndpointName}", + "condition_keys": [], + "resource": "endpoint" } ], - "service_name": "Amazon Elastic Kubernetes Service" + "service_name": "Amazon EventBridge" }, { - "conditions": [], - "prefix": "elastic-inference", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed the request on behalf of the IAM principal", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource that make the request on behalf of the IAM principal", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request on behalf of the IAM principal", + "type": "ArrayOfString" + } + ], + "prefix": "evidently", "privileges": [ { "access_level": "Write", - "description": "Grants permission to customer for connecting to Elastic Inference accelerator", - "privilege": "Connect", + "description": "Grants permission to send a batched evaluate feature request", + "privilege": "BatchEvaluateFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "Feature*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the locations in which a given accelerator type or set of types is present in a given region", - "privilege": "DescribeAcceleratorOfferings", + "access_level": "Write", + "description": "Grants permission to create an experiment", + "privilege": "CreateExperiment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the accelerator types available in a given region, as well as their characteristics, such as memory and throughput", - "privilege": "DescribeAcceleratorTypes", + "access_level": "Write", + "description": "Grants permission to create a feature", + "privilege": "CreateFeature", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe information over a provided set of accelerators belonging to an account", - "privilege": "DescribeAccelerators", + "access_level": "Write", + "description": "Grants permission to create a launch", + "privilege": "CreateLaunch", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags on an Amazon RDS resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a project", + "privilege": "CreateProject", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:GetRole" + ], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign one or more tags (key-value pairs) to the specified QuickSight resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a segment", + "privilege": "CreateSegment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag or tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete an experiment", + "privilege": "DeleteExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Experiment*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elastic-inference:${Region}:${Account}:elastic-inference-accelerator/${AcceleratorId}", - "condition_keys": [], - "resource": "accelerator" - } - ], - "service_name": "Amazon Elastic Inference" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticache:AtRestEncryptionEnabled", - "description": "Filters access by the AtRestEncryptionEnabled parameter present in the request or default false value if parameter is not present", - "type": "Bool" - }, - { - "condition": "elasticache:AuthTokenEnabled", - "description": "Filters access by the presence of non empty AuthToken parameter in the request", - "type": "Bool" - }, - { - "condition": "elasticache:AutomaticFailoverEnabled", - "description": "Filters access by the AutomaticFailoverEnabled parameter in the request", - "type": "Bool" - }, - { - "condition": "elasticache:CacheNodeType", - "description": "Filters access by the cacheNodeType parameter present in the request. This key can be used to restrict which cache node types can be used on cluster creation or scaling operations", - "type": "String" - }, - { - "condition": "elasticache:CacheParameterGroupName", - "description": "Filters access by the CacheParameterGroupName parameter in the request", - "type": "String" - }, - { - "condition": "elasticache:ClusterModeEnabled", - "description": "Filters access by the cluster mode parameter present in the request. Default value for single node group (shard) creations is false", - "type": "Bool" - }, - { - "condition": "elasticache:EngineType", - "description": "Filters access by the engine type present in creation requests. For replication group creations, default engine 'redis' is used as key if parameter is not present", - "type": "String" - }, - { - "condition": "elasticache:EngineVersion", - "description": "Filters access by the engineVersion parameter present in creation or cluster modification requests", - "type": "String" - }, - { - "condition": "elasticache:KmsKeyId", - "description": "Filters access by the KmsKeyId parameter in the request", - "type": "String" - }, - { - "condition": "elasticache:MultiAZEnabled", - "description": "Filters access by the AZMode parameter, MultiAZEnabled parameter or the number of availability zones that the cluster or replication group can be placed in", - "type": "Bool" - }, - { - "condition": "elasticache:NumNodeGroups", - "description": "Filters access by the NumNodeGroups or NodeGroupCount parameter specified in the request. This key can be used to restrict the number of node groups (shards) clusters can have after creation or scaling operations", - "type": "Numeric" - }, - { - "condition": "elasticache:ReplicasPerNodeGroup", - "description": "Filters access by the number of replicas per node group (shards) specified in creations or scaling requests", - "type": "Numeric" - }, - { - "condition": "elasticache:SnapshotRetentionLimit", - "description": "Filters access by the SnapshotRetentionLimit parameter in the request", - "type": "Numeric" - }, - { - "condition": "elasticache:TransitEncryptionEnabled", - "description": "Filters access by the TransitEncryptionEnabled parameter present in the request. For replication group creations, default value 'false' is used as key if parameter is not present", - "type": "Bool" - }, - { - "condition": "elasticache:UserAuthenticationMode", - "description": "Filters access by the UserAuthenticationMode parameter in the request", - "type": "String" - } - ], - "prefix": "elasticache", - "privileges": [ - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an ElastiCache resource", - "privilege": "AddTagsToResource", + "access_level": "Write", + "description": "Grants permission to delete a feature", + "privilege": "DeleteFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "parametergroup" - }, + "resource_type": "Feature*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a launch", + "privilege": "DeleteLaunch", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" - }, + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instance" - }, + "resource_type": "Project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a segment", + "privilege": "DeleteSegment", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup" - }, + "resource_type": "Segment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send an evaluate feature request", + "privilege": "EvaluateFeature", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, + "resource_type": "Feature*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get experiment details", + "privilege": "GetExperiment", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup" - }, + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get experiment result", + "privilege": "GetExperimentResults", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - }, + "resource_type": "Experiment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get feature details", + "privilege": "GetFeature", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Feature*" } ] }, { - "access_level": "Write", - "description": "Grants permission to authorize an EC2 security group on a ElastiCache security group", - "privilege": "AuthorizeCacheSecurityGroupIngress", + "access_level": "Read", + "description": "Grants permission to get launch details", + "privilege": "GetLaunch", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:AuthorizeSecurityGroupIngress" - ], - "resource_type": "securitygroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Launch*" } ] }, { - "access_level": "Write", - "description": "Grants permission to apply ElastiCache service updates to sets of clusters and replication groups", - "privilege": "BatchApplyUpdateAction", + "access_level": "Read", + "description": "Grants permission to get project details", + "privilege": "GetProject", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "s3:GetObject" - ], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "replicationgroup" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop ElastiCache service updates from being executed on a set of clusters", - "privilege": "BatchStopUpdateAction", + "access_level": "Read", + "description": "Grants permission to get segment details", + "privilege": "GetSegment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "Segment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list experiments", + "privilege": "ListExperiments", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to complete an online migration of data from hosted Redis on Amazon EC2 to ElastiCache", - "privilege": "CompleteMigration", + "access_level": "Read", + "description": "Grants permission to list features", + "privilege": "ListFeatures", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "replicationgroup" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Allows an IAM user or role to connect as a specified ElastiCache user to a node in a replication group", - "privilege": "Connect", + "access_level": "Read", + "description": "Grants permission to list launches", + "privilege": "ListLaunches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to make a copy of an existing snapshot", - "privilege": "CopySnapshot", + "access_level": "Read", + "description": "Grants permission to list projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource", - "s3:DeleteObject", - "s3:GetBucketAcl", - "s3:PutObject" - ], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticache:KmsKeyId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a cache cluster", - "privilege": "CreateCacheCluster", + "access_level": "Read", + "description": "Grants permission to list resources referencing a segment", + "privilege": "ListSegmentReferences", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticache:AddTagsToResource", - "s3:GetObject" - ], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticache:CacheNodeType", - "elasticache:EngineVersion", - "elasticache:EngineType", - "elasticache:MultiAZEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:SnapshotRetentionLimit", - "elasticache:CacheParameterGroupName" - ], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [ - "elasticache:CacheNodeType", - "elasticache:EngineVersion", - "elasticache:EngineType", - "elasticache:MultiAZEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:SnapshotRetentionLimit", - "elasticache:CacheParameterGroupName" - ], - "dependent_actions": [], - "resource_type": "replicationgroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "securitygroup" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list segments", + "privilege": "ListSegments", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for resources", + "privilege": "ListTagsForResource", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -92394,186 +117523,98 @@ }, { "access_level": "Write", - "description": "Grants permission to create a parameter group", - "privilege": "CreateCacheParameterGroup", + "description": "Grants permission to send performance events", + "privilege": "PutProjectEvents", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource" - ], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticache:CacheParameterGroupName" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a cache security group", - "privilege": "CreateCacheSecurityGroup", + "description": "Grants permission to start an experiment", + "privilege": "StartExperiment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource" - ], - "resource_type": "securitygroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Experiment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a cache subnet group", - "privilege": "CreateCacheSubnetGroup", + "description": "Grants permission to start a launch", + "privilege": "StartLaunch", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource" - ], - "resource_type": "subnetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Launch*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a global replication group", - "privilege": "CreateGlobalReplicationGroup", + "description": "Grants permission to stop an experiment", + "privilege": "StopExperiment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Experiment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a replication group", - "privilege": "CreateReplicationGroup", + "description": "Grants permission to stop a launch", + "privilege": "StopLaunch", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticache:AddTagsToResource", - "s3:GetObject" - ], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [ - "elasticache:NumNodeGroups", - "elasticache:CacheNodeType", - "elasticache:ReplicasPerNodeGroup", - "elasticache:EngineVersion", - "elasticache:EngineType", - "elasticache:AtRestEncryptionEnabled", - "elasticache:TransitEncryptionEnabled", - "elasticache:AutomaticFailoverEnabled", - "elasticache:MultiAZEnabled", - "elasticache:ClusterModeEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:SnapshotRetentionLimit", - "elasticache:KmsKeyId", - "elasticache:CacheParameterGroupName" - ], "dependent_actions": [], - "resource_type": "globalreplicationgroup" - }, + "resource_type": "Launch*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag resources", + "privilege": "TagResource", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticache:NumNodeGroups", - "elasticache:CacheNodeType", - "elasticache:ReplicasPerNodeGroup", - "elasticache:EngineVersion", - "elasticache:EngineType", - "elasticache:AtRestEncryptionEnabled", - "elasticache:TransitEncryptionEnabled", - "elasticache:AutomaticFailoverEnabled", - "elasticache:MultiAZEnabled", - "elasticache:ClusterModeEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:SnapshotRetentionLimit", - "elasticache:KmsKeyId", - "elasticache:CacheParameterGroupName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" + "resource_type": "Experiment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup" + "resource_type": "Feature" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "Launch" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup" + "resource_type": "Project" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup" + "resource_type": "Segment" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -92581,61 +117622,50 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a copy of an entire Redis cluster at a specific moment in time", - "privilege": "CreateSnapshot", + "access_level": "Read", + "description": "Grants permission to test a segment pattern", + "privilege": "TestSegmentPattern", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticache:KmsKeyId" - ], - "dependent_actions": [ - "elasticache:AddTagsToResource", - "s3:DeleteObject", - "s3:GetBucketAcl", - "s3:PutObject" - ], - "resource_type": "snapshot*" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag resources", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Experiment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "Feature" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" + "resource_type": "Launch" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a user for Redis. Users are supported from Redis 6.0 onwards", - "privilege": "CreateUser", - "resource_types": [ + "resource_type": "Project" + }, { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource" - ], - "resource_type": "user*" + "dependent_actions": [], + "resource_type": "Segment" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticache:UserAuthenticationMode" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -92644,217 +117674,203 @@ }, { "access_level": "Write", - "description": "Grants permission to create a user group for Redis. Groups are supported from Redis 6.0 onwards", - "privilege": "CreateUserGroup", + "description": "Grants permission to update experiment", + "privilege": "UpdateExperiment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource" - ], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "usergroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Experiment*" } ] }, { "access_level": "Write", - "description": "Grants permission to decrease the number of node groups in global replication groups", - "privilege": "DecreaseNodeGroupsInGlobalReplicationGroup", + "description": "Grants permission to update feature", + "privilege": "UpdateFeature", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" - }, - { - "condition_keys": [ - "elasticache:NumNodeGroups" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Feature*" } ] }, { "access_level": "Write", - "description": "Grants permission to decrease the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group", - "privilege": "DecreaseReplicaCount", + "description": "Grants permission to update a launch", + "privilege": "UpdateLaunch", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:ReplicasPerNodeGroup" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Launch*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a previously provisioned cluster", - "privilege": "DeleteCacheCluster", + "description": "Grants permission to update project", + "privilege": "UpdateProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" + "iam:CreateServiceLinkedRole", + "iam:GetRole" ], - "resource_type": "cluster*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "Project*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified cache parameter group", - "privilege": "DeleteCacheParameterGroup", + "description": "Grants permission to update project data delivery", + "privilege": "UpdateProjectDataDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:CacheParameterGroupName" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Project*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Project" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/feature/${FeatureName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Feature" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/experiment/${ExperimentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Experiment" + }, + { + "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/launch/${LaunchName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Launch" }, + { + "arn": "arn:${Partition}:evidently:${Region}:${Account}:segment/${SegmentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Segment" + } + ], + "service_name": "Amazon CloudWatch Evidently" + }, + { + "conditions": [], + "prefix": "execute-api", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a cache security group", - "privilege": "DeleteCacheSecurityGroup", + "description": "Used to invalidate API cache upon a client request", + "privilege": "InvalidateCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "execute-api-general*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a cache subnet group", - "privilege": "DeleteCacheSubnetGroup", + "description": "Used to invoke an API upon a client request", + "privilege": "Invoke", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "subnetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "execute-api-general*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing global replication group", - "privilege": "DeleteGlobalReplicationGroup", + "description": "ManageConnections controls access to the @connections API", + "privilege": "ManageConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" + "resource_type": "execute-api-general*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:execute-api:${Region}:${Account}:${ApiId}/${Stage}/${Method}/${ApiSpecificResourcePath}", + "condition_keys": [], + "resource": "execute-api-general" + } + ], + "service_name": "Amazon API Gateway" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "finspace", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete an existing replication group", - "privilege": "DeleteReplicationGroup", + "description": "Grants permission to connect to a kdb cluster", + "privilege": "ConnectKxCluster", "resource_types": [ - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "replicationgroup*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "kxCluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing snapshot", - "privilege": "DeleteSnapshot", + "description": "Grants permission to create a FinSpace environment", + "privilege": "CreateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "environment*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92863,17 +117879,33 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an existing user and thus remove it from all user groups and replication groups where it was assigned", - "privilege": "DeleteUser", + "description": "Grants permission to create a changeset for a kdb database", + "privilege": "CreateKxChangeset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "kxDatabase*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a cluster in a managed kdb environment", + "privilege": "CreateKxCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeSubnets", + "finspace:MountKxDatabase" + ], + "resource_type": "kxCluster*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92882,17 +117914,18 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an existing user group", - "privilege": "DeleteUserGroup", + "description": "Grants permission to create a kdb database in a managed kdb environment", + "privilege": "CreateKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup*" + "resource_type": "kxDatabase*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92900,18 +117933,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list information about provisioned cache clusters", - "privilege": "DescribeCacheClusters", + "access_level": "Write", + "description": "Grants permission to create a dataview in a managed kdb environment", + "privilege": "CreateKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "kxDataview*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92919,30 +117953,34 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list available cache engines and their versions", - "privilege": "DescribeCacheEngineVersions", + "access_level": "Write", + "description": "Grants permission to create a managed kdb environment", + "privilege": "CreateKxEnvironment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list cache parameter group descriptions", - "privilege": "DescribeCacheParameterGroups", + "access_level": "Write", + "description": "Grants permission to create a scaling group in a managed kdb environment", + "privilege": "CreateKxScalingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" + "resource_type": "kxScalingGroup*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92950,18 +117988,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the detailed parameter list for a particular cache parameter group", - "privilege": "DescribeCacheParameters", + "access_level": "Write", + "description": "Grants permission to create a user in a managed kdb environment", + "privilege": "CreateKxUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" + "resource_type": "kxEnvironment*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92969,18 +118008,19 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list cache security group descriptions", - "privilege": "DescribeCacheSecurityGroups", + "access_level": "Write", + "description": "Grants permission to create a volume in a managed kdb environment", + "privilege": "CreateKxVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup*" + "resource_type": "kxVolume*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -92988,18 +118028,24 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list cache subnet group descriptions", - "privilege": "DescribeCacheSubnetGroups", + "access_level": "Write", + "description": "Grants permission to create a FinSpace user", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup*" + "resource_type": "environment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -93007,600 +118053,538 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the default engine and system parameter information for the specified cache engine", - "privilege": "DescribeEngineDefaultParameters", + "access_level": "Write", + "description": "Grants permission to delete a FinSpace environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list events related to clusters, cache security groups, and cache parameter groups", - "privilege": "DescribeEvents", + "access_level": "Write", + "description": "Grants permission to delete a kdb cluster", + "privilege": "DeleteKxCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxCluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about global replication groups", - "privilege": "DescribeGlobalReplicationGroups", + "access_level": "Write", + "description": "Grants permission to delete a node from a kdb cluster", + "privilege": "DeleteKxClusterNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" + "resource_type": "kxCluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about provisioned replication groups", - "privilege": "DescribeReplicationGroups", + "access_level": "Write", + "description": "Grants permission to delete a kdb database", + "privilege": "DeleteKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about purchased reserved cache nodes", - "privilege": "DescribeReservedCacheNodes", + "access_level": "Write", + "description": "Grants permission to delete a dataview in a managed kdb environment", + "privilege": "DeleteKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instance*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDataview*" } ] }, { - "access_level": "List", - "description": "Grants permission to list available reserved cache node offerings", - "privilege": "DescribeReservedCacheNodesOfferings", + "access_level": "Write", + "description": "Grants permission to delete a managed kdb environment", + "privilege": "DeleteKxEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list details of the service updates", - "privilege": "DescribeServiceUpdates", + "access_level": "Write", + "description": "Grants permission to delete a scaling group in a managed kdb environment", + "privilege": "DeleteKxScalingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxScalingGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about cluster or replication group snapshots", - "privilege": "DescribeSnapshots", + "access_level": "Write", + "description": "Grants permission to delete a kdb user", + "privilege": "DeleteKxUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxUser*" } ] }, { - "access_level": "List", - "description": "Grants permission to list details of the update actions for a set of clusters or replication groups", - "privilege": "DescribeUpdateActions", + "access_level": "Write", + "description": "Grants permission to delete a volume in a managed kdb environment", + "privilege": "DeleteKxVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "kxVolume*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a FinSpace environment", + "privilege": "GetEnvironment", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a changeset for a kdb database", + "privilege": "GetKxChangeset", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about Redis user groups", - "privilege": "DescribeUserGroups", + "access_level": "Read", + "description": "Grants permission to describe a cluster in a managed kdb environment", + "privilege": "GetKxCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup*" - }, + "resource_type": "kxCluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a connection string for kdb clusters", + "privilege": "GetKxConnectionString", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "condition_keys": [], + "dependent_actions": [ + "finspace:ConnectKxCluster" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxCluster*" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about Redis users", - "privilege": "DescribeUsers", + "access_level": "Read", + "description": "Grants permission to describe a kdb database", + "privilege": "GetKxDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a secondary replication group from the global replication group", - "privilege": "DisassociateGlobalReplicationGroup", + "access_level": "Read", + "description": "Grants permission to describe a databiew in a managed kdb environment", + "privilege": "GetKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" + "resource_type": "kxDataview*" } ] }, { - "access_level": "Write", - "description": "Grants permission to failover the primary region to a selected secondary region of a global replication group", - "privilege": "FailoverGlobalReplicationGroup", + "access_level": "Read", + "description": "Grants permission to describe a managed kdb environment", + "privilege": "GetKxEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to increase the number of node groups in a global replication group", - "privilege": "IncreaseNodeGroupsInGlobalReplicationGroup", + "access_level": "Read", + "description": "Grants permission to describe a scaling group in a managed kdb environment", + "privilege": "GetKxScalingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" - }, + "resource_type": "kxScalingGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a kdb user", + "privilege": "GetKxUser", + "resource_types": [ { - "condition_keys": [ - "elasticache:NumNodeGroups" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxUser*" } ] }, { - "access_level": "Write", - "description": "Grants permission to increase the number of replicas in a Redis (cluster mode disabled) replication group or the number of replica nodes in one or more node groups (shards) of a Redis (cluster mode enabled) replication group", - "privilege": "IncreaseReplicaCount", + "access_level": "Read", + "description": "Grants permission to describe a volume in a managed kdb environment", + "privilege": "GetKxVolume", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:ReplicasPerNodeGroup" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxVolume*" } ] }, { - "access_level": "List", - "description": "Grants permission to list available node type that can be used to scale a particular Redis cluster or replication group", - "privilege": "ListAllowedNodeTypeModifications", + "access_level": "Read", + "description": "Grants permission to request status of the loading of sample data bundle", + "privilege": "GetLoadSampleDataSetGroupIntoEnvironmentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a FinSpace user", + "privilege": "GetUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" + "resource_type": "environment*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for an ElastiCache resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list FinSpace environments in the AWS account", + "privilege": "ListEnvironments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list changesets for a kdb database", + "privilege": "ListKxChangesets", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup" - }, + "resource_type": "kxDatabase*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list cluster nodes in a managed kdb environment", + "privilege": "ListKxClusterNodes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" - }, + "resource_type": "kxCluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list clusters in a managed kdb environment", + "privilege": "ListKxClusters", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instance" - }, + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list kdb databases in a managed kdb environment", + "privilege": "ListKxDatabases", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup" - }, + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list dataviews in a database", + "privilege": "ListKxDataviews", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, + "resource_type": "kxDatabase*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list managed kdb environments", + "privilege": "ListKxEnvironments", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list scaling groups in a managed kdb environment", + "privilege": "ListKxScalingGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - }, + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list users in a managed kdb environment", + "privilege": "ListKxUsers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup" - }, + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list volumes in a managed kdb environment", + "privilege": "ListKxVolumes", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify settings for a cluster", - "privilege": "ModifyCacheCluster", + "access_level": "List", + "description": "Grants permission to return a list of tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "elasticache:CacheNodeType", - "elasticache:EngineVersion", - "elasticache:MultiAZEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:SnapshotRetentionLimit", - "elasticache:CacheParameterGroupName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "environment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup" + "resource_type": "kxCluster*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup" + "resource_type": "kxDatabase*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify parameters of a cache parameter group", - "privilege": "ModifyCacheParameterGroup", - "resource_types": [ + "resource_type": "kxDataview*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" + "resource_type": "kxEnvironment*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:CacheParameterGroupName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify an existing cache subnet group", - "privilege": "ModifyCacheSubnetGroup", - "resource_types": [ + "resource_type": "kxScalingGroup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup*" + "resource_type": "kxUser*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxVolume*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify settings for a global replication group", - "privilege": "ModifyGlobalReplicationGroup", + "access_level": "List", + "description": "Grants permission to list FinSpace users in an environment", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" + "resource_type": "environment*" }, { - "condition_keys": [ - "elasticache:CacheNodeType", - "elasticache:EngineVersion", - "elasticache:AutomaticFailoverEnabled" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the settings for a replication group", - "privilege": "ModifyReplicationGroup", + "description": "Grants permission to load sample data bundle into your FinSpace environment", + "privilege": "LoadSampleDataSetGroupIntoEnvironment", "resource_types": [ - { - "condition_keys": [ - "elasticache:CacheNodeType", - "elasticache:EngineVersion", - "elasticache:AutomaticFailoverEnabled", - "elasticache:MultiAZEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:SnapshotRetentionLimit", - "elasticache:CacheParameterGroupName", - "elasticache:TransitEncryptionEnabled", - "elasticache:ClusterModeEnabled" - ], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "parametergroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "securitygroup" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { "access_level": "Write", - "description": "Grants permission to add shards, remove shards, or rebalance the keyspaces among existing shards of a replication group", - "privilege": "ModifyReplicationGroupShardConfiguration", + "description": "Grants permission to mount a database to a kdb cluster", + "privilege": "MountKxDatabase", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "replicationgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:NumNodeGroups" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { "access_level": "Write", - "description": "Grants permission to change Redis user password(s) and/or access string", - "privilege": "ModifyUser", + "description": "Grants permission to reset the password for a FinSpace user", + "privilege": "ResetUserPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "environment*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:UserAuthenticationMode" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change list of users that belong to the user group", - "privilege": "ModifyUserGroup", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "environment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup*" + "resource_type": "kxCluster" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to purchase a reserved cache node offering", - "privilege": "PurchaseReservedCacheNodesOffering", - "resource_types": [ + "resource_type": "kxDatabase" + }, { "condition_keys": [], - "dependent_actions": [ - "elasticache:AddTagsToResource" - ], - "resource_type": "reserved-instance*" + "dependent_actions": [], + "resource_type": "kxDataview" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to perform a key space rebalance operation to redistribute slots and ensure uniform key distribution across existing shards in a global replication group", - "privilege": "RebalanceSlotsInGlobalReplicationGroup", - "resource_types": [ + "resource_type": "kxEnvironment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "globalreplicationgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reboot some, or all, of the cache nodes within a provisioned cache cluster or replication group (cluster mode disabled)", - "privilege": "RebootCacheCluster", - "resource_types": [ + "resource_type": "kxScalingGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "kxUser" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "kxVolume" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -93609,58 +118593,52 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a ElastiCache resource", - "privilege": "RemoveTagsFromResource", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "parametergroup" + "resource_type": "environment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup" + "resource_type": "kxCluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reserved-instance" + "resource_type": "kxDatabase" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup" + "resource_type": "kxDataview" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "kxEnvironment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup" + "resource_type": "kxScalingGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "kxUser" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "usergroup" + "resource_type": "kxVolume" }, { "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -93669,315 +118647,252 @@ }, { "access_level": "Write", - "description": "Grants permission to modify parameters of a cache parameter group back to their default values", - "privilege": "ResetCacheParameterGroup", + "description": "Grants permission to update a FinSpace environment", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update code configuration for a cluster in a managed kdb environment", + "privilege": "UpdateKxClusterCodeConfiguration", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticache:CacheParameterGroupName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxCluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an EC2 security group ingress from a ElastiCache security group", - "privilege": "RevokeCacheSecurityGroupIngress", + "description": "Grants permission to update databases for a cluster in a managed kdb environment", + "privilege": "UpdateKxClusterDatabases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securitygroup*" - }, + "resource_type": "kxCluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a kdb database", + "privilege": "UpdateKxDatabase", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxDatabase*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a migration of data from hosted Redis on Amazon EC2 to ElastiCache for Redis", - "privilege": "StartMigration", + "description": "Grants permission to update a dataview in a managed kdb environment", + "privilege": "UpdateKxDataview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replicationgroup*" - }, + "resource_type": "kxDataview*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a managed kdb environment", + "privilege": "UpdateKxEnvironment", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "kxEnvironment*" } ] }, { "access_level": "Write", - "description": "Grants permission to test automatic failover on a specified node group in a replication group", - "privilege": "TestFailover", + "description": "Grants permission to update the network for a managed kdb environment", + "privilege": "UpdateKxEnvironmentNetwork", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "replicationgroup*" + "dependent_actions": [], + "resource_type": "kxEnvironment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a kdb user", + "privilege": "UpdateKxUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "kxUser*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a volume in a managed kdb environment", + "privilege": "UpdateKxVolume", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "kxVolume*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a FinSpace user", + "privilege": "UpdateUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:parametergroup:${CacheParameterGroupName}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:environment/${EnvironmentId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "elasticache:CacheParameterGroupName" + "aws:ResourceTag/${TagKey}" ], - "resource": "parametergroup" + "resource": "environment" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:securitygroup:${CacheSecurityGroupName}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:user/${UserId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], - "resource": "securitygroup" + "resource": "user" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:subnetgroup:${CacheSubnetGroupName}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], - "resource": "subnetgroup" + "resource": "kxEnvironment" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:replicationgroup:${ReplicationGroupId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxUser/${UserName}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "elasticache:AtRestEncryptionEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:AutomaticFailoverEnabled", - "elasticache:CacheNodeType", - "elasticache:CacheParameterGroupName", - "elasticache:ClusterModeEnabled", - "elasticache:EngineType", - "elasticache:EngineVersion", - "elasticache:KmsKeyId", - "elasticache:MultiAZEnabled", - "elasticache:NumNodeGroups", - "elasticache:ReplicasPerNodeGroup", - "elasticache:SnapshotRetentionLimit", - "elasticache:TransitEncryptionEnabled" + "aws:ResourceTag/${TagKey}" ], - "resource": "replicationgroup" + "resource": "kxUser" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:cluster:${CacheClusterId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxCluster/${KxCluster}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "elasticache:AuthTokenEnabled", - "elasticache:CacheNodeType", - "elasticache:CacheParameterGroupName", - "elasticache:EngineType", - "elasticache:EngineVersion", - "elasticache:MultiAZEnabled", - "elasticache:SnapshotRetentionLimit" + "aws:ResourceTag/${TagKey}" ], - "resource": "cluster" + "resource": "kxCluster" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:reserved-instance:${ReservedCacheNodeId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], - "resource": "reserved-instance" + "resource": "kxDatabase" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:snapshot:${SnapshotName}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxScalingGroup/${KxScalingGroup}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "elasticache:KmsKeyId" + "aws:ResourceTag/${TagKey}" ], - "resource": "snapshot" + "resource": "kxScalingGroup" }, { - "arn": "arn:${Partition}:elasticache::${Account}:globalreplicationgroup:${GlobalReplicationGroupId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}/kxDataview/${KxDataview}", "condition_keys": [ - "elasticache:AtRestEncryptionEnabled", - "elasticache:AuthTokenEnabled", - "elasticache:AutomaticFailoverEnabled", - "elasticache:CacheNodeType", - "elasticache:CacheParameterGroupName", - "elasticache:ClusterModeEnabled", - "elasticache:EngineType", - "elasticache:EngineVersion", - "elasticache:KmsKeyId", - "elasticache:MultiAZEnabled", - "elasticache:NumNodeGroups", - "elasticache:ReplicasPerNodeGroup", - "elasticache:SnapshotRetentionLimit", - "elasticache:TransitEncryptionEnabled" + "aws:ResourceTag/${TagKey}" ], - "resource": "globalreplicationgroup" + "resource": "kxDataview" }, { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:user:${UserId}", + "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxVolume/${KxVolume}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "elasticache:UserAuthenticationMode" + "aws:ResourceTag/${TagKey}" ], - "resource": "user" - }, + "resource": "kxVolume" + } + ], + "service_name": "Amazon FinSpace" + }, + { + "conditions": [], + "prefix": "finspace-api", + "privileges": [ { - "arn": "arn:${Partition}:elasticache:${Region}:${Account}:usergroup:${UserGroupId}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], - "resource": "usergroup" + "access_level": "Read", + "description": "Grants permission to retrieve FinSpace programmatic access credentials", + "privilege": "GetProgrammaticAccessCredentials", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "credential*" + } + ] } ], - "service_name": "Amazon ElastiCache" + "resources": [ + { + "arn": "arn:${Partition}:finspace-api:${Region}:${Account}:/credentials/programmatic", + "condition_keys": [], + "resource": "credential" + } + ], + "service_name": "Amazon FinSpace API" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters actions based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters actions based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters actions based on the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "elasticbeanstalk:FromApplication", - "description": "Filters access by an application as a dependency or a constraint on an input parameter", - "type": "ARN" - }, - { - "condition": "elasticbeanstalk:FromApplicationVersion", - "description": "Filters access by an application version as a dependency or a constraint on an input parameter", - "type": "ARN" - }, - { - "condition": "elasticbeanstalk:FromConfigurationTemplate", - "description": "Filters access by a configuration template as a dependency or a constraint on an input parameter", - "type": "ARN" - }, - { - "condition": "elasticbeanstalk:FromEnvironment", - "description": "Filters access by an environment as a dependency or a constraint on an input parameter", - "type": "ARN" - }, - { - "condition": "elasticbeanstalk:FromPlatform", - "description": "Filters access by a platform as a dependency or a constraint on an input parameter", - "type": "ARN" - }, - { - "condition": "elasticbeanstalk:FromSolutionStack", - "description": "Filters access by a solution stack as a dependency or a constraint on an input parameter", - "type": "ARN" - }, - { - "condition": "elasticbeanstalk:InApplication", - "description": "Filters access by the application that contains the resource that the action operates on", - "type": "ARN" } ], - "prefix": "elasticbeanstalk", + "prefix": "firehose", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel in-progress environment configuration update or application version deployment", - "privilege": "AbortEnvironmentUpdate", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an Elastic Beanstalk resource and to update tag values", - "privilege": "AddTags", + "description": "Grants permission to create a delivery stream", + "privilege": "CreateDeliveryStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" + "resource_type": "deliverystream*" }, { "condition_keys": [ @@ -93991,34 +118906,32 @@ }, { "access_level": "Write", - "description": "Grants permission to apply a scheduled managed action immediately", - "privilege": "ApplyEnvironmentManagedAction", + "description": "Grants permission to delete a delivery stream and its data", + "privilege": "DeleteDeliveryStream", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "deliverystream*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate an operations role with an environment", - "privilege": "AssociateEnvironmentOperationsRole", + "access_level": "Read", + "description": "Grants permission to describe the specified delivery stream and gets the status", + "privilege": "DescribeDeliveryStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "deliverystream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check CNAME availability", - "privilege": "CheckDNSAvailability", + "access_level": "List", + "description": "Grants permission to list your delivery streams", + "privilege": "ListDeliveryStreams", "resource_types": [ { "condition_keys": [], @@ -94028,117 +118941,77 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a group of environments, each running a separate component of a single application", - "privilege": "ComposeEnvironments", + "access_level": "List", + "description": "Grants permission to list the tags for the specified delivery stream", + "privilege": "ListTagsForDeliveryStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" + "resource_type": "deliverystream*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new application", - "privilege": "CreateApplication", + "description": "Grants permission to write a single data record into an Amazon Kinesis Firehose delivery stream", + "privilege": "PutRecord", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "deliverystream*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an application version for an application", - "privilege": "CreateApplicationVersion", + "description": "Grants permission to write multiple data records into a delivery stream in a single call, which can achieve higher throughput per producer than when writing single records", + "privilege": "PutRecordBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "deliverystream*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a configuration template", - "privilege": "CreateConfigurationTemplate", + "description": "Grants permission to enable server-side encryption (SSE) for the delivery stream", + "privilege": "StartDeliveryStreamEncryption", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "configurationtemplate*" - }, + "resource_type": "deliverystream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disable the specified destination of the specified delivery stream", + "privilege": "StopDeliveryStreamEncryption", + "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:FromApplication", - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromEnvironment", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deliverystream*" } ] }, { - "access_level": "Write", - "description": "Grants permission to launch an environment for an application", - "privilege": "CreateEnvironment", + "access_level": "Tagging", + "description": "Grants permission to add or update tags for the specified delivery stream", + "privilege": "TagDeliveryStream", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "deliverystream*" }, { "condition_keys": [ - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -94148,18 +119021,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new version of a custom platform", - "privilege": "CreatePlatformVersion", + "access_level": "Tagging", + "description": "Grants permission to remove tags from the specified delivery stream", + "privilege": "UntagDeliveryStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "platform*" + "resource_type": "deliverystream*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -94169,320 +119041,328 @@ }, { "access_level": "Write", - "description": "Grants permission to create the Amazon S3 storage location for the account", - "privilege": "CreateStorageLocation", + "description": "Grants permission to update the specified destination of the specified delivery stream", + "privilege": "UpdateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deliverystream*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:firehose:${Region}:${Account}:deliverystream/${DeliveryStreamName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deliverystream" + } + ], + "service_name": "Amazon Kinesis Firehose" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to delete an application along with all associated versions and configurations", - "privilege": "DeleteApplication", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to delete an application version from an application", - "privilege": "DeleteApplicationVersion", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion*" - } - ] + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" }, { - "access_level": "Write", - "description": "Grants permission to delete a configuration template", - "privilege": "DeleteConfigurationTemplate", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate*" - } - ] + "condition": "fis:Operations", + "description": "Filters access by the list of operations on the AWS service that is being affected by the AWS FIS action", + "type": "ArrayOfString" }, + { + "condition": "fis:Percentage", + "description": "Filters access by the percentage of calls being affected by the AWS FIS action", + "type": "Numeric" + }, + { + "condition": "fis:Service", + "description": "Filters access by the AWS service that is being affected by the AWS FIS action", + "type": "String" + }, + { + "condition": "fis:Targets", + "description": "Filters access by the list of resource ARNs being targeted by the AWS FIS action", + "type": "ArrayOfString" + } + ], + "prefix": "fis", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete the draft configuration associated with the running environment", - "privilege": "DeleteEnvironmentConfiguration", + "description": "Grants permission to create an AWS FIS experiment template", + "privilege": "CreateExperimentTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "action*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment-template*" + }, { "condition_keys": [ - "elasticbeanstalk:InApplication" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a version of a custom platform", - "privilege": "DeletePlatformVersion", + "description": "Grants permission to create an AWS FIS target account configuration", + "privilege": "CreateTargetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "platform*" + "resource_type": "experiment-template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of account attributes, including resource quotas", - "privilege": "DescribeAccountAttributes", + "access_level": "Write", + "description": "Grants permission to delete the AWS FIS experiment template", + "privilege": "DeleteExperimentTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of application versions stored in an AWS Elastic Beanstalk storage bucket", - "privilege": "DescribeApplicationVersions", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion" + "resource_type": "experiment-template*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the descriptions of existing applications", - "privilege": "DescribeApplications", + "access_level": "Write", + "description": "Grants permission to delete an AWS FIS target account configuration", + "privilege": "DeleteTargetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "experiment-template*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve descriptions of environment configuration options", - "privilege": "DescribeConfigurationOptions", + "description": "Grants permission to retrieve an AWS FIS action", + "privilege": "GetAction", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "configurationtemplate" + "resource_type": "action*" }, { "condition_keys": [ - "elasticbeanstalk:InApplication" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "solutionstack" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a description of the settings for a configuration set", - "privilege": "DescribeConfigurationSettings", + "description": "Grants permission to retrieve an AWS FIS experiment", + "privilege": "GetExperiment", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "configurationtemplate" + "resource_type": "experiment*" }, { "condition_keys": [ - "elasticbeanstalk:InApplication" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the overall health of an environment", - "privilege": "DescribeEnvironmentHealth", + "description": "Grants permission to retrieve an AWS FIS target account configuration for an AWS FIS experiment", + "privilege": "GetExperimentTargetAccountConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "experiment*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of an environment's completed and failed managed actions", - "privilege": "DescribeEnvironmentManagedActionHistory", + "description": "Grants permission to retrieve an AWS FIS Experiment Template", + "privilege": "GetExperimentTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment-template*" + }, { "condition_keys": [ - "elasticbeanstalk:InApplication" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of an environment's upcoming and in-progress managed actions", - "privilege": "DescribeEnvironmentManagedActions", + "description": "Grants permission to retrieve an AWS FIS target account configuration for an AWS FIS experiment template", + "privilege": "GetTargetAccountConfiguration", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "experiment-template*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of AWS resources for an environment", - "privilege": "DescribeEnvironmentResources", + "description": "Grants permission to get information about the specified resource type", + "privilege": "GetTargetResourceType", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve descriptions for existing environments", - "privilege": "DescribeEnvironments", + "access_level": "Write", + "description": "Grants permission to inject an API internal error on the provided AWS service from an FIS Experiment", + "privilege": "InjectApiInternalError", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "experiment*" + }, { "condition_keys": [ - "elasticbeanstalk:InApplication" + "fis:Service", + "fis:Operations", + "fis:Percentage", + "fis:Targets" ], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of event descriptions matching a set of criteria", - "privilege": "DescribeEvents", + "access_level": "Write", + "description": "Grants permission to inject an API throttle error on the provided AWS service from an FIS Experiment", + "privilege": "InjectApiThrottleError", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate" + "resource_type": "experiment*" }, { "condition_keys": [ - "elasticbeanstalk:InApplication" + "fis:Service", + "fis:Operations", + "fis:Percentage", + "fis:Targets" ], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve more detailed information about the health of environment instances", - "privilege": "DescribeInstancesHealth", + "access_level": "Write", + "description": "Grants permission to inject an API unavailable error on the provided AWS service from an FIS Experiment", + "privilege": "InjectApiUnavailableError", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "experiment*" + }, + { + "condition_keys": [ + "fis:Service", + "fis:Operations", + "fis:Percentage", + "fis:Targets" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a description of a platform version", - "privilege": "DescribePlatformVersion", + "access_level": "List", + "description": "Grants permission to list all available AWS FIS actions", + "privilege": "ListActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "platform" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate an operations role with an environment", - "privilege": "DisassociateEnvironmentOperationsRole", + "access_level": "List", + "description": "Grants permission to list resolved targets for AWS FIS experiments", + "privilege": "ListExperimentResolvedTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "experiment*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the available solution stack names", - "privilege": "ListAvailableSolutionStacks", + "description": "Grants permission to list target account configurations for AWS FIS experiments", + "privilege": "ListExperimentTargetAccountConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "solutionstack" + "resource_type": "experiment*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the available platform branches", - "privilege": "ListPlatformBranches", + "description": "Grants permission to list all available AWS FIS experiment templates", + "privilege": "ListExperimentTemplates", "resource_types": [ { "condition_keys": [], @@ -94493,277 +119373,125 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the available platforms", - "privilege": "ListPlatformVersions", + "description": "Grants permission to list all available AWS FIS experiments", + "privilege": "ListExperiments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "platform" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of tags of an Elastic Beanstalk resource", + "description": "Grants permission to list the tags for an AWS FIS resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" + "resource_type": "action" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "experiment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "platform" + "resource_type": "experiment-template" } ] }, { - "access_level": "Write", - "description": "Grants permission to submit instance statistics for enhanced health", - "privilege": "PutInstanceStatistics", + "access_level": "List", + "description": "Grants permission to list target account configurations for AWS FIS experiment templates", + "privilege": "ListTargetAccountConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete and recreate all of the AWS resources for an environment and to force a restart", - "privilege": "RebuildEnvironment", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "experiment-template*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Elastic Beanstalk resource", - "privilege": "RemoveTags", + "access_level": "List", + "description": "Grants permission to list the resource types", + "privilege": "ListTargetResourceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "applicationversion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "platform" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, - { - "access_level": "Read", - "description": "Grants permission to initiate a request to compile information of the deployed environment", - "privilege": "RequestEnvironmentInfo", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to request an environment to restart the application container server running on each Amazon EC2 instance", - "privilege": "RestartAppServer", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the compiled information from a RequestEnvironmentInfo request", - "privilege": "RetrieveEnvironmentInfo", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, { "access_level": "Write", - "description": "Grants permission to swap the CNAMEs of two environments", - "privilege": "SwapEnvironmentCNAMEs", + "description": "Grants permission to run an AWS FIS experiment", + "privilege": "StartExperiment", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "experiment*" }, - { - "condition_keys": [ - "elasticbeanstalk:FromEnvironment" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to terminate an environment", - "privilege": "TerminateEnvironment", - "resource_types": [ - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "environment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an application with specified properties", - "privilege": "UpdateApplication", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the application version lifecycle policy associated with the application", - "privilege": "UpdateApplicationResourceLifecycle", - "resource_types": [ + "resource_type": "experiment-template*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an application version with specified properties", - "privilege": "UpdateApplicationVersion", + "description": "Grants permission to stop an AWS FIS experiment", + "privilege": "StopExperiment", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationversion*" + "resource_type": "experiment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a configuration template with specified properties or configuration option values", - "privilege": "UpdateConfigurationTemplate", + "access_level": "Tagging", + "description": "Grants permission to tag AWS FIS resources", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "configurationtemplate*" + "resource_type": "action" }, { - "condition_keys": [ - "elasticbeanstalk:FromApplication", - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromEnvironment", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an environment", - "privilege": "UpdateEnvironment", - "resource_types": [ + "resource_type": "experiment" + }, { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "experiment-template" }, { "condition_keys": [ - "elasticbeanstalk:FromApplicationVersion", - "elasticbeanstalk:FromConfigurationTemplate", - "elasticbeanstalk:FromSolutionStack", - "elasticbeanstalk:FromPlatform" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -94772,33 +119500,47 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add tags to an Elastic Beanstalk resource, remove tags, and to update tag values", - "privilege": "UpdateTagsForResource", + "description": "Grants permission to untag AWS FIS resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "action" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationversion" + "resource_type": "experiment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurationtemplate" + "resource_type": "experiment-template" }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified AWS FIS experiment template", + "privilege": "UpdateExperimentTemplate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "experiment-template*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "platform" + "resource_type": "action" }, { "condition_keys": [ @@ -94811,139 +119553,130 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to check the validity of a set of configuration settings for a configuration template or an environment", - "privilege": "ValidateConfigurationSettings", + "access_level": "Write", + "description": "Grants permission to update an AWS FIS target account configuration", + "privilege": "UpdateTargetAccountConfiguration", "resource_types": [ { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], - "dependent_actions": [], - "resource_type": "configurationtemplate" - }, - { - "condition_keys": [ - "elasticbeanstalk:InApplication" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "experiment-template*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}", + "arn": "arn:${Partition}:fis:${Region}:${Account}:action/${Id}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticbeanstalk:InApplication" - ], - "resource": "applicationversion" + "resource": "action" }, { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}", + "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment/${Id}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticbeanstalk:InApplication" + "aws:ResourceTag/${TagKey}" ], - "resource": "configurationtemplate" + "resource": "experiment" }, { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}", + "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment-template/${Id}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticbeanstalk:InApplication" + "aws:ResourceTag/${TagKey}" ], - "resource": "environment" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}::solutionstack/${SolutionStackName}", - "condition_keys": [], - "resource": "solutionstack" - }, - { - "arn": "arn:${Partition}:elasticbeanstalk:${Region}::platform/${PlatformNameWithVersion}", - "condition_keys": [], - "resource": "platform" + "resource": "experiment-template" } ], - "service_name": "AWS Elastic Beanstalk" + "service_name": "AWS Fault Injection Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", + "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", + "description": "Filters access by the the presence of tag keys in the request", "type": "ArrayOfString" - }, + } + ], + "prefix": "fms", + "privileges": [ { - "condition": "elasticfilesystem:AccessPointArn", - "description": "Filters access by the ARN of the access point used to mount the file system", - "type": "String" + "access_level": "Write", + "description": "Grants permission to set the AWS Firewall Manager administrator account and enables the service in all organization accounts", + "privilege": "AssociateAdminAccount", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "elasticfilesystem:AccessedViaMountTarget", - "description": "Filters access by whether the file system is accessed via mount targets", - "type": "Bool" + "access_level": "Write", + "description": "Grants permission to set the Firewall Manager administrator as a tenant administrator of a third-party firewall service", + "privilege": "AssociateThirdPartyFirewall", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "elasticfilesystem:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" + "access_level": "Write", + "description": "Grants permission to associate resources to an AWS Firewall Manager resource set", + "privilege": "BatchAssociateResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resource-set*" + } + ] }, - { - "condition": "elasticfilesystem:Encrypted", - "description": "Filters access by whether users can create only encrypted or unencrypted file systems", - "type": "Bool" - } - ], - "prefix": "elasticfilesystem", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to start a backup job for an existing file system", - "privilege": "Backup", + "description": "Grants permission to disassociate resources from an AWS Firewall Manager resource set", + "privilege": "BatchDisassociateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "resource-set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to allow an NFS client read-access to a file system", - "privilege": "ClientMount", + "access_level": "Write", + "description": "Grants permission to permanently deletes an AWS Firewall Manager applications list", + "privilege": "DeleteAppsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - }, + "resource_type": "applications-list*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to notify the FM administrator about major FM events and errors across the organization", + "privilege": "DeleteNotificationChannel", + "resource_types": [ { - "condition_keys": [ - "elasticfilesystem:AccessPointArn", - "elasticfilesystem:AccessedViaMountTarget" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -94951,18 +119684,17 @@ }, { "access_level": "Write", - "description": "Grants permission to allow an NFS client root-access to a file system", - "privilege": "ClientRootAccess", + "description": "Grants permission to permanently delete an AWS Firewall Manager policy", + "privilege": "DeletePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "policy*" }, { "condition_keys": [ - "elasticfilesystem:AccessPointArn", - "elasticfilesystem:AccessedViaMountTarget" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -94971,38 +119703,29 @@ }, { "access_level": "Write", - "description": "Grants permission to allow an NFS client write-access to a file system", - "privilege": "ClientWrite", + "description": "Grants permission to permanently deletes an AWS Firewall Manager protocols list", + "privilege": "DeleteProtocolsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "elasticfilesystem:AccessPointArn", - "elasticfilesystem:AccessedViaMountTarget" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "protocols-list*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an access point for the specified file system", - "privilege": "CreateAccessPoint", + "description": "Grants permission to permanently delete an AWS Firewall Manager resource set", + "privilege": "DeleteResourceSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "resource-set*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -95011,15 +119734,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new, empty file system", - "privilege": "CreateFileSystem", + "description": "Grants permission to disassociate the account that has been set as the AWS Firewall Manager administrator account and and disables the service in all organization accounts", + "privilege": "DisassociateAdminAccount", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticfilesystem:Encrypted" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -95027,148 +119746,152 @@ }, { "access_level": "Write", - "description": "Grants permission to create a mount target for a file system", - "privilege": "CreateMountTarget", + "description": "Grants permission to disassociate a Firewall Manager administrator from a third-party firewall tenant", + "privilege": "DisassociateThirdPartyFirewall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new replication configuration", - "privilege": "CreateReplicationConfiguration", + "access_level": "Read", + "description": "Grants permission to return the AWS Organizations account that is associated with AWS Firewall Manager as the AWS Firewall Manager administrator", + "privilege": "GetAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource", - "privilege": "CreateTags", + "access_level": "Read", + "description": "Grants permission to return information about the specified account's administrative scope", + "privilege": "GetAdminScope", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified access point", - "privilege": "DeleteAccessPoint", + "access_level": "Read", + "description": "Grants permission to return information about the specified AWS Firewall Manager applications list", + "privilege": "GetAppsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-point*" + "resource_type": "applications-list*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a file system, permanently severing access to its contents", - "privilege": "DeleteFileSystem", + "access_level": "Read", + "description": "Grants permission to retrieve detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy", + "privilege": "GetComplianceDetail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "policy*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the resource-level policy for a file system", - "privilege": "DeleteFileSystemPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs", + "privilege": "GetNotificationChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified mount target", - "privilege": "DeleteMountTarget", + "access_level": "Read", + "description": "Grants permission to retrieve information about the specified AWS Firewall Manager policy", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a replication configuration", - "privilege": "DeleteReplicationConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve policy-level attack summary information in the event of a potential DDoS attack", + "privilege": "GetProtectionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "policy*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource", - "privilege": "DeleteTags", + "access_level": "Read", + "description": "Grants permission to return information about the specified AWS Firewall Manager protocols list", + "privilege": "GetProtocolsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - }, + "resource_type": "protocols-list*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the specified AWS Firewall Manager resource set", + "privilege": "GetResourceSet", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resource-set*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the descriptions of Amazon EFS access points", - "privilege": "DescribeAccessPoints", + "access_level": "Read", + "description": "Grants permission to retrieve the onboarding status of a Firewall Manager administrator account to third-party firewall vendor tenant", + "privilege": "GetThirdPartyFirewallAssociationStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-point" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve violations for a resource based on the specified AWS Firewall Manager policy and AWS account", + "privilege": "GetViolationDetails", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "policy*" } ] }, { "access_level": "List", - "description": "Grants permission to view the account preferences in effect for an account", - "privilege": "DescribeAccountPreferences", + "description": "Grants permission to return a AdminAccounts object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by AssociateAdminAccount", + "privilege": "ListAdminAccountsForOrganization", "resource_types": [ { "condition_keys": [], @@ -95178,215 +119901,270 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the BackupPolicy object for an Amazon EFS file system", - "privilege": "DescribeBackupPolicy", + "access_level": "List", + "description": "Grants permission to list the accounts that are managing the specified AWS Organizations member account", + "privilege": "ListAdminsManagingAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the resource-level policy for an Amazon EFS file system", - "privilege": "DescribeFileSystemPolicy", + "access_level": "List", + "description": "Grants permission to return an array of AppsListDataSummary objects", + "privilege": "ListAppsLists", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called", - "privilege": "DescribeFileSystems", + "description": "Grants permission to retrieve an array of PolicyComplianceStatus objects in the response. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy", + "privilege": "ListComplianceStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system", - "privilege": "DescribeLifecycleConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve an array of resources in the organization's accounts that are available to be associated with a resource set", + "privilege": "ListDiscoveredResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the security groups in effect for a mount target", - "privilege": "DescribeMountTargetSecurityGroups", + "access_level": "List", + "description": "Grants permission to retrieve an array of member account ids if the caller is FMS admin account", + "privilege": "ListMemberAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system", - "privilege": "DescribeMountTargets", + "access_level": "List", + "description": "Grants permission to retrieve an array of PolicySummary objects in the response", + "privilege": "ListPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return an array of ProtocolsListDataSummary objects", + "privilege": "ListProtocolsLists", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-point" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called", - "privilege": "DescribeReplicationConfigurations", + "description": "Grants permission to retrieve an array of resources that are currently associated to a resource set", + "privilege": "ListResourceSetResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "resource-set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the tags associated with a file system", - "privilege": "DescribeTags", + "access_level": "List", + "description": "Grants permission to retrieve an array of ResourceSetSummary objects", + "privilege": "ListResourceSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the tags associated with the specified Amazon EFS resource", + "description": "Grants permission to list Tags for a given resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-point" - }, + "resource_type": "policy*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account", + "privilege": "ListThirdPartyFirewallFirewallPolicies", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the set of security groups in effect for a mount target", - "privilege": "ModifyMountTargetSecurityGroups", + "description": "Grants permission to create or update an Firewall Manager administrator account", + "privilege": "PutAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the account preferences of an account", - "privilege": "PutAccountPreferences", + "description": "Grants permission to create an AWS Firewall Manager applications list", + "privilege": "PutAppsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "applications-list*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object", - "privilege": "PutBackupPolicy", + "description": "Grants permission to designate the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager (FM) could use to notify the FM administrator about major FM events and errors across the organization", + "privilege": "PutNotificationChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system", - "privilege": "PutFileSystemPolicy", + "access_level": "Write", + "description": "Grants permission to create an AWS Firewall Manager policy", + "privilege": "PutPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object", - "privilege": "PutLifecycleConfiguration", + "description": "Grants permission to creates an AWS Firewall Manager protocols list", + "privilege": "PutProtocolsList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "protocols-list*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a restore job for a backup of a file system", - "privilege": "Restore", + "description": "Grants permission to create an AWS Firewall Manager resource set", + "privilege": "PutResourceSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "resource-set*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to create or overwrite tags associated with the specified Amazon EFS resource", + "description": "Grants permission to add a Tag to a given resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-point" + "resource_type": "applications-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "protocols-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resource-set" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticfilesystem:CreateAction" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95395,18 +120173,28 @@ }, { "access_level": "Tagging", - "description": "Grants permission to delete the specified tags from an Amazon EFS resource", + "description": "Grants permission to remove a Tag from a given resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-point" + "resource_type": "applications-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "protocols-list" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resource-set" }, { "condition_keys": [ @@ -95416,90 +120204,69 @@ "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system", - "privilege": "UpdateFileSystem", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:file-system/${FileSystemId}", + "arn": "arn:${Partition}:fms:${Region}:${Account}:policy/${Id}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "file-system" + "resource": "policy" }, { - "arn": "arn:${Partition}:elasticfilesystem:${Region}:${Account}:access-point/${AccessPointId}", + "arn": "arn:${Partition}:fms:${Region}:${Account}:applications-list/${Id}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "access-point" + "resource": "applications-list" + }, + { + "arn": "arn:${Partition}:fms:${Region}:${Account}:protocols-list/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "protocols-list" + }, + { + "arn": "arn:${Partition}:fms:${Region}:${Account}:resource-set/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "resource-set" } ], - "service_name": "Amazon Elastic File System" + "service_name": "AWS Firewall Manager" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ResourceTag/", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" } ], - "prefix": "elasticloadbalancing", + "prefix": "forecast", "privileges": [ { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", - "privilege": "AddTags", + "access_level": "Write", + "description": "Grants permission to create an auto predictor", + "privilege": "CreateAutoPredictor", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:CreateAction" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95508,18 +120275,18 @@ }, { "access_level": "Write", - "description": "Grants permission to associate one or more security groups with your load balancer in a virtual private cloud (VPC)", - "privilege": "ApplySecurityGroupsToLoadBalancer", + "description": "Grants permission to create a dataset", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "dataset*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95528,18 +120295,18 @@ }, { "access_level": "Write", - "description": "Grants permission to add one or more subnets to the set of configured subnets for the specified load balancer", - "privilege": "AttachLoadBalancerToSubnets", + "description": "Grants permission to create a dataset group", + "privilege": "CreateDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "datasetGroup*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95548,18 +120315,18 @@ }, { "access_level": "Write", - "description": "Grants permission to specify the health check settings to use when evaluating the health state of your back-end instances", - "privilege": "ConfigureHealthCheck", + "description": "Grants permission to create a dataset import job", + "privilege": "CreateDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "datasetImportJob*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95568,18 +120335,18 @@ }, { "access_level": "Write", - "description": "Grants permission to generate a stickiness policy with sticky session lifetimes that follow that of an application-generated cookie", - "privilege": "CreateAppCookieStickinessPolicy", + "description": "Grants permission to create an explainability", + "privilege": "CreateExplainability", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "forecast*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95588,18 +120355,18 @@ }, { "access_level": "Write", - "description": "Grants permission to generate a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent) or a specified expiration period", - "privilege": "CreateLBCookieStickinessPolicy", + "description": "Grants permission to create an explainability export using an explainability resource", + "privilege": "CreateExplainabilityExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "explainability*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95608,22 +120375,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a load balancer", - "privilege": "CreateLoadBalancer", + "description": "Grants permission to create a forecast", + "privilege": "CreateForecast", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "loadbalancer" + "dependent_actions": [], + "resource_type": "predictor*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95632,18 +120395,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create one or more listeners for the specified load balancer", - "privilege": "CreateLoadBalancerListeners", + "description": "Grants permission to create an endpoint using a Predictor resource", + "privilege": "CreateForecastEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "predictor*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95652,18 +120415,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a policy with the specified attributes for the specified load balancer", - "privilege": "CreateLoadBalancerPolicy", + "description": "Grants permission to create a forecast export job using a forecast resource", + "privilege": "CreateForecastExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "forecast*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95672,18 +120435,18 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified load balancer", - "privilege": "DeleteLoadBalancer", + "description": "Grants permission to create an monitor using a Predictor resource", + "privilege": "CreateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "predictor*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95692,18 +120455,18 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified listeners from the specified load balancer", - "privilege": "DeleteLoadBalancerListeners", + "description": "Grants permission to create a predictor", + "privilege": "CreatePredictor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "datasetGroup*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95712,18 +120475,18 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified policy from the specified load balancer. This policy must not be enabled for any listeners", - "privilege": "DeleteLoadBalancerPolicy", + "description": "Grants permission to create a predictor backtest export job using a predictor", + "privilege": "CreatePredictorBacktestExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "predictor*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95732,18 +120495,18 @@ }, { "access_level": "Write", - "description": "Grants permission to deregister the specified instances from the specified load balancer", - "privilege": "DeregisterInstancesFromLoadBalancer", + "description": "Grants permission to create a what-if analysis", + "privilege": "CreateWhatIfAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "forecast*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -95751,610 +120514,510 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe the state of the specified instances with respect to the specified load balancer", - "privilege": "DescribeInstanceHealth", + "access_level": "Write", + "description": "Grants permission to create a what-if forecast", + "privilege": "CreateWhatIfForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "whatIfAnalysis*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified load balancer", - "privilege": "DescribeLoadBalancerAttributes", + "access_level": "Write", + "description": "Grants permission to create a what-if forecast export using what-if forecast resources", + "privilege": "CreateWhatIfForecastExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "whatIfForecast*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the specified policies", - "privilege": "DescribeLoadBalancerPolicies", + "access_level": "Write", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the specified load balancer policy types", - "privilege": "DescribeLoadBalancerPolicyTypes", + "access_level": "Write", + "description": "Grants permission to delete a dataset group", + "privilege": "DeleteDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", - "privilege": "DescribeLoadBalancers", + "access_level": "Write", + "description": "Grants permission to delete a dataset import job", + "privilege": "DeleteDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetImportJob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the tags associated with the specified load balancers", - "privilege": "DescribeTags", + "access_level": "Write", + "description": "Grants permission to delete an explainability", + "privilege": "DeleteExplainability", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "explainability*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the specified subnets from the set of configured subnets for the load balancer", - "privilege": "DetachLoadBalancerFromSubnets", + "description": "Grants permission to delete an explainability export", + "privilege": "DeleteExplainabilityExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "explainabilityExport*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the specified Availability Zones from the set of Availability Zones for the specified load balancer", - "privilege": "DisableAvailabilityZonesForLoadBalancer", + "description": "Grants permission to delete a forecast", + "privilege": "DeleteForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "forecast*" } ] }, { "access_level": "Write", - "description": "Grants permission to add the specified Availability Zones to the set of Availability Zones for the specified load balancer", - "privilege": "EnableAvailabilityZonesForLoadBalancer", + "description": "Grants permission to delete an endpoint resource", + "privilege": "DeleteForecastEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the attributes of the specified load balancer", - "privilege": "ModifyLoadBalancerAttributes", + "description": "Grants permission to delete a forecast export job", + "privilege": "DeleteForecastExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "forecastExport*" } ] }, { "access_level": "Write", - "description": "Grants permission to add the specified instances to the specified load balancer", - "privilege": "RegisterInstancesWithLoadBalancer", + "description": "Grants permission to delete a monitor resource", + "privilege": "DeleteMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified load balancer", - "privilege": "RemoveTags", + "access_level": "Write", + "description": "Grants permission to delete a predictor", + "privilege": "DeletePredictor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the certificate that terminates the specified listener's SSL connections", - "privilege": "SetLoadBalancerListenerSSLCertificate", + "description": "Grants permission to delete a predictor backtest export job", + "privilege": "DeletePredictorBacktestExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "predictorBacktestExportJob*" } ] }, { "access_level": "Write", - "description": "Grants permission to replace the set of policies associated with the specified port on which the back-end server is listening with a new set of policies", - "privilege": "SetLoadBalancerPoliciesForBackendServer", + "description": "Grants permission to delete a resource and its child resources", + "privilege": "DeleteResourceTree", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "dataset*" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to replace the current set of policies for the specified load balancer port with the specified set of policies", - "privilege": "SetLoadBalancerPoliciesOfListener", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer*" + "resource_type": "datasetGroup*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/${LoadBalancerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], - "resource": "loadbalancer" - } - ], - "service_name": "AWS Elastic Load Balancing" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "elasticloadbalancing:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" - }, - { - "condition": "elasticloadbalancing:ResourceTag/${TagKey}", - "description": "Filters access by the preface string for a tag key and value pair that are attached to a resource", - "type": "String" - } - ], - "prefix": "elasticloadbalancing", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add the specified certificates to the specified secure listener", - "privilege": "AddListenerCertificates", - "resource_types": [ + "resource_type": "datasetImportJob*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/app*" + "resource_type": "endpoint*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net*" + "resource_type": "explainability*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to the specified load balancer. Each load balancer can have a maximum of 10 tags", - "privilege": "AddTags", - "resource_types": [ + "resource_type": "explainabilityExport*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/app" + "resource_type": "forecast*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/net" + "resource_type": "forecastExport*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/app" + "resource_type": "monitor*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net" + "resource_type": "predictor*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" + "resource_type": "predictorBacktestExportJob*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" + "resource_type": "whatIfAnalysis*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup" + "resource_type": "whatIfForecast*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}", - "elasticloadbalancing:CreateAction" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecastExport*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a listener for the specified Application Load Balancer", - "privilege": "CreateListener", + "description": "Grants permission to delete a what-if analysis", + "privilege": "DeleteWhatIfAnalysis", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "loadbalancer/app/" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfAnalysis*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a load balancer", - "privilege": "CreateLoadBalancer", + "description": "Grants permission to delete a what-if forecast", + "privilege": "DeleteWhatIfForecast", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "loadbalancer/app/" - }, + "dependent_actions": [], + "resource_type": "whatIfForecast*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a what-if forecast export", + "privilege": "DeleteWhatIfForecastExport", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, + "resource_type": "whatIfForecastExport*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an auto predictor", + "privilege": "DescribeAutoPredictor", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a rule for the specified listener", - "privilege": "CreateRule", + "access_level": "Read", + "description": "Grants permission to describe a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "listener/app*" - }, + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a dataset group", + "privilege": "DescribeDatasetGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net*" - }, + "resource_type": "datasetGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a dataset import job", + "privilege": "DescribeDatasetImportJob", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetImportJob*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a target group", - "privilege": "CreateTargetGroup", + "access_level": "Read", + "description": "Grants permission to describe an explainability", + "privilege": "DescribeExplainability", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags" - ], - "resource_type": "targetgroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "explainability*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified listener", - "privilege": "DeleteListener", + "access_level": "Read", + "description": "Grants permission to describe an explainability export", + "privilege": "DescribeExplainabilityExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/app*" - }, + "resource_type": "explainabilityExport*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a forecast", + "privilege": "DescribeForecast", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net*" - }, + "resource_type": "forecast*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an endpoint resource", + "privilege": "DescribeForecastEndpoint", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified load balancer", - "privilege": "DeleteLoadBalancer", + "access_level": "Read", + "description": "Grants permission to describe a forecast export job", + "privilege": "DescribeForecastExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" - }, + "resource_type": "forecastExport*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an monitor resource", + "privilege": "DescribeMonitor", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" - }, + "resource_type": "monitor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a predictor", + "privilege": "DescribePredictor", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified rule", - "privilege": "DeleteRule", + "access_level": "Read", + "description": "Grants permission to describe a predictor backtest export job", + "privilege": "DescribePredictorBacktestExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/app*" - }, + "resource_type": "predictorBacktestExportJob*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a what-if analysis", + "privilege": "DescribeWhatIfAnalysis", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/net*" - }, + "resource_type": "whatIfAnalysis*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a what-if forecast", + "privilege": "DescribeWhatIfForecast", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecast*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified target group", - "privilege": "DeleteTargetGroup", + "access_level": "Read", + "description": "Grants permission to describe a what-if forecast export", + "privilege": "DescribeWhatIfForecastExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup*" - }, + "resource_type": "whatIfForecastExport*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the Accuracy Metrics for a predictor", + "privilege": "GetAccuracyMetrics", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "predictor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister the specified targets from the specified target group", - "privilege": "DeregisterTargets", + "access_level": "Read", + "description": "Grants permission to get the forecast context of a timeseries for an endpoint", + "privilege": "GetRecentForecastContext", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup*" - }, + "resource_type": "endpoint*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to invoke the endpoint to get forecast for a timeseries", + "privilege": "InvokeForecastEndpoint", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the Elastic Load Balancing resource limits for the AWS account", - "privilege": "DescribeAccountLimits", + "description": "Grants permission to list all the dataset groups", + "privilege": "ListDatasetGroups", "resource_types": [ { "condition_keys": [], @@ -96365,8 +121028,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the certificates for the specified secure listener", - "privilege": "DescribeListenerCertificates", + "description": "Grants permission to list all the dataset import jobs", + "privilege": "ListDatasetImportJobs", "resource_types": [ { "condition_keys": [], @@ -96377,8 +121040,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the specified listeners or the listeners for the specified Application Load Balancer", - "privilege": "DescribeListeners", + "description": "Grants permission to list all the datasets", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], @@ -96389,8 +121052,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified load balancer", - "privilege": "DescribeLoadBalancerAttributes", + "description": "Grants permission to list all the explainabilities", + "privilege": "ListExplainabilities", "resource_types": [ { "condition_keys": [], @@ -96401,8 +121064,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the specified the load balancers. If no load balancers are specified, the call describes all of your load balancers", - "privilege": "DescribeLoadBalancers", + "description": "Grants permission to list all the explainability exports", + "privilege": "ListExplainabilityExports", "resource_types": [ { "condition_keys": [], @@ -96413,8 +121076,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the specified rules or the rules for the specified listener", - "privilege": "DescribeRules", + "description": "Grants permission to list all the forecast export jobs", + "privilege": "ListForecastExportJobs", "resource_types": [ { "condition_keys": [], @@ -96425,8 +121088,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the specified policies or all policies used for SSL negotiation", - "privilege": "DescribeSSLPolicies", + "description": "Grants permission to list all the forecasts", + "privilege": "ListForecasts", "resource_types": [ { "condition_keys": [], @@ -96437,20 +121100,20 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the tags associated with the specified resource", - "privilege": "DescribeTags", + "description": "Grants permission to list all the monitor evaluation result for a monitor", + "privilege": "ListMonitorEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "monitor*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the attributes for the specified target group", - "privilege": "DescribeTargetGroupAttributes", + "description": "Grants permission to list all the monitor resources", + "privilege": "ListMonitors", "resource_types": [ { "condition_keys": [], @@ -96461,8 +121124,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the specified target groups or all of your target groups", - "privilege": "DescribeTargetGroups", + "description": "Grants permission to list all the predictor backtest export jobs", + "privilege": "ListPredictorBacktestExportJobs", "resource_types": [ { "condition_keys": [], @@ -96473,8 +121136,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the health of the specified targets or all of your targets", - "privilege": "DescribeTargetHealth", + "description": "Grants permission to list all the predictors", + "privilege": "ListPredictors", "resource_types": [ { "condition_keys": [], @@ -96484,134 +121147,156 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to modify the specified properties of the specified listener", - "privilege": "ModifyListener", + "access_level": "Read", + "description": "Grants permission to list the tags for an Amazon Forecast resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/app*" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net*" + "resource_type": "datasetGroup" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the attributes of the specified load balancer", - "privilege": "ModifyLoadBalancerAttributes", - "resource_types": [ + "resource_type": "datasetImportJob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" + "resource_type": "endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" + "resource_type": "explainability" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the specified rule", - "privilege": "ModifyRule", - "resource_types": [ + "resource_type": "explainabilityExport" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/app*" + "resource_type": "forecast" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/net*" + "resource_type": "forecastExport" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "monitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictorBacktestExportJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfAnalysis" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecastExport" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the what-if analyses", + "privilege": "ListWhatIfAnalyses", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the health checks used when evaluating the health state of the targets in the specified target group", - "privilege": "ModifyTargetGroup", + "access_level": "Read", + "description": "Grants permission to list all the what-if forecast exports", + "privilege": "ListWhatIfForecastExports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all the what-if forecasts", + "privilege": "ListWhatIfForecasts", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the specified attributes of the specified target group", - "privilege": "ModifyTargetGroupAttributes", + "access_level": "Read", + "description": "Grants permission to retrieve a forecast for a single item", + "privilege": "QueryForecast", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup*" - }, + "resource_type": "forecast*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a what-if forecast for a single item", + "privilege": "QueryWhatIfForecast", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "whatIfForecast*" } ] }, { "access_level": "Write", - "description": "Grants permission to register the specified targets with the specified target group", - "privilege": "RegisterTargets", + "description": "Grants permission to resume Amazon Forecast resource jobs", + "privilege": "ResumeResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup*" + "resource_type": "monitor*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -96620,23 +121305,73 @@ }, { "access_level": "Write", - "description": "Grants permission to remove the specified certificates of the specified secure listener", - "privilege": "RemoveListenerCertificates", + "description": "Grants permission to stop Amazon Forecast resource jobs", + "privilege": "StopResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/app*" + "resource_type": "datasetImportJob*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net*" + "resource_type": "endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainability*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "explainabilityExport*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecast*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecastExport*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "monitor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictor*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictorBacktestExportJob*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfAnalysis*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecastExport*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -96645,50 +121380,83 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified load balancer", - "privilege": "RemoveTags", + "description": "Grants permission to associate the specified tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/app" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/net" + "resource_type": "datasetGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/app" + "resource_type": "datasetImportJob" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener/net" + "resource_type": "endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" + "resource_type": "explainability" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" + "resource_type": "explainabilityExport" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "targetgroup" + "resource_type": "forecast" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "forecastExport" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "monitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictorBacktestExportJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfAnalysis" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecastExport" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -96696,91 +121464,83 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to set the type of IP addresses used by the subnets of the specified load balancer", - "privilege": "SetIpAddressType", + "access_level": "Tagging", + "description": "Grants permission to delete the specified tags for a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" + "resource_type": "datasetGroup" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the priorities of the specified rules", - "privilege": "SetRulePriorities", - "resource_types": [ + "resource_type": "datasetImportJob" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/app*" + "resource_type": "endpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener-rule/net*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to associate the specified security groups with the specified load balancer", - "privilege": "SetSecurityGroups", - "resource_types": [ + "resource_type": "explainability" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" + "resource_type": "explainabilityExport" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" + "resource_type": "forecast" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable the Availability Zone for the specified subnets for the specified load balancer", - "privilege": "SetSubnets", - "resource_types": [ + "resource_type": "forecastExport" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/app/" + "resource_type": "monitor" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "loadbalancer/net/" + "resource_type": "predictor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "predictorBacktestExportJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfAnalysis" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecast" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "whatIfForecastExport" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -96789,185 +121549,158 @@ }, { "access_level": "Write", - "description": "Grants permission to give WebAcl permission to WAF", - "privilege": "SetWebAcl", + "description": "Grants permission to update a dataset group", + "privilege": "UpdateDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasetGroup*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "listener/app" + "resource": "dataset" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/app/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-group/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "listener-rule/app" + "resource": "datasetGroup" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-import-job/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "listener/net" + "resource": "datasetImportJob" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:listener-rule/net/${LoadBalancerName}/${LoadBalancerId}/${ListenerId}/${ListenerRuleId}", + "arn": "arn:${Partition}:forecast:::algorithm/${ResourceId}", + "condition_keys": [], + "resource": "algorithm" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "listener-rule/net" + "resource": "predictor" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor-backtest-export-job/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "loadbalancer/app/" + "resource": "predictorBacktestExportJob" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "loadbalancer/net/" + "resource": "forecast" }, { - "arn": "arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}", + "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-export-job/${ResourceId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticloadbalancing:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "targetgroup" + "resource": "forecastExport" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "explainability" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability-export/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "explainabilityExport" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:monitor/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "monitor" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-analysis/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "whatIfAnalysis" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "whatIfForecast" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast-export/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "whatIfForecastExport" + }, + { + "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-endpoint/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "endpoint" } ], - "service_name": "AWS Elastic Load Balancing V2" + "service_name": "Amazon Forecast" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by whether the tag and value pair is provided with the action", + "description": "Filters actions based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", + "description": "Filters actions based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by whether the tag keys are provided with the action regardless of tag value", + "description": "Filters actions based on the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "elasticmapreduce:ExecutionRoleArn", - "description": "Filters access by whether the execution role ARN is provided with the action", - "type": "String" - }, - { - "condition": "elasticmapreduce:RequestTag/${TagKey}", - "description": "Filters access by whether the tag and value pair is provided with the action", - "type": "String" - }, - { - "condition": "elasticmapreduce:ResourceTag/${TagKey}", - "description": "Filters access by the tag and value pair associated with an Amazon EMR resource", - "type": "String" } ], - "prefix": "elasticmapreduce", + "prefix": "frauddetector", "privileges": [ { "access_level": "Write", - "description": "Grants permission to add an instance fleet to a running cluster", - "privilege": "AddInstanceFleet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add instance groups to a running cluster", - "privilege": "AddInstanceGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add new steps to a running cluster", - "privilege": "AddJobFlowSteps", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "elasticmapreduce:ExecutionRoleArn" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an Amazon EMR resource", - "privilege": "AddTags", + "description": "Grants permission to create a batch of variables", + "privilege": "BatchCreateVariable", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "notebook-execution" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -96975,96 +121708,60 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to attach an EMR notebook to a compute engine", - "privilege": "AttachEditor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel a pending step or steps in a running cluster", - "privilege": "CancelSteps", + "access_level": "List", + "description": "Grants permission to get a batch of variables", + "privilege": "BatchGetVariable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "variable*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an EMR notebook", - "privilege": "CreateEditor", + "description": "Grants permission to cancel the specified batch import job", + "privilege": "CancelBatchImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "batch-import*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a persistent application history server", - "privilege": "CreatePersistentAppUI", + "description": "Grants permission to cancel the specified batch prediction job", + "privilege": "CancelBatchPredictionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "batch-prediction*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an EMR notebook repository", - "privilege": "CreateRepository", + "description": "Grants permission to create a batch import job", + "privilege": "CreateBatchImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a security configuration", - "privilege": "CreateSecurityConfiguration", - "resource_types": [ + "resource_type": "batch-import*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an EMR Studio", - "privilege": "CreateStudio", - "resource_types": [ + "resource_type": "event-type*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -97073,269 +121770,297 @@ }, { "access_level": "Write", - "description": "Grants permission to launch an EMR Studio using IAM authentication mode", - "privilege": "CreateStudioPresignedUrl", + "description": "Grants permission to create a batch prediction job", + "privilege": "CreateBatchPredictionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an EMR Studio session mapping", - "privilege": "CreateStudioSessionMapping", - "resource_types": [ + "resource_type": "batch-prediction*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an EMR notebook", - "privilege": "DeleteEditor", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an EMR notebook repository", - "privilege": "DeleteRepository", - "resource_types": [ + "resource_type": "detector-version*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "event-type*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a security configuration", - "privilege": "DeleteSecurityConfiguration", + "description": "Grants permission to create a detector version. The detector version starts in a DRAFT status", + "privilege": "CreateDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "detector*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "external-model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-version" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an EMR Studio", - "privilege": "DeleteStudio", + "description": "Grants permission to create a list", + "privilege": "CreateList", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an EMR Studio session mapping", - "privilege": "DeleteStudioSessionMapping", + "description": "Grants permission to create a model using the specified model type", + "privilege": "CreateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to block an identity from opening a collaborative workspace", - "privilege": "DeleteWorkspaceAccess", - "resource_types": [ + "resource_type": "event-type*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a cluster, including status, hardware and software configuration, VPC settings, and so on", - "privilege": "DescribeCluster", + "access_level": "Write", + "description": "Grants permission to create a version of the model using the specified model type and model id", + "privilege": "CreateModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about a notebook, including status, user, role, tags, location, and more", - "privilege": "DescribeEditor", + "access_level": "Write", + "description": "Grants permission to create a rule for use with the specified detector", + "privilege": "CreateRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "detector*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe details of clusters (job flows). This API is deprecated and will eventually be removed. We recommend you use ListClusters, DescribeCluster, ListSteps, ListInstanceGroups and ListBootstrapActions instead", - "privilege": "DescribeJobFlows", + "access_level": "Write", + "description": "Grants permission to create a variable", + "privilege": "CreateVariable", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about a notebook execution", - "privilege": "DescribeNotebookExecution", + "access_level": "Write", + "description": "Grants permission to delete a batch import job", + "privilege": "DeleteBatchImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notebook-execution*" + "resource_type": "batch-import*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a persistent application history server", - "privilege": "DescribePersistentAppUI", + "access_level": "Write", + "description": "Grants permission to delete a batch prediction job", + "privilege": "DeleteBatchPredictionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "batch-prediction*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about an EMR release, such as which applications are supported", - "privilege": "DescribeReleaseLabel", + "access_level": "Write", + "description": "Grants permission to delete the detector. Before deleting a detector, you must first delete all detector versions and rule versions associated with the detector", + "privilege": "DeleteDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an EMR notebook repository", - "privilege": "DescribeRepository", + "access_level": "Write", + "description": "Grants permission to delete the detector version. You cannot delete detector versions that are in ACTIVE status", + "privilege": "DeleteDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector-version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of a security configuration", - "privilege": "DescribeSecurityConfiguration", + "access_level": "Write", + "description": "Grants permission to delete an entity type. You cannot delete an entity type that is included in an event type", + "privilege": "DeleteEntityType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a cluster step", - "privilege": "DescribeStep", + "access_level": "Write", + "description": "Grants permission to deletes the specified event", + "privilege": "DeleteEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about an EMR Studio", - "privilege": "DescribeStudio", + "access_level": "Write", + "description": "Grants permission to delete an event type. You cannot delete an event type that is used in a detector or a model", + "privilege": "DeleteEventType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "event-type*" } ] }, { "access_level": "Write", - "description": "Grants permission to detach an EMR notebook from a compute engine", - "privilege": "DetachEditor", + "description": "Grants permission to delete events for the specified event type", + "privilege": "DeleteEventsByEventType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "event-type*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the auto-termination policy associated with a cluster", - "privilege": "GetAutoTerminationPolicy", + "access_level": "Write", + "description": "Grants permission to remove a SageMaker model from Amazon Fraud Detector. You can remove an Amazon SageMaker model if it is not associated with a detector version", + "privilege": "DeleteExternalModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "external-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the EMR block public access configuration for the AWS account in the Region", - "privilege": "GetBlockPublicAccessConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a label. You cannot delete labels that are included in an event type in Amazon Fraud Detector. You cannot delete a label assigned to an event ID. You must first delete the relevant event ID", + "privilege": "DeleteLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "label*" } ] }, { "access_level": "Write", - "description": "Grants permission to retrieve HTTP basic credentials associated with a given execution IAM Role for a fine-grained access control enabled EMR Cluster", - "privilege": "GetClusterSessionCredentials", + "description": "Grants permission to delete a list", + "privilege": "DeleteList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "list*" }, { "condition_keys": [ - "elasticmapreduce:ExecutionRoleArn" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -97343,554 +122068,494 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the managed scaling policy associated with a cluster", - "privilege": "GetManagedScalingPolicy", + "access_level": "Write", + "description": "Grants permission to delete a model. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "model*" } ] }, { "access_level": "Write", - "description": "Grants permission to get a presigned URL for an application history server running on the cluster", - "privilege": "GetOnClusterAppUIPresignedURL", + "description": "Grants permission to delete a model version. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", + "privilege": "DeleteModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "model-version*" } ] }, { "access_level": "Write", - "description": "Grants permission to get a presigned URL for a persistent application history server", - "privilege": "GetPersistentAppUIPresignedURL", + "description": "Grants permission to delete an outcome. You cannot delete an outcome that is used in a rule version", + "privilege": "DeleteOutcome", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "outcome*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about an EMR Studio session mapping", - "privilege": "GetStudioSessionMapping", + "access_level": "Write", + "description": "Grants permission to delete the rule. You cannot delete a rule if it is used by an ACTIVE or INACTIVE detector version", + "privilege": "DeleteRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to link an EMR notebook repository to EMR notebooks", - "privilege": "LinkRepository", + "description": "Grants permission to delete a variable. You cannot delete variables that are included in an event type in Amazon Fraud Detector", + "privilege": "DeleteVariable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "variable*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about the bootstrap actions associated with a cluster", - "privilege": "ListBootstrapActions", + "description": "Grants permission to get all versions for a specified detector", + "privilege": "DescribeDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "detector*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the status of accessible clusters", - "privilege": "ListClusters", + "access_level": "Read", + "description": "Grants permission to get all of the model versions for the specified model type or for the specified model type and model ID. You can also get details for a single, specified model version", + "privilege": "DescribeModelVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-version" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information for accessible EMR notebooks", - "privilege": "ListEditors", + "access_level": "Read", + "description": "Grants permission to get the data validation report of a specific batch import job", + "privilege": "GetBatchImportJobValidationReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batch-import*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of instance fleets in a cluster", - "privilege": "ListInstanceFleets", + "access_level": "List", + "description": "Grants permission to get all batch import jobs or a specific job if you specify a job ID", + "privilege": "GetBatchImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "batch-import" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of instance groups in a cluster", - "privilege": "ListInstanceGroups", + "access_level": "List", + "description": "Grants permission to get all batch prediction jobs or a specific job if you specify a job ID. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 1 and 50. To get the next page results, provide the pagination token from the GetBatchPredictionJobsResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetBatchPredictionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "batch-prediction" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about the Amazon EC2 instances in a cluster", - "privilege": "ListInstances", + "description": "Grants permission to get a specific event type DeleteEventsByEventType API execution status", + "privilege": "GetDeleteEventsByEventTypeStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-type*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information for notebook executions", - "privilege": "ListNotebookExecutions", + "access_level": "Read", + "description": "Grants permission to get a particular detector version", + "privilege": "GetDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector-version*" } ] }, { "access_level": "List", - "description": "Grants permission to list and filter the available EMR releases in the current region", - "privilege": "ListReleaseLabels", + "description": "Grants permission to get all detectors or a single detector if a detectorId is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetDetectorsResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetDetectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector" } ] }, { "access_level": "List", - "description": "Grants permission to list existing EMR notebook repositories", - "privilege": "ListRepositories", + "description": "Grants permission to get all entity types or a specific entity type if a name is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEntityTypesResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetEntityTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity-type" } ] }, { - "access_level": "List", - "description": "Grants permission to list available security configurations in this account by name, along with creation dates and times", - "privilege": "ListSecurityConfigurations", + "access_level": "Read", + "description": "Grants permission to get the details of the specified event", + "privilege": "GetEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-type*" } ] }, { "access_level": "Read", - "description": "Grants permission to list steps associated with a cluster", - "privilege": "ListSteps", + "description": "Grants permission to evaluate an event against a detector version. If a version ID is not provided, the detector\u2019s (ACTIVE) version is used", + "privilege": "GetEventPrediction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list summary information about EMR Studio session mappings", - "privilege": "ListStudioSessionMappings", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector-version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" } ] }, { - "access_level": "List", - "description": "Grants permission to list summary information about EMR Studios", - "privilege": "ListStudios", + "access_level": "Read", + "description": "Grants permission to get more details of a particular prediction", + "privilege": "GetEventPredictionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detector-version*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-type*" } ] }, { "access_level": "List", - "description": "Grants permission to list the Amazon EC2 instance types that an Amazon EMR release supports", - "privilege": "ListSupportedInstanceTypes", + "description": "Grants permission to get all event types or a specific event type if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEventTypesResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetEventTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-type" } ] }, { "access_level": "List", - "description": "Grants permission to list identities that are granted access to a workspace", - "privilege": "ListWorkspaceAccessIdentities", + "description": "Grants permission to get the details for one or more Amazon SageMaker models that have been imported into the service. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetExternalModelsResult as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetExternalModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "external-model" } ] }, { - "access_level": "Write", - "description": "Grants permission to change cluster settings such as number of steps that can be executed concurrently for a cluster", - "privilege": "ModifyCluster", + "access_level": "Read", + "description": "Grants permission to get the encryption key if a Key Management Service (KMS) customer master key (CMK) has been specified to be used to encrypt content in Amazon Fraud Detector", + "privilege": "GetKMSEncryptionKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the target On-Demand and target Spot capacities for a instance fleet", - "privilege": "ModifyInstanceFleet", + "access_level": "List", + "description": "Grants permission to get all labels or a specific label if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 10 and 50. To get the next page results, provide the pagination token from the GetGetLabelsResponse as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetLabels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "label" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the number and configuration of EC2 instances for an instance group", - "privilege": "ModifyInstanceGroups", + "access_level": "Read", + "description": "Grants permission to get elements of a list", + "privilege": "GetListElements", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "list*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to launch the Jupyter notebook editor for an EMR notebook from within the console", - "privilege": "OpenEditorInConsole", + "access_level": "List", + "description": "Grants permission to get metadata about lists", + "privilege": "GetListsMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "list" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update an automatic scaling policy for a core instance group or task instance group", - "privilege": "PutAutoScalingPolicy", + "access_level": "Read", + "description": "Grants permission to get the details of the specified model version", + "privilege": "GetModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "model-version*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the auto-termination policy associated with a cluster", - "privilege": "PutAutoTerminationPolicy", + "access_level": "List", + "description": "Grants permission to get one or more models. Gets all models for the AWS account if no model type and no model id provided. Gets all models for the AWS account and model type, if the model type is specified but model id is not provided. Gets a specific model if (model type, model id) tuple is specified", + "privilege": "GetModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "model" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update the EMR block public access configuration for the AWS account in the Region", - "privilege": "PutBlockPublicAccessConfiguration", + "access_level": "List", + "description": "Grants permission to get one or more outcomes. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 100 records per page. If you provide a maxResults, the value must be between 50 and 100. To get the next page results, provide the pagination token from the GetOutcomesResult as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "GetOutcomes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outcome" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the managed scaling policy associated with a cluster", - "privilege": "PutManagedScalingPolicy", + "access_level": "List", + "description": "Grants permission to get all rules for a detector (paginated) if ruleId and ruleVersion are not specified. Gets all rules for the detector and the ruleId if present (paginated). Gets a specific rule if both the ruleId and the ruleVersion are specified", + "privilege": "GetRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "rule" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to allow an identity to open a collaborative workspace", - "privilege": "PutWorkspaceAccess", + "access_level": "List", + "description": "Grants permission to get all of the variables or the specific variable. This is a paginated API. Providing null maxSizePerPage results in retrieving maximum of 100 records per page. If you provide maxSizePerPage the value must be between 50 and 100. To get the next page result, a provide a pagination token from GetVariablesResult as part of your request. Null pagination token fetches the records from the beginning", + "privilege": "GetVariables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "variable" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove an automatic scaling policy from an instance group", - "privilege": "RemoveAutoScalingPolicy", + "access_level": "List", + "description": "Grants permission to get a list of past predictions", + "privilege": "ListEventPredictions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the auto-termination policy associated with a cluster", - "privilege": "RemoveAutoTerminationPolicy", - "resource_types": [ + "resource_type": "detector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove the managed scaling policy associated with a cluster", - "privilege": "RemoveManagedScalingPolicy", - "resource_types": [ + "resource_type": "detector-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "event-type" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon EMR resource", - "privilege": "RemoveTags", + "access_level": "Read", + "description": "Grants permission to list all tags associated with the resource. This is a paginated API. To get the next page results, provide the pagination token from the response as part of your request. A null pagination token fetches the records from the beginning", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" + "resource_type": "batch-import" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor" + "resource_type": "batch-prediction" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "notebook-execution" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio" + "resource_type": "detector-version" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create and launch a cluster (job flow)", - "privilege": "RunJobFlow", - "resource_types": [ + "resource_type": "entity-type" + }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add and remove termination protection for a cluster", - "privilege": "SetTerminationProtection", - "resource_types": [ + "resource_type": "event-type" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set whether all AWS Identity and Access Management (IAM) users in the AWS account can view a cluster. This API is deprecated and your cluster may be visible to all users in your account. To restrict cluster access using an IAM policy, see AWS Identity and Access Management for Amazon EMR (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-access-iam.html)", - "privilege": "SetVisibleToAllUsers", - "resource_types": [ + "resource_type": "external-model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start an EMR notebook", - "privilege": "StartEditor", - "resource_types": [ + "resource_type": "label" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start an EMR notebook execution", - "privilege": "StartNotebookExecution", - "resource_types": [ + "resource_type": "model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "model-version" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "outcome" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "elasticmapreduce:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to shut down an EMR notebook", - "privilege": "StopEditor", - "resource_types": [ + "resource_type": "rule" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" + "resource_type": "variable" } ] }, { "access_level": "Write", - "description": "Grants permission to stop notebook execution", - "privilege": "StopNotebookExecution", + "description": "Grants permission to create or update a detector", + "privilege": "PutDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "notebook-execution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to terminate a cluster (job flow)", - "privilege": "TerminateJobFlows", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to unlink an EMR notebook repository from EMR notebooks", - "privilege": "UnlinkRepository", - "resource_types": [ + "resource_type": "event-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -97898,23 +122563,19 @@ }, { "access_level": "Write", - "description": "Grants permission to update an EMR notebook", - "privilege": "UpdateEditor", + "description": "Grants permission to create or update an entity type. An entity represents who is performing the event. As part of a fraud prediction, you pass the entity ID to indicate the specific entity who performed the event. An entity type classifies the entity. Example classifications include customer, merchant, or account", + "privilege": "PutEntityType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "editor*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an EMR notebook repository", - "privilege": "UpdateRepository", - "resource_types": [ + "resource_type": "entity-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -97922,117 +122583,44 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about an EMR Studio", - "privilege": "UpdateStudio", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an EMR Studio session mapping", - "privilege": "UpdateStudioSessionMapping", + "description": "Grants permission to create or update an event type. An event is a business activity that is evaluated for fraud risk. With Amazon Fraud Detector, you generate fraud predictions for events. An event type defines the structure for an event sent to Amazon Fraud Detector. This includes the variables sent as part of the event, the entity performing the event (such as a customer), and the labels that classify the event. Example event types include online payment transactions, account registrations, and authentications", + "privilege": "PutEventType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to use the EMR console to view events from all clusters", - "privilege": "ViewEventsFromAllClustersInConsole", - "resource_types": [ + "resource_type": "event-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "cluster" - }, - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:editor/${EditorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "editor" - }, - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:notebook-execution/${NotebookExecutionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "notebook-execution" - }, - { - "arn": "arn:${Partition}:elasticmapreduce:${Region}:${Account}:studio/${StudioId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "elasticmapreduce:ResourceTag/${TagKey}" - ], - "resource": "studio" - } - ], - "service_name": "Amazon Elastic MapReduce" - }, - { - "conditions": [], - "prefix": "elastictranscoder", - "privileges": [ - { - "access_level": "Write", - "description": "Cancel a job that Elastic Transcoder has not begun to process", - "privilege": "CancelJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job*" - } - ] }, { "access_level": "Write", - "description": "Create a job", - "privilege": "CreateJob", + "description": "Grants permission to create or update an Amazon SageMaker model endpoint. You can also use this action to update the configuration of the model endpoint, including the IAM role and/or the mapped variables", + "privilege": "PutExternalModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "event-type*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "preset*" - } - ] - }, - { - "access_level": "Write", - "description": "Create a pipeline", - "privilege": "CreatePipeline", - "resource_types": [ + "resource_type": "external-model*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -98040,8 +122628,8 @@ }, { "access_level": "Write", - "description": "Create a preset", - "privilege": "CreatePreset", + "description": "Grants permission to specify the Key Management Service (KMS) customer master key (CMK) to be used to encrypt content in Amazon Fraud Detector", + "privilege": "PutKMSEncryptionKey", "resource_types": [ { "condition_keys": [], @@ -98052,316 +122640,143 @@ }, { "access_level": "Write", - "description": "Delete a pipeline", - "privilege": "DeletePipeline", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - }, - { - "access_level": "Write", - "description": "Delete a preset", - "privilege": "DeletePreset", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "preset*" - } - ] - }, - { - "access_level": "List", - "description": "Get a list of the jobs that you assigned to a pipeline", - "privilege": "ListJobsByPipeline", + "description": "Grants permission to create or update label. A label classifies an event as fraudulent or legitimate. Labels are associated with event types and used to train supervised machine learning models in Amazon Fraud Detector", + "privilege": "PutLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - }, - { - "access_level": "List", - "description": "Get information about all of the jobs associated with the current AWS account that have a specified status", - "privilege": "ListJobsByStatus", - "resource_types": [ + "resource_type": "label*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Get a list of the pipelines associated with the current AWS account", - "privilege": "ListPipelines", + "access_level": "Write", + "description": "Grants permission to create or update an outcome", + "privilege": "PutOutcome", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Get a list of all presets associated with the current AWS account", - "privilege": "ListPresets", - "resource_types": [ + "resource_type": "outcome*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Get detailed information about a job", - "privilege": "ReadJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job*" - } - ] - }, - { - "access_level": "Read", - "description": "Get detailed information about a pipeline", - "privilege": "ReadPipeline", + "access_level": "Write", + "description": "Grants permission to send event", + "privilege": "SendEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - }, - { - "access_level": "Read", - "description": "Get detailed information about a preset", - "privilege": "ReadPreset", - "resource_types": [ + "resource_type": "event-type*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "preset*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Test the settings for a pipeline to ensure that Elastic Transcoder can create and process jobs", - "privilege": "TestRole", + "access_level": "Tagging", + "description": "Grants permission to assign tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Update settings for a pipeline", - "privilege": "UpdatePipeline", - "resource_types": [ + "resource_type": "batch-import" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - }, - { - "access_level": "Write", - "description": "Update only Amazon Simple Notification Service (Amazon SNS) notifications for a pipeline", - "privilege": "UpdatePipelineNotifications", - "resource_types": [ + "resource_type": "batch-prediction" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - }, - { - "access_level": "Write", - "description": "Pause or reactivate a pipeline, so the pipeline stops or restarts processing jobs, update the status for the pipeline", - "privilege": "UpdatePipelineStatus", - "resource_types": [ + "resource_type": "detector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:job/${JobId}", - "condition_keys": [], - "resource": "job" - }, - { - "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:pipeline/${PipelineId}", - "condition_keys": [], - "resource": "pipeline" - }, - { - "arn": "arn:${Partition}:elastictranscoder:${Region}:${Account}:preset/${PresetId}", - "condition_keys": [], - "resource": "preset" - } - ], - "service_name": "Amazon Elastic Transcoder" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "elemental-activations", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to complete the process of registering customer account for AWS Elemental Appliances and Software Purchases", - "privilege": "CompleteAccountRegistration", - "resource_types": [ + "resource_type": "detector-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to complete the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", - "privilege": "CompleteFileUpload", - "resource_types": [ + "resource_type": "entity-type" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to download the Software files for AWS Elemental Appliances and Software Purchases", - "privilege": "DownloadSoftware", - "resource_types": [ + "resource_type": "event-type" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to generate Software Licenses for AWS Elemental Appliances and Software Purchases", - "privilege": "GenerateLicenses", - "resource_types": [ + "resource_type": "external-model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an activation", - "privilege": "GetActivation", - "resource_types": [ + "resource_type": "label" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "activation*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for an AWS Elemental Activations resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "list" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "activation" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to start the process of registering customer account for AWS Elemental Appliances and Software Purchases", - "privilege": "StartAccountRegistration", - "resource_types": [ + "resource_type": "model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to start the process of uploading a Software file for AWS Elemental Appliances and Software Purchases", - "privilege": "StartFileUpload", - "resource_types": [ + "resource_type": "model-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add a tag for an AWS Elemental Activations resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "outcome" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "activation*" + "resource_type": "rule" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "activation" + "resource_type": "variable" }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -98370,251 +122785,148 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove a tag from an AWS Elemental Activations resource", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "activation*" + "resource_type": "batch-import" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "activation" + "resource_type": "batch-prediction" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elemental-activations:${Region}:${Account}:activation/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "activation" - } - ], - "service_name": "AWS Elemental Appliances and Software Activation Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by request tag", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by resource tag", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys", - "type": "ArrayOfString" - } - ], - "prefix": "elemental-appliances-software", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to complete an upload of an attachment for a quote or order", - "privilege": "CompleteUpload", - "resource_types": [ + "resource_type": "detector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an order", - "privilege": "CreateOrderV1", - "resource_types": [ + "resource_type": "detector-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to create a quote", - "privilege": "CreateQuote", - "resource_types": [ + "resource_type": "entity-type" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote*" + "resource_type": "event-type" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to validate an address", - "privilege": "GetAvsCorrectAddress", - "resource_types": [ + "resource_type": "external-model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the billing addresses in the user account", - "privilege": "GetBillingAddresses", - "resource_types": [ + "resource_type": "label" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the delivery addresses in the user account", - "privilege": "GetDeliveryAddressesV2", - "resource_types": [ + "resource_type": "list" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an order", - "privilege": "GetOrder", - "resource_types": [ + "resource_type": "model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list the orders in the user account", - "privilege": "GetOrdersV2", - "resource_types": [ + "resource_type": "model-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a quote", - "privilege": "GetQuote", - "resource_types": [ + "resource_type": "outcome" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to calculate taxes for an order", - "privilege": "GetTaxes", - "resource_types": [ + "resource_type": "rule" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "variable" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the quotes in the user account", - "privilege": "ListQuotes", + "access_level": "Write", + "description": "Grants permission to update a detector version. The detector version attributes that you can update include models, external model endpoints, rules, rule execution mode, and description. You can only update a DRAFT detector version", + "privilege": "UpdateDetectorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to lists tags for an AWS Elemental Appliances and Software resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "detector*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote" + "resource_type": "external-model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-version" } ] }, { "access_level": "Write", - "description": "Grants permission to start an upload of an attachment for a quote or order", - "privilege": "StartUpload", + "description": "Grants permission to update the detector version's description. You can update the metadata for any detector version (DRAFT, ACTIVE, or INACTIVE)", + "privilege": "UpdateDetectorVersionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector-version*" } ] }, { "access_level": "Write", - "description": "Grants permission to submit an order", - "privilege": "SubmitOrderV1", + "description": "Grants permission to update the detector version\u2019s status. You can perform the following promotions or demotions using UpdateDetectorVersionStatus: DRAFT to ACTIVE, ACTIVE to INACTIVE, and INACTIVE to ACTIVE", + "privilege": "UpdateDetectorVersionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detector-version*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an AWS Elemental Appliances and Software resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update an existing event record's label value", + "privilege": "UpdateEventLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote" + "resource_type": "event-type*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -98622,18 +122934,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from an AWS Elemental Appliances and Software resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a list", + "privilege": "UpdateList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote" + "resource_type": "list*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -98642,163 +122954,225 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a quote", - "privilege": "UpdateQuote", + "description": "Grants permission to update a model. You can update the description attribute using this action", + "privilege": "UpdateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "quote*" + "resource_type": "model*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:elemental-appliances-software:${Region}:${Account}:quote/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "quote" - } - ], - "service_name": "AWS Elemental Appliances and Software" - }, - { - "conditions": [], - "prefix": "elemental-support-cases", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to verify whether the caller has the permissions to perform support case operations", - "privilege": "CheckCasePermission", + "description": "Grants permission to update a model version. Updating a model version retrains an existing model version using updated training data and produces a new minor version of the model. You can update the training data set location and data access role attributes using this action. This action creates and trains a new minor version of the model, for example version 1.01, 1.02, 1.03", + "privilege": "UpdateModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a support case", - "privilege": "CreateCase", + "description": "Grants permission to update the status of a model version", + "privilege": "UpdateModelVersionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model-version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a support case in your account", - "privilege": "GetCase", + "access_level": "Write", + "description": "Grants permission to update a rule's metadata. The description attribute can be updated", + "privilege": "UpdateRuleMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "rule*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the support cases in your account", - "privilege": "GetCases", + "access_level": "Write", + "description": "Grants permission to update a rule version resulting in a new rule version. Updates a rule version resulting in a new rule version (version 1, 2, 3 ...)", + "privilege": "UpdateRuleVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "rule*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a support case", - "privilege": "UpdateCase", + "description": "Grants permission to update a variable", + "privilege": "UpdateVariable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "variable*" } ] } ], - "resources": [], - "service_name": "AWS Elemental Support Cases" - }, - { - "conditions": [], - "prefix": "elemental-support-content", - "privileges": [ + "resources": [ { - "access_level": "Read", - "description": "Grants permission to search support content", - "privilege": "Query", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-prediction/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "batch-prediction" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "detector" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector-version/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "detector-version" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:entity-type/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "entity-type" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:external-model/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "external-model" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:event-type/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "event-type" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:label/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "label" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model-version/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model-version" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:outcome/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "outcome" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:rule/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rule" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:variable/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "variable" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-import/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "batch-import" + }, + { + "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:list/${ResourcePath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "list" } ], - "resources": [], - "service_name": "AWS Elemental Support Content" + "service_name": "Amazon Fraud Detector" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs present in the request", + "description": "A tag key that is present in the request that the user makes to Amazon FreeRTOS", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", + "description": "The tag key component of a tag attached to an Amazon FreeRTOS resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys present in the request", + "description": "The list of all the tag key names associated with the resource in the request", "type": "ArrayOfString" - }, - { - "condition": "emr-containers:ExecutionRoleArn", - "description": "Filters access by the execution role arn present in the request", - "type": "String" - }, - { - "condition": "emr-containers:JobTemplateArn", - "description": "Filters access by the job template arn present in the request", - "type": "String" } ], - "prefix": "emr-containers", + "prefix": "freertos", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a job run", - "privilege": "CancelJobRun", + "description": "Grants permission to create a software configuration", + "privilege": "CreateSoftwareConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a job template", - "privilege": "CreateJobTemplate", - "resource_types": [ + "resource_type": "configuration*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -98811,19 +123185,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a managed endpoint", - "privilege": "CreateManagedEndpoint", + "description": "Grants permission to create a subscription for FreeRTOS extended maintenance plan (EMP)", + "privilege": "CreateSubscription", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "virtualCluster*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "emr-containers:ExecutionRoleArn" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -98832,131 +123200,128 @@ }, { "access_level": "Write", - "description": "Grants permission to create a virtual cluster", - "privilege": "CreateVirtualCluster", + "description": "Grants permission to delete the software configuration", + "privilege": "DeleteSoftwareConfiguration", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job template", - "privilege": "DeleteJobTemplate", + "access_level": "Read", + "description": "Grants permission to describe the hardware platform", + "privilege": "DescribeHardwarePlatform", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobTemplate*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a managed endpoint", - "privilege": "DeleteManagedEndpoint", + "access_level": "Read", + "description": "Grants permission to describe the software configuration", + "privilege": "DescribeSoftwareConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint*" + "resource_type": "configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a virtual cluster", - "privilege": "DeleteVirtualCluster", + "access_level": "Read", + "description": "Grants permission to describes the subscription for FreeRTOS extended maintenance plan (EMP)", + "privilege": "DescribeSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "subscription*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a job run", - "privilege": "DescribeJobRun", + "description": "Grants permission to get URL for sotware patch-release, patch-diff and release notes under FreeRTOS extended maintenance plan (EMP)", + "privilege": "GetEmpPatchUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a job template", - "privilege": "DescribeJobTemplate", + "description": "Grants permission to get the URL for Amazon FreeRTOS software download", + "privilege": "GetSoftwareURL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobTemplate*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a managed endpoint", - "privilege": "DescribeManagedEndpoint", + "description": "Grants permission to get the URL for Amazon FreeRTOS software download based on the configuration", + "privilege": "GetSoftwareURLForConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a virtual cluster", - "privilege": "DescribeVirtualCluster", + "description": "Grants permission to fetch the subscription billing amount for FreeRTOS extended maintenance plan (EMP)", + "privilege": "GetSubscriptionBillingAmount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to generate a session token used to connect to a managed endpoint", - "privilege": "GetManagedEndpointSessionCredentials", + "access_level": "List", + "description": "Grants permission to lists versions of AmazonFreeRTOS", + "privilege": "ListFreeRTOSVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "managedEndpoint*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list job runs associated with a virtual cluster", - "privilege": "ListJobRuns", + "description": "Grants permission to list the hardware platforms", + "privilege": "ListHardwarePlatforms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list job templates", - "privilege": "ListJobTemplates", + "description": "Grants permission to list the hardware vendors", + "privilege": "ListHardwareVendors", "resource_types": [ { "condition_keys": [], @@ -98967,47 +123332,32 @@ }, { "access_level": "List", - "description": "Grants permission to list managed endpoints associated with a virtual cluster", - "privilege": "ListManagedEndpoints", + "description": "Grants permission to lists the software configurations", + "privilege": "ListSoftwareConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list tags for the specified resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list software patches of subscription for FreeRTOS extended maintenance plan (EMP)", + "privilege": "ListSoftwarePatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "managedEndpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "virtualCluster" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list virtual clusters", - "privilege": "ListVirtualClusters", + "description": "Grants permission to list the subscription emails for FreeRTOS extended maintenance plan (EMP)", + "privilege": "ListSubscriptionEmails", "resource_types": [ { "condition_keys": [], @@ -99017,92 +123367,49 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a job run", - "privilege": "StartJobRun", + "access_level": "List", + "description": "Grants permission to list the subscriptions for FreeRTOS extended maintenance plan (EMP)", + "privilege": "ListSubscriptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "emr-containers:ExecutionRoleArn", - "emr-containers:JobTemplateArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update list of subscription email address for FreeRTOS extended maintenance plan (EMP)", + "privilege": "UpdateEmailRecipients", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "managedEndpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "virtualCluster" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update the software configuration", + "privilege": "UpdateSoftwareConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "managedEndpoint" - }, + "resource_type": "configuration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to verify the email for FreeRTOS extended maintenance plan (EMP)", + "privilege": "VerifyEmail", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "virtualCluster" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] @@ -99110,195 +123417,317 @@ ], "resources": [ { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}", + "arn": "arn:${Partition}:freertos:${Region}:${Account}:configuration/${ConfigurationName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "virtualCluster" + "resource": "configuration" }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/jobruns/${JobRunId}", + "arn": "arn:${Partition}:freertos:${Region}:${Account}:subscription/${SubscriptionID}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "jobRun" + "resource": "subscription" + } + ], + "service_name": "Amazon FreeRTOS" + }, + { + "conditions": [], + "prefix": "freetier", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get free tier alert preference (email address)", + "privilege": "GetFreeTierAlertPreference", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/jobtemplates/${JobTemplateId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "jobTemplate" + "access_level": "Read", + "description": "Grants permission to get free tier usage limits and MTD usage status", + "privilege": "GetFreeTierUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:emr-containers:${Region}:${Account}:/virtualclusters/${VirtualClusterId}/endpoints/${EndpointId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "managedEndpoint" + "access_level": "Write", + "description": "Grants permission to set free tier alert preference (email address)", + "privilege": "PutFreeTierAlertPreference", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], - "service_name": "Amazon EMR on EKS (EMR Containers)" + "resources": [], + "service_name": "AWS Free Tier" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" + }, + { + "condition": "fsx:IsBackupCopyDestination", + "description": "Filters access by whether the backup is a destination backup for a CopyBackup operation", + "type": "Bool" + }, + { + "condition": "fsx:IsBackupCopySource", + "description": "Filters access by whether the backup is a source backup for a CopyBackup operation", + "type": "Bool" + }, + { + "condition": "fsx:NfsDataRepositoryAuthenticationEnabled", + "description": "Filters access by NFS data repositories which support authentication", + "type": "Bool" + }, + { + "condition": "fsx:NfsDataRepositoryEncryptionInTransitEnabled", + "description": "Filters access by NFS data repositories which support encryption-in-transit", + "type": "Bool" + }, + { + "condition": "fsx:ParentVolumeId", + "description": "Filters access by the containing parent volume for mutating volume operations", + "type": "String" + }, + { + "condition": "fsx:StorageVirtualMachineId", + "description": "Filters access by the containing storage virtual machine for a volume for mutating volume operations", + "type": "String" } ], - "prefix": "emr-serverless", + "prefix": "fsx", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a job run", - "privilege": "CancelJobRun", + "description": "Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system", + "privilege": "AssociateFileGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "file-system*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Application", - "privilege": "CreateApplication", + "description": "Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system", + "privilege": "AssociateFileSystemAliases", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApplication", + "access_level": "Permissions management", + "description": "Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods", + "privilege": "BypassSnaplockEnterpriseRetention", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "volume*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get application", - "privilege": "GetApplication", + "access_level": "Write", + "description": "Grants permission to cancel a data repository task", + "privilege": "CancelDataRepositoryTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "task*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get job run dashboard", - "privilege": "GetDashboardForJobRun", + "access_level": "Write", + "description": "Grants permission to copy a backup", + "privilege": "CopyBackup", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "backup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "jobRun*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a job run", - "privilege": "GetJobRun", + "access_level": "Write", + "description": "Grants permission to update an existing volume by using a snapshot from another Amazon FSx for OpenZFS file system", + "privilege": "CopySnapshotAndUpdateVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list applications", - "privilege": "ListApplications", - "resource_types": [ + "resource_type": "snapshot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { - "access_level": "List", - "description": "Grants permission to list job runs associated with an application", - "privilege": "ListJobRuns", + "access_level": "Write", + "description": "Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume", + "privilege": "CreateBackup", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "backup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "file-system" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for the specified resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a new data respository association for an Amazon FSx for Lustre file system", + "privilege": "CreateDataRepositoryAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "association*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to Start an application", - "privilege": "StartApplication", + "description": "Grants permission to create a new data respository task for an Amazon FSx for Lustre file system", + "privilege": "CreateDataRepositoryTask", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "file-system*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a job run", - "privilege": "StartJobRun", + "description": "Grants permission to create a new, empty, Amazon file cache", + "privilege": "CreateFileCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:PassRole" + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:GetSecurityGroupsForVpc", + "fsx:CreateDataRepositoryAssociation", + "fsx:TagResource", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "s3:ListBucket" ], - "resource_type": "application*" + "resource_type": "file-cache*" + }, + { + "condition_keys": [ + "fsx:NfsDataRepositoryEncryptionInTransitEnabled", + "fsx:NfsDataRepositoryAuthenticationEnabled" + ], + "dependent_actions": [], + "resource_type": "association" }, { "condition_keys": [ @@ -99312,30 +123741,44 @@ }, { "access_level": "Write", - "description": "Grants permission to Stop an application", - "privilege": "StopApplication", + "description": "Grants permission to create a new, empty, Amazon FSx file system", + "privilege": "CreateFileSystem", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:GetSecurityGroupsForVpc", + "fsx:TagResource" + ], + "resource_type": "file-system*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a new Amazon FSx file system from an existing backup", + "privilege": "CreateFileSystemFromBackup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" + "dependent_actions": [ + "ec2:GetSecurityGroupsForVpc", + "fsx:TagResource" + ], + "resource_type": "backup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "file-system*" }, { "condition_keys": [ @@ -99348,22 +123791,25 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a new snapshot on a volume", + "privilege": "CreateSnapshot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application" + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "snapshot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobRun" + "resource_type": "volume*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -99373,93 +123819,54 @@ }, { "access_level": "Write", - "description": "Grants permission to Update an application", - "privilege": "UpdateApplication", + "description": "Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system", + "privilege": "CreateStorageVirtualMachine", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - }, - { - "arn": "arn:${Partition}:emr-serverless:${Region}:${Account}:/applications/${ApplicationId}/jobruns/${JobRunId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "jobRun" - } - ], - "service_name": "Amazon EMR Serverless" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "es", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request", - "privilege": "AcceptInboundConnection", - "resource_types": [ + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "file-system*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "storage-virtual-machine*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to accept an inbound cross-cluster search connection request. This permission is deprecated. Use AcceptInboundConnection instead", - "privilege": "AcceptInboundCrossClusterSearchConnection", + "description": "Grants permission to create a new volume", + "privilege": "CreateVolume", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to an OpenSearch Service domain", - "privilege": "AddTags", - "resource_types": [ + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "volume*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "snapshot" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" ], "dependent_actions": [], "resource_type": "" @@ -99468,61 +123875,77 @@ }, { "access_level": "Write", - "description": "Grants permission to associate a package with an OpenSearch Service domain", - "privilege": "AssociatePackage", + "description": "Grants permission to create a new volume from backup", + "privilege": "CreateVolumeFromBackup", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "backup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to provide access to an Amazon OpenSearch Service domain through the use of an interface VPC endpoint", - "privilege": "AuthorizeVpcEndpointAccess", - "resource_types": [ + "resource_type": "storage-virtual-machine*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "volume*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "fsx:StorageVirtualMachineId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a service software update of a domain. This permission is deprecated. Use CancelServiceSoftwareUpdate instead", - "privilege": "CancelElasticsearchServiceSoftwareUpdate", + "description": "Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available", + "privilege": "DeleteBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "backup*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a service software update of a domain", - "privilege": "CancelServiceSoftwareUpdate", + "description": "Grants permission to delete a data repository association", + "privilege": "DeleteDataRepositoryAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "association*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Amazon OpenSearch Service domain", - "privilege": "CreateDomain", + "description": "Grants permission to delete a file cache, deleting its contents", + "privilege": "DeleteFileCache", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:DeleteDataRepositoryAssociation" + ], + "resource_type": "file-cache*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "association" }, { "condition_keys": [ @@ -99536,13 +123959,21 @@ }, { "access_level": "Write", - "description": "Grants permission to create an OpenSearch Service domain. This permission is deprecated. Use CreateDomain instead", - "privilege": "CreateElasticsearchDomain", + "description": "Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system", + "privilege": "DeleteFileSystem", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "fsx:CreateBackup", + "fsx:TagResource" + ], + "resource_type": "file-system*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "backup" }, { "condition_keys": [ @@ -99555,69 +123986,86 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. OpenSearch Service creates the service-linked role for you", - "privilege": "CreateElasticsearchServiceRole", + "access_level": "Permissions management", + "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and GetResourcePolicy are also required", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain", - "privilege": "CreateOutboundConnection", + "description": "Grants permission to delete a snapshot on a volume", + "privilege": "DeleteSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "snapshot*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new cross-cluster search connection from a source domain to a destination domain. This permission is deprecated. Use CreateOutboundConnection instead", - "privilege": "CreateOutboundCrossClusterSearchConnection", + "description": "Grants permission to delete a storage virtual machine, deleting its contents", + "privilege": "DeleteStorageVirtualMachine", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "storage-virtual-machine*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a package for use with OpenSearch Service domains", - "privilege": "CreatePackage", + "description": "Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume", + "privilege": "DeleteVolume", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "fsx:TagResource" + ], + "resource_type": "volume*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "backup" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create the service-linked role required for Amazon OpenSearch Service domains that use VPC access", - "privilege": "CreateServiceRole", + "access_level": "Read", + "description": "Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system", + "privilege": "DescribeAssociatedFileGateways", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon OpenSearch Service-managed VPC endpoint", - "privilege": "CreateVpcEndpoint", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeBackups", "resource_types": [ { "condition_keys": [], @@ -99627,33 +124075,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon OpenSearch Service domain and all of its data", - "privilege": "DeleteDomain", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeDataRepositoryAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an OpenSearch Service domain and all of its data. This permission is deprecated. Use DeleteDomain instead", - "privilege": "DeleteElasticsearchDomain", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeDataRepositoryTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the service-linked role required for OpenSearch Service domains that use VPC access. This permission is deprecated. Use the IAM API to delete service-linked roles", - "privilege": "DeleteElasticsearchServiceRole", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeFileCaches", "resource_types": [ { "condition_keys": [], @@ -99663,21 +124111,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection", - "privilege": "DeleteInboundConnection", + "access_level": "Read", + "description": "Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system", + "privilege": "DescribeFileSystemAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Write", - "description": "Grants permission to the destination domain owner to delete an existing inbound cross-cluster search connection. This permission is deprecated. Use DeleteInboundConnection instead", - "privilege": "DeleteInboundCrossClusterSearchConnection", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeFileSystems", "resource_types": [ { "condition_keys": [], @@ -99687,9 +124135,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection", - "privilege": "DeleteOutboundConnection", + "access_level": "Read", + "description": "Grants permission to return the descriptions of whether FSx route table updates from participant accounts are allowed in your account", + "privilege": "DescribeSharedVpcConfiguration", "resource_types": [ { "condition_keys": [], @@ -99699,9 +124147,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to the source domain owner to delete an existing outbound cross-cluster search connection. This permission is deprecated. Use DeleteOutboundConnection instead", - "privilege": "DeleteOutboundCrossClusterSearchConnection", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling", + "privilege": "DescribeSnapshots", "resource_types": [ { "condition_keys": [], @@ -99711,9 +124159,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a package from OpenSearch Service. The package cannot be associated with any domains", - "privilege": "DeletePackage", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeStorageVirtualMachines", "resource_types": [ { "condition_keys": [], @@ -99723,9 +124171,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Amazon OpenSearch Service-managed interface VPC endpoint", - "privilege": "DeleteVpcEndpoint", + "access_level": "Read", + "description": "Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling", + "privilege": "DescribeVolumes", "resource_types": [ { "condition_keys": [], @@ -99735,585 +124183,658 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN", - "privilege": "DescribeDomain", + "access_level": "Write", + "description": "Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system", + "privilege": "DisassociateFileGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the Auto-Tune configuration of the domain for the specified OpenSearch Service domain, including the Auto-Tune state and maintenance schedules", - "privilege": "DescribeDomainAutoTunes", + "access_level": "Write", + "description": "Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system", + "privilege": "DisassociateFileSystemAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view detail stage progress of an OpenSearch Service domain", - "privilege": "DescribeDomainChangeProgress", + "access_level": "Permissions management", + "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). PutResourcePolicy and DeleteResourcePolicy are also required", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "volume*" } ] }, { "access_level": "Read", - "description": "Grants permission to view a description of the configuration options and status of an OpenSearch Service domain", - "privilege": "DescribeDomainConfig", + "description": "Grants permission to list tags for an Amazon FSx resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about domain and node health, the standby Availability Zone, number of nodes per Availability Zone, and shard count per node", - "privilege": "DescribeDomainHealth", - "resource_types": [ + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view information about nodes configured for the domain and their configurations- the node id, type of node, status of node, Availability Zone, instance type and storage", - "privilege": "DescribeDomainNodes", - "resource_types": [ + "resource_type": "backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view a description of the domain configuration for up to five specified OpenSearch Service domains", - "privilege": "DescribeDomains", - "resource_types": [ + "resource_type": "file-cache" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the status of a pre-update validation check on an OpenSearch Service domain", - "privilege": "DescribeDryRunProgress", - "resource_types": [ + "resource_type": "file-system" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view a description of the domain configuration for the specified OpenSearch Service domain, including the domain ID, service endpoint, and ARN. This permission is deprecated. Use DescribeDomain instead", - "privilege": "DescribeElasticsearchDomain", - "resource_types": [ + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view a description of the configuration and status of an OpenSearch Service domain. This permission is deprecated. Use DescribeDomainConfig instead", - "privilege": "DescribeElasticsearchDomainConfig", - "resource_types": [ + "resource_type": "storage-virtual-machine" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to view a description of the domain configuration for up to five specified Amazon OpenSearch domains. This permission is deprecated. Use DescribeDomains instead", - "privilege": "DescribeElasticsearchDomains", - "resource_types": [ + "resource_type": "task" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "volume" } ] }, { - "access_level": "List", - "description": "Grants permission to view the instance count, storage, and master node limits for a given OpenSearch version and instance type. This permission is deprecated. Use DescribeInstanceTypeLimits instead", - "privilege": "DescribeElasticsearchInstanceTypeLimits", + "access_level": "Permissions management", + "description": "Grants permission to manage backup principal associations through AWS Backup", + "privilege": "ManageBackupPrincipalAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "backup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain", - "privilege": "DescribeInboundConnections", + "access_level": "Permissions management", + "description": "Required to manage cross-account sharing of FSx volumes through AWS Resource Access Manager (RAM). DeleteResourcePolicy and GetResourcePolicy are also required", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the inbound cross-cluster search connections for a destination domain. This permission is deprecated. Use DescribeInboundConnections instead", - "privilege": "DescribeInboundCrossClusterSearchConnections", + "access_level": "Write", + "description": "Grants permission to release file system NFS V3 locks", + "privilege": "ReleaseFileSystemNfsV3Locks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "List", - "description": "Grants permission to view the instance count, storage, and master node limits for a given engine version and instance type", - "privilege": "DescribeInstanceTypeLimits", + "access_level": "Write", + "description": "Grants permission to restore volume state from a snapshot", + "privilege": "RestoreVolumeFromSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain", - "privilege": "DescribeOutboundConnections", - "resource_types": [ + "resource_type": "snapshot*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "volume*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the outbound cross-cluster search connections for a source domain. This permission is deprecated. Use DescribeOutboundConnections instead", - "privilege": "DescribeOutboundCrossClusterSearchConnections", + "access_level": "Write", + "description": "Grants permission to start misconfigured state recovery", + "privilege": "StartMisconfiguredStateRecovery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "file-system*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe all packages available to OpenSearch Service domains", - "privilege": "DescribePackages", + "access_level": "Tagging", + "description": "Grants permission to tag an Amazon FSx resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to fetch Reserved Instance offerings for Amazon OpenSearch Service. This permission is deprecated. Use DescribeReservedInstanceOfferings instead", - "privilege": "DescribeReservedElasticsearchInstanceOfferings", - "resource_types": [ + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased. This permission is deprecated. Use DescribeReservedInstances instead", - "privilege": "DescribeReservedElasticsearchInstances", - "resource_types": [ + "resource_type": "backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to fetch Reserved Instance offerings for OpenSearch Service", - "privilege": "DescribeReservedInstanceOfferings", - "resource_types": [ + "resource_type": "file-cache" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to fetch OpenSearch Service Reserved Instances that have already been purchased", - "privilege": "DescribeReservedInstances", - "resource_types": [ + "resource_type": "file-system" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe one or more Amazon OpenSearch Service-managed VPC endpoints", - "privilege": "DescribeVpcEndpoints", - "resource_types": [ + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storage-virtual-machine" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a package from the specified OpenSearch Service domain", - "privilege": "DissociatePackage", + "access_level": "Tagging", + "description": "Grants permission to remove a tag from an Amazon FSx resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to send cross-cluster requests to a destination domain", - "privilege": "ESCrossClusterGet", - "resource_types": [ + "resource_type": "association" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send HTTP DELETE requests to the OpenSearch APIs", - "privilege": "ESHttpDelete", - "resource_types": [ + "resource_type": "backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to send HTTP GET requests to the OpenSearch APIs", - "privilege": "ESHttpGet", - "resource_types": [ + "resource_type": "file-cache" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to send HTTP HEAD requests to the OpenSearch APIs", - "privilege": "ESHttpHead", - "resource_types": [ + "resource_type": "file-system" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storage-virtual-machine" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "volume" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send HTTP PATCH requests to the OpenSearch APIs", - "privilege": "ESHttpPatch", + "description": "Grants permission to update data repository association configuration", + "privilege": "UpdateDataRepositoryAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "association*" } ] }, { "access_level": "Write", - "description": "Grants permission to send HTTP POST requests to the OpenSearch APIs", - "privilege": "ESHttpPost", + "description": "Grants permission to update file cache configuration", + "privilege": "UpdateFileCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "file-cache*" } ] }, { "access_level": "Write", - "description": "Grants permission to send HTTP PUT requests to the OpenSearch APIs", - "privilege": "ESHttpPut", + "description": "Grants permission to update file system configuration", + "privilege": "UpdateFileSystem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain" + "resource_type": "file-system*" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch a list of compatible OpenSearch and Elasticsearch versions to which an OpenSearch Service domain can be upgraded. This permission is deprecated. Use GetCompatibleVersions instead", - "privilege": "GetCompatibleElasticsearchVersions", + "access_level": "Write", + "description": "Grants permission to enable or disable FSx route table updates from participant accounts in your account", + "privilege": "UpdateSharedVpcConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch list of compatible engine versions to which an OpenSearch Service domain can be upgraded", - "privilege": "GetCompatibleVersions", + "access_level": "Write", + "description": "Grants permission to update snapshot configuration", + "privilege": "UpdateSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "snapshot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the version history for a package", - "privilege": "GetPackageVersionHistory", + "access_level": "Write", + "description": "Grants permission to update storage virtual machine configuration", + "privilege": "UpdateStorageVirtualMachine", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "storage-virtual-machine*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the upgrade history of a given OpenSearch Service domain", - "privilege": "GetUpgradeHistory", + "access_level": "Write", + "description": "Grants permission to update volume configuration", + "privilege": "UpdateVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "volume*" + }, + { + "condition_keys": [ + "fsx:StorageVirtualMachineId", + "fsx:ParentVolumeId" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-system/${FileSystemId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "file-system" }, { - "access_level": "Read", - "description": "Grants permission to fetch the upgrade status of a given OpenSearch Service domain", - "privilege": "GetUpgradeStatus", + "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-cache/${FileCacheId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "file-cache" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:backup/${BackupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "backup" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:storage-virtual-machine/${FileSystemId}/${StorageVirtualMachineId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "storage-virtual-machine" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:task/${TaskId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "task" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:association/${FileSystemIdOrFileCacheId}/${DataRepositoryAssociationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "association" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "volume" + }, + { + "arn": "arn:${Partition}:fsx:${Region}:${Account}:snapshot/${VolumeId}/${SnapshotId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "snapshot" + } + ], + "service_name": "Amazon FSx" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "gamelift", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to register player acceptance or rejection of a proposed FlexMatch match", + "privilege": "AcceptMatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to display the names of all OpenSearch Service domains that the current user owns", - "privilege": "ListDomainNames", + "access_level": "Write", + "description": "Grants permission to locate and reserve a game server to host a new game session", + "privilege": "ClaimGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all OpenSearch Service domains that a package is associated with", - "privilege": "ListDomainsForPackage", + "access_level": "Write", + "description": "Grants permission to define a new alias for a fleet", + "privilege": "CreateAlias", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all instance types and available features for a given OpenSearch version. This permission is deprecated. Use ListInstanceTypeDetails instead", - "privilege": "ListElasticsearchInstanceTypeDetails", + "access_level": "Write", + "description": "Grants permission to create a new game build using files stored in an Amazon S3 bucket", + "privilege": "CreateBuild", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource", + "iam:PassRole", + "s3:GetObject" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all EC2 instance types that are supported for a given OpenSearch version", - "privilege": "ListElasticsearchInstanceTypes", + "access_level": "Write", + "description": "Grants permission to create a new container group definition for a container fleet", + "privilege": "CreateContainerGroupDefinition", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:GetDownloadUrlForLayer", + "gamelift:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all supported OpenSearch versions on Amazon OpenSearch Service. This permission is deprecated. Use ListVersions instead", - "privilege": "ListElasticsearchVersions", + "access_level": "Write", + "description": "Grants permission to create a new fleet of computing resources to run your game servers", + "privilege": "CreateFleet", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeRegions", + "gamelift:TagResource", + "iam:PassRole" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all instance types and available features for a given OpenSearch or Elasticsearch version", - "privilege": "ListInstanceTypeDetails", + "access_level": "Write", + "description": "Grants permission to specify additional locations for a fleet", + "privilege": "CreateFleetLocations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ec2:DescribeRegions" + ], + "resource_type": "fleet*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all packages associated with the OpenSearch Service domain", - "privilege": "ListPackagesForDomain", + "access_level": "Write", + "description": "Grants permission to create a new game server group, set up a corresponding Auto Scaling group, and launche instances to host game servers", + "privilege": "CreateGameServerGroup", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:PutLifecycleHook", + "autoscaling:PutScalingPolicy", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets", + "events:PutRule", + "events:PutTargets", + "gamelift:TagResource", + "iam:PassRole" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of configuration changes that are scheduled for a OpenSearch Service domain", - "privilege": "ListScheduledActions", + "access_level": "Write", + "description": "Grants permission to start a new game session on a specified fleet", + "privilege": "CreateGameSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to display all resource tags for an OpenSearch Service domain", - "privilege": "ListTags", + "access_level": "Write", + "description": "Grants permission to set up a new queue for processing game session placement requests", + "privilege": "CreateGameSessionQueue", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all supported OpenSearch and Elasticsearch versions in Amazon OpenSearch Service", - "privilege": "ListVersions", + "access_level": "Write", + "description": "Grants permission to define a new location for a fleet", + "privilege": "CreateLocation", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about each AWS principal that is allowed to access a given Amazon OpenSearch Service domain through the use of an interface VPC endpoint", - "privilege": "ListVpcEndpointAccess", + "access_level": "Write", + "description": "Grants permission to create a new FlexMatch matchmaker", + "privilege": "CreateMatchmakingConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints in the current AWS account and Region", - "privilege": "ListVpcEndpoints", + "access_level": "Write", + "description": "Grants permission to create a new matchmaking rule set for FlexMatch", + "privilege": "CreateMatchmakingRuleSet", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Amazon OpenSearch Service-managed VPC endpoints associated with a particular domain", - "privilege": "ListVpcEndpointsForDomain", + "access_level": "Write", + "description": "Grants permission to reserve an available game session slot for a player", + "privilege": "CreatePlayerSession", "resource_types": [ { "condition_keys": [], @@ -100324,8 +124845,8 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase OpenSearch Service Reserved Instances. This permission is deprecated. Use PurchaseReservedInstanceOffering instead", - "privilege": "PurchaseReservedElasticsearchInstanceOffering", + "description": "Grants permission to reserve available game session slots for multiple players", + "privilege": "CreatePlayerSessions", "resource_types": [ { "condition_keys": [], @@ -100336,32 +124857,49 @@ }, { "access_level": "Write", - "description": "Grants permission to purchase OpenSearch reserved instances", - "privilege": "PurchaseReservedInstanceOffering", + "description": "Grants permission to create a new Realtime Servers script", + "privilege": "CreateScript", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "gamelift:TagResource", + "iam:PassRole", + "s3:GetObject" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request", - "privilege": "RejectInboundConnection", + "description": "Grants permission to allow GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWS account", + "privilege": "CreateVpcPeeringAuthorization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ec2:AcceptVpcPeeringConnection", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to the destination domain owner to reject an inbound cross-cluster search connection request. This permission is deprecated. Use RejectInboundConnection instead", - "privilege": "RejectInboundCrossClusterSearchConnection", + "description": "Grants permission to establish a peering connection between your GameLift fleet VPC and a VPC on another account", + "privilege": "CreateVpcPeeringConnection", "resource_types": [ { "condition_keys": [], @@ -100371,673 +124909,592 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove resource tags from an OpenSearch Service domain", - "privilege": "RemoveTags", + "access_level": "Write", + "description": "Grants permission to delete an alias", + "privilege": "DeleteAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to revoke access to an Amazon OpenSearch Service domain that was provided through an interface VPC endpoint", - "privilege": "RevokeVpcEndpointAccess", + "description": "Grants permission to delete a game build", + "privilege": "DeleteBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "build*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a service software update of a domain. This permission is deprecated. Use StartServiceSoftwareUpdate instead", - "privilege": "StartElasticsearchServiceSoftwareUpdate", + "description": "Grants permission to delete a container group definition that is not being used in a fleet", + "privilege": "DeleteContainerGroupDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "containerGroupDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a service software update of a domain", - "privilege": "StartServiceSoftwareUpdate", + "description": "Grants permission to delete an empty fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances", - "privilege": "UpdateDomainConfig", + "description": "Grants permission to delete locations for a fleet", + "privilege": "DeleteFleetLocations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an OpenSearch Service domain, such as the instance type or number of instances. This permission is deprecated. Use UpdateDomainConfig instead", - "privilege": "UpdateElasticsearchDomainConfig", + "description": "Grants permission to permanently delete a game server group and terminate FleetIQ activity for the corresponding Auto Scaling group", + "privilege": "DeleteGameServerGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "domain*" + "dependent_actions": [ + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:ExitStandby", + "autoscaling:ResumeProcesses", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup" + ], + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a package for use with OpenSearch Service domains", - "privilege": "UpdatePackage", + "description": "Grants permission to delete an existing game session queue", + "privilege": "DeleteGameSessionQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameSessionQueue*" } ] }, { "access_level": "Write", - "description": "Grants permission to reschedule a planned OpenSearch Service domain configuration change for a later time", - "privilege": "UpdateScheduledAction", + "description": "Grants permission to delete a location", + "privilege": "DeleteLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "location*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify an Amazon OpenSearch Service-managed interface VPC endpoint", - "privilege": "UpdateVpcEndpoint", + "description": "Grants permission to delete an existing FlexMatch matchmaker", + "privilege": "DeleteMatchmakingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "matchmakingConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a given version", - "privilege": "UpgradeDomain", + "description": "Grants permission to delete an existing FlexMatch matchmaking rule set", + "privilege": "DeleteMatchmakingRuleSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "matchmakingRuleSet*" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate upgrade of an OpenSearch Service domain to a specified version. This permission is deprecated. Use UpgradeDomain instead", - "privilege": "UpgradeElasticsearchDomain", + "description": "Grants permission to delete a set of auto-scaling rules", + "privilege": "DeleteScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domain*" + "resource_type": "fleet*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domain" - }, - { - "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "es_role" - }, - { - "arn": "arn:${Partition}:iam::${Account}:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "opensearchservice_role" - } - ], - "service_name": "Amazon OpenSearch Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the tags to event bus and rule actions", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource to event bus and rule actions", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tags in the request to event bus and rule actions", - "type": "ArrayOfString" - }, - { - "condition": "events:EventBusArn", - "description": "Filters access by the ARN of the event buses that can be associated with an endpoint to CreateEndpoint and UpdateEndpoint actions", - "type": "ArrayOfARN" - }, - { - "condition": "events:ManagedBy", - "description": "Filters access by AWS services. If a rule is created by an AWS service on your behalf, the value is the principal name of the service that created the rule", - "type": "String" - }, - { - "condition": "events:TargetArn", - "description": "Filters access by the ARN of a target that can be put to a rule to PutTargets actions", - "type": "ArrayOfARN" - }, - { - "condition": "events:creatorAccount", - "description": "Filters access by the account the rule was created in to rule actions", - "type": "String" - }, - { - "condition": "events:detail-type", - "description": "Filters access by the literal string of the detail-type of the event to PutEvents and PutRule actions", - "type": "String" - }, - { - "condition": "events:detail.eventTypeCode", - "description": "Filters access by the literal string for the detail.eventTypeCode field of the event to PutRule actions", - "type": "String" - }, - { - "condition": "events:detail.service", - "description": "Filters access by the literal string for the detail.service field of the event to PutRule actions", - "type": "String" - }, - { - "condition": "events:detail.userIdentity.principalId", - "description": "Filters access by the literal string for the detail.useridentity.principalid field of the event to PutRule actions", - "type": "String" }, - { - "condition": "events:eventBusInvocation", - "description": "Filters access by whether the event was generated via API or cross-account bus invocation to PutEvents actions", - "type": "String" - }, - { - "condition": "events:source", - "description": "Filters access by the AWS service or AWS partner event source that generated the event to PutEvents and PutRule actions. Matches the literal string of the source field of the event", - "type": "ArrayOfString" - } - ], - "prefix": "events", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to activate partner event sources", - "privilege": "ActivateEventSource", + "description": "Grants permission to delete a Realtime Servers script", + "privilege": "DeleteScript", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "script*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a replay", - "privilege": "CancelReplay", + "description": "Grants permission to cancel a VPC peering authorization", + "privilege": "DeleteVpcPeeringAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replay*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new api destination", - "privilege": "CreateApiDestination", + "description": "Grants permission to remove a peering connection between VPCs", + "privilege": "DeleteVpcPeeringConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister a compute against a fleet", + "privilege": "DeregisterCompute", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new archive", - "privilege": "CreateArchive", + "description": "Grants permission to remove a game server from a game server group", + "privilege": "DeregisterGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" - }, + "resource_type": "gameServerGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve properties for an alias", + "privilege": "DescribeAlias", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "alias*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new connection", - "privilege": "CreateConnection", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a game build", + "privilege": "DescribeBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "build*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an endpoint", - "privilege": "CreateEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve general properties of the compute such as ARN, fleet details, SDK endpoints, and location", + "privilege": "DescribeCompute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - }, - { - "condition_keys": [ - "events:EventBusArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create event buses", - "privilege": "CreateEventBus", + "access_level": "Read", + "description": "Grants permission to retrieve general properties, including status, for a container group definition", + "privilege": "DescribeContainerGroupDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" - }, + "resource_type": "containerGroupDefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the maximum allowed and current usage for EC2 instance types", + "privilege": "DescribeEC2InstanceLimits", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create partner event sources", - "privilege": "CreatePartnerEventSource", + "access_level": "Read", + "description": "Grants permission to retrieve general properties, including status, for fleets", + "privilege": "DescribeFleetAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deactivate event sources", - "privilege": "DeactivateEventSource", + "access_level": "Read", + "description": "Grants permission to retrieve the current capacity setting for fleets", + "privilege": "DescribeFleetCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deauthorize a connection, deleting its stored authorization secrets", - "privilege": "DeauthorizeConnection", + "access_level": "Read", + "description": "Grants permission to retrieve entries from a fleet's event log", + "privilege": "DescribeFleetEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an api destination", - "privilege": "DeleteApiDestination", + "access_level": "Read", + "description": "Grants permission to retrieve general properties, including statuses, for a fleet's locations", + "privilege": "DescribeFleetLocationAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an archive", - "privilege": "DeleteArchive", + "access_level": "Read", + "description": "Grants permission to retrieve the current capacity setting for a fleet's location", + "privilege": "DescribeFleetLocationCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", + "access_level": "Read", + "description": "Grants permission to retrieve utilization statistics for fleet's location", + "privilege": "DescribeFleetLocationUtilization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an endpoint", - "privilege": "DeleteEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve the inbound connection permissions for a fleet", + "privilege": "DescribeFleetPortSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete event buses", - "privilege": "DeleteEventBus", + "access_level": "Read", + "description": "Grants permission to retrieve utilization statistics for fleets", + "privilege": "DescribeFleetUtilization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete partner event sources", - "privilege": "DeletePartnerEventSource", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a game server", + "privilege": "DescribeGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete rules", - "privilege": "DeleteRule", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a game server group", + "privilege": "DescribeGameServerGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "gameServerGroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the status of EC2 instances in a game server group", + "privilege": "DescribeGameServerInstances", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about an api destination", - "privilege": "DescribeApiDestination", + "description": "Grants permission to retrieve properties for game sessions in a fleet, including the protection policy", + "privilege": "DescribeGameSessionDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details of a game session placement request", + "privilege": "DescribeGameSessionPlacement", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about an archive", - "privilege": "DescribeArchive", + "description": "Grants permission to retrieve properties for game session queues", + "privilege": "DescribeGameSessionQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about a conection", - "privilege": "DescribeConnection", + "description": "Grants permission to retrieve properties for game sessions in a fleet", + "privilege": "DescribeGameSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about an endpoint", - "privilege": "DescribeEndpoint", + "description": "Grants permission to retrieve information about instances in a fleet", + "privilege": "DescribeInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about event buses", - "privilege": "DescribeEventBus", + "description": "Grants permission to retrieve details of matchmaking tickets", + "privilege": "DescribeMatchmaking", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about event sources", - "privilege": "DescribeEventSource", + "description": "Grants permission to retrieve properties for FlexMatch matchmakers", + "privilege": "DescribeMatchmakingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about partner event sources", - "privilege": "DescribePartnerEventSource", + "description": "Grants permission to retrieve properties for FlexMatch matchmaking rule sets", + "privilege": "DescribeMatchmakingRuleSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the details of a replay", - "privilege": "DescribeReplay", + "description": "Grants permission to retrieve properties for player sessions in a game session", + "privilege": "DescribePlayerSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "replay*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about rules", - "privilege": "DescribeRule", + "description": "Grants permission to retrieve the current runtime configuration for a fleet", + "privilege": "DescribeRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all scaling policies that are applied to a fleet", + "privilege": "DescribeScalingPolicies", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable rules", - "privilege": "DisableRule", + "access_level": "Read", + "description": "Grants permission to retrieve properties for a Realtime Servers script", + "privilege": "DescribeScript", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "script*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve valid VPC peering authorizations", + "privilege": "DescribeVpcPeeringAuthorizations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable rules", - "privilege": "EnableRule", + "access_level": "Read", + "description": "Grants permission to retrieve details on active or pending VPC peering connections", + "privilege": "DescribeVpcPeeringConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve access credentials of the compute", + "privilege": "GetComputeAccess", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, - { - "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke an api destination", - "privilege": "InvokeApiDestination", + "access_level": "Read", + "description": "Grants permission to retrieve an authorization token for a compute and fleet to use in game server processes", + "privilege": "GetComputeAuthToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "fleet*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of api destinations", - "privilege": "ListApiDestinations", + "access_level": "Read", + "description": "Grants permission to retrieve the location of stored logs for a game session", + "privilege": "GetGameSessionLogUrl", "resource_types": [ { "condition_keys": [], @@ -101047,21 +125504,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of archives", - "privilege": "ListArchives", + "access_level": "Read", + "description": "Grants permission to request remote access to a specified fleet instance", + "privilege": "GetInstanceAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of connections", - "privilege": "ListConnections", + "description": "Grants permission to retrieve all aliases that are defined in the current Region", + "privilege": "ListAliases", "resource_types": [ { "condition_keys": [], @@ -101072,8 +125529,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of endpoints", - "privilege": "ListEndpoints", + "description": "Grants permission to retrieve all game build in the current Region", + "privilege": "ListBuilds", "resource_types": [ { "condition_keys": [], @@ -101084,20 +125541,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the event buses in your account", - "privilege": "ListEventBuses", + "description": "Grants permission to retrieve all compute resources in the current Region", + "privilege": "ListCompute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "List", - "description": "Grants permission to to retrieve a list of event sources shared with this account", - "privilege": "ListEventSources", + "description": "Grants permission to retrieve a list of names for all container group definitions in the current Region", + "privilege": "ListContainerGroupDefinitions", "resource_types": [ { "condition_keys": [], @@ -101108,20 +125565,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of AWS account IDs associated with an event source", - "privilege": "ListPartnerEventSourceAccounts", + "description": "Grants permission to retrieve a list of fleet IDs for all fleets in the current Region", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-source*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list partner event sources", - "privilege": "ListPartnerEventSources", + "description": "Grants permission to retrieve all game server groups that are defined in the current Region", + "privilege": "ListGameServerGroups", "resource_types": [ { "condition_keys": [], @@ -101132,20 +125589,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of replays", - "privilege": "ListReplays", + "description": "Grants permission to retrieve all game servers that are currently running in a game server group", + "privilege": "ListGameServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the names of the rules associated with a target", - "privilege": "ListRuleNamesByTarget", + "description": "Grants permission to retrieve all locations in this account", + "privilege": "ListLocations", "resource_types": [ { "condition_keys": [], @@ -101156,8 +125613,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of the Amazon EventBridge rules in the account", - "privilege": "ListRules", + "description": "Grants permission to retrieve properties for all Realtime Servers scripts in the current region", + "privilege": "ListScripts", "resource_types": [ { "condition_keys": [], @@ -101167,95 +125624,138 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of tags associated with an Amazon EventBridge resource", + "access_level": "Read", + "description": "Grants permission to retrieve tags for GameLift resources", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" + "resource_type": "alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "build" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "containerGroupDefinition" }, { - "condition_keys": [ - "events:creatorAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameServerGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameSessionQueue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingRuleSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "script" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of targets defined for a rule", - "privilege": "ListTargetsByRule", + "access_level": "Write", + "description": "Grants permission to create or update a fleet auto-scaling policy", + "privilege": "PutScalingPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register a compute against a fleet", + "privilege": "RegisterCompute", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify GameLift FleetIQ when a new game server is ready to host gameplay", + "privilege": "RegisterGameServer", + "resource_types": [ { - "condition_keys": [ - "events:creatorAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send custom events to Amazon EventBridge", - "privilege": "PutEvents", + "access_level": "Read", + "description": "Grants permission to retrieve fresh upload credentials to use when uploading a new game build", + "privilege": "RequestUploadCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" - }, + "resource_type": "build*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the fleet ID associated with an alias", + "privilege": "ResolveAlias", + "resource_types": [ { - "condition_keys": [ - "events:detail-type", - "events:source", - "events:eventBusInvocation" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to sends custom events to Amazon EventBridge", - "privilege": "PutPartnerEvents", + "description": "Grants permission to reinstate suspended FleetIQ activity for a game server group", + "privilege": "ResumeGameServerGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "gameServerGroup*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to use the PutPermission action to grants permission to another AWS account to put events to your default event bus", - "privilege": "PutPermission", + "access_level": "Read", + "description": "Grants permission to retrieve game sessions that match a set of search criteria", + "privilege": "SearchGameSessions", "resource_types": [ { "condition_keys": [], @@ -101266,31 +125766,35 @@ }, { "access_level": "Write", - "description": "Grants permission to create or updates rules", - "privilege": "PutRule", + "description": "Grants permission to resume auto-scaling activity on a fleet after it was suspended with StopFleetActions()", + "privilege": "StartFleetActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a game session placement request to a game session queue", + "privilege": "StartGameSessionPlacement", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "gameSessionQueue*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to request FlexMatch matchmaking to fill available player slots in an existing game session", + "privilege": "StartMatchBackfill", + "resource_types": [ { - "condition_keys": [ - "events:detail.userIdentity.principalId", - "events:detail-type", - "events:source", - "events:detail.service", - "events:detail.eventTypeCode", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "events:creatorAccount", - "events:ManagedBy" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -101298,34 +125802,44 @@ }, { "access_level": "Write", - "description": "Grants permission to add targets to a rule", - "privilege": "PutTargets", + "description": "Grants permission to request FlexMatch matchmaking for one or a group of players and initiate game session placement", + "privilege": "StartMatchmaking", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to suspend auto-scaling activity on a fleet", + "privilege": "StopFleetActions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a game session placement request that is in progress", + "privilege": "StopGameSessionPlacement", + "resource_types": [ { - "condition_keys": [ - "events:TargetArn", - "events:creatorAccount", - "events:ManagedBy" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to revoke the permission of another AWS account to put events to your default event bus", - "privilege": "RemovePermission", + "access_level": "Write", + "description": "Grants permission to cancel a matchmaking or match backfill request that is in progress", + "privilege": "StopMatchmaking", "resource_types": [ { "condition_keys": [], @@ -101336,23 +125850,75 @@ }, { "access_level": "Write", - "description": "Grants permission to removes targets from a rule", - "privilege": "RemoveTargets", + "description": "Grants permission to temporarily stop FleetIQ activity for a game server group", + "privilege": "SuspendGameServerGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "gameServerGroup*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag GameLift resources", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "build" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "containerGroupDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameServerGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gameSessionQueue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingRuleSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "script" }, { "condition_keys": [ - "events:creatorAccount", - "events:ManagedBy" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -101360,52 +125926,63 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a replay of an archive", - "privilege": "StartReplay", + "access_level": "Tagging", + "description": "Grants permission to untag GameLift resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus*" + "resource_type": "build" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "replay*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add a tag to an Amazon EventBridge resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "containerGroupDefinition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" + "resource_type": "fleet" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" + "resource_type": "gameServerGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" + "resource_type": "gameSessionQueue" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "location" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingConfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "matchmakingRuleSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "script" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "events:creatorAccount" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -101413,97 +125990,161 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to test whether an event pattern matches the provided event", - "privilege": "TestEventPattern", + "access_level": "Write", + "description": "Grants permission to update the properties of an existing alias", + "privilege": "UpdateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alias*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a tag from an Amazon EventBridge resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update an existing build's metadata", + "privilege": "UpdateBuild", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-bus" - }, + "resource_type": "build*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the general properties of an existing fleet", + "privilege": "UpdateFleetAttributes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-custom-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to adjust a fleet's capacity settings", + "privilege": "UpdateFleetCapacity", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule-on-default-event-bus" - }, + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to adjust a fleet's port settings", + "privilege": "UpdateFleetPortSettings", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "events:creatorAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an api destination", - "privilege": "UpdateApiDestination", + "description": "Grants permission to change game server properties, health status, or utilization status", + "privilege": "UpdateGameServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-destination*" + "resource_type": "gameServerGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an archive", - "privilege": "UpdateArchive", + "description": "Grants permission to update properties for game server group, including allowed instance types", + "privilege": "UpdateGameServerGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "gameServerGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the properties of an existing game session", + "privilege": "UpdateGameSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "archive*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a connection", - "privilege": "UpdateConnection", + "description": "Grants permission to update properties of an existing game session queue", + "privilege": "UpdateGameSessionQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "gameSessionQueue*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an endpoint", - "privilege": "UpdateEndpoint", + "description": "Grants permission to update properties of an existing FlexMatch matchmaking configuration", + "privilege": "UpdateMatchmakingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - }, + "resource_type": "matchmakingConfiguration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update how server processes are configured on instances in an existing fleet", + "privilege": "UpdateRuntimeConfiguration", + "resource_types": [ { - "condition_keys": [ - "events:EventBusArn" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the metadata and content of an existing Realtime Servers script", + "privilege": "UpdateScript", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole", + "s3:GetObject" ], + "resource_type": "script*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to validate the syntax of a FlexMatch matchmaking rule set", + "privilege": "ValidateMatchmakingRuleSet", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -101512,96 +126153,281 @@ ], "resources": [ { - "arn": "arn:${Partition}:events:${Region}::event-source/${EventSourceName}", - "condition_keys": [], - "resource": "event-source" + "arn": "arn:${Partition}:gamelift:${Region}::alias/${AliasId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "alias" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:event-bus/${EventBusName}", + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:build/${BuildId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "event-bus" + "resource": "build" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${RuleName}", + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:containergroupdefinition/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "rule-on-default-event-bus" + "resource": "containerGroupDefinition" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:rule/${EventBusName}/${RuleName}", + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:fleet/${FleetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "rule-on-custom-event-bus" + "resource": "fleet" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:archive/${ArchiveName}", - "condition_keys": [], - "resource": "archive" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gameservergroup/${GameServerGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "gameServerGroup" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:replay/${ReplayName}", - "condition_keys": [], - "resource": "replay" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gamesessionqueue/${GameSessionQueueName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "gameSessionQueue" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:connection/${ConnectionName}", - "condition_keys": [], - "resource": "connection" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:location/${LocationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "location" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:api-destination/${ApiDestinationName}", - "condition_keys": [], - "resource": "api-destination" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingconfiguration/${MatchmakingConfigurationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "matchmakingConfiguration" }, { - "arn": "arn:${Partition}:events:${Region}:${Account}:endpoint/${EndpointName}", - "condition_keys": [], - "resource": "endpoint" + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingruleset/${MatchmakingRuleSetName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "matchmakingRuleSet" + }, + { + "arn": "arn:${Partition}:gamelift:${Region}:${Account}:script/${ScriptId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "script" } ], - "service_name": "Amazon EventBridge" + "service_name": "Amazon GameLift" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed the request on behalf of the IAM principal", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource that make the request on behalf of the IAM principal", - "type": "String" + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + }, + { + "condition": "geo:DeviceIds", + "description": "Filters access by the presence of device ids in the request", + "type": "ArrayOfString" + }, + { + "condition": "geo:GeofenceIds", + "description": "Filters access by the presence of geofence ids in the request", + "type": "ArrayOfString" + } + ], + "prefix": "geo", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an association between a geofence-collection and a tracker resource", + "privilege": "AssociateTrackerConsumer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a batch of device position histories from a tracker resource", + "privilege": "BatchDeleteDevicePositionHistory", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + }, + { + "condition_keys": [ + "geo:DeviceIds" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a batch of geofences from a geofence collection", + "privilege": "BatchDeleteGeofence", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection*" + }, + { + "condition_keys": [ + "geo:GeofenceIds" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to evaluate device positions against the position of geofences in a given geofence collection", + "privilege": "BatchEvaluateGeofences", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to send a batch request to retrieve device positions", + "privilege": "BatchGetDevicePosition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + }, + { + "condition_keys": [ + "geo:DeviceIds" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a batch request for adding geofences into a given geofence collection", + "privilege": "BatchPutGeofence", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection*" + }, + { + "condition_keys": [ + "geo:GeofenceIds" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload a position update for one or more devices to a tracker resource", + "privilege": "BatchUpdateDevicePosition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + }, + { + "condition_keys": [ + "geo:DeviceIds" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to calculate routes using a given route calculator resource", + "privilege": "CalculateRoute", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request on behalf of the IAM principal", - "type": "ArrayOfString" - } - ], - "prefix": "evidently", - "privileges": [ + "access_level": "Read", + "description": "Grants permission to calculate a route matrix using a given route calculator resource", + "privilege": "CalculateRouteMatrix", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + } + ] + }, { "access_level": "Write", - "description": "Grants permission to send a batched evaluate feature request", - "privilege": "BatchEvaluateFeature", + "description": "Grants permission to create a geofence-collection", + "privilege": "CreateGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "geofence-collection*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an experiment", - "privilege": "CreateExperiment", + "description": "Grants permission to create an API key resource", + "privilege": "CreateKey", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "api-key*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -101614,9 +126440,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a feature", - "privilege": "CreateFeature", + "description": "Grants permission to create a map resource", + "privilege": "CreateMap", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "map*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -101629,9 +126460,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a launch", - "privilege": "CreateLaunch", + "description": "Grants permission to create a place index resource", + "privilege": "CreatePlaceIndex", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -101644,27 +126480,34 @@ }, { "access_level": "Write", - "description": "Grants permission to create a project", - "privilege": "CreateProject", + "description": "Grants permission to create a route calculator resource", + "privilege": "CreateRouteCalculator", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a segment", - "privilege": "CreateSegment", + "description": "Grants permission to create a tracker resource", + "privilege": "CreateTracker", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -101677,326 +126520,435 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an experiment", - "privilege": "DeleteExperiment", + "description": "Grants permission to delete a geofence-collection", + "privilege": "DeleteGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "geofence-collection*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a feature", - "privilege": "DeleteFeature", + "description": "Grants permission to delete an API key resource", + "privilege": "DeleteKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "api-key*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a launch", - "privilege": "DeleteLaunch", + "description": "Grants permission to delete a map resource", + "privilege": "DeleteMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "map*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", + "description": "Grants permission to delete a place index resource", + "privilege": "DeletePlaceIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "place-index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a segment", - "privilege": "DeleteSegment", + "description": "Grants permission to delete a route calculator resource", + "privilege": "DeleteRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment*" + "resource_type": "route-calculator*" } ] }, { "access_level": "Write", - "description": "Grants permission to send an evaluate feature request", - "privilege": "EvaluateFeature", + "description": "Grants permission to delete a tracker resource", + "privilege": "DeleteTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "tracker*" } ] }, { "access_level": "Read", - "description": "Grants permission to get experiment details", - "privilege": "GetExperiment", + "description": "Grants permission to retrieve geofence collection details", + "privilege": "DescribeGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "geofence-collection*" } ] }, { "access_level": "Read", - "description": "Grants permission to get experiment result", - "privilege": "GetExperimentResults", + "description": "Grants permission to retrieve API key resource details and secret", + "privilege": "DescribeKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "api-key*" } ] }, { "access_level": "Read", - "description": "Grants permission to get feature details", - "privilege": "GetFeature", + "description": "Grants permission to retrieve map resource details", + "privilege": "DescribeMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "map*" } ] }, { "access_level": "Read", - "description": "Grants permission to get launch details", - "privilege": "GetLaunch", + "description": "Grants permission to retrieve place-index resource details", + "privilege": "DescribePlaceIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "place-index*" } ] }, { "access_level": "Read", - "description": "Grants permission to get project details", - "privilege": "GetProject", + "description": "Grants permission to retrieve route calculator resource details", + "privilege": "DescribeRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "route-calculator*" } ] }, { "access_level": "Read", - "description": "Grants permission to get segment details", - "privilege": "GetSegment", + "description": "Grants permission to retrieve a tracker resource details", + "privilege": "DescribeTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment*" + "resource_type": "tracker*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove the association between a tracker resource and a geofence-collection", + "privilege": "DisassociateTrackerConsumer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" } ] }, { "access_level": "Read", - "description": "Grants permission to list experiments", - "privilege": "ListExperiments", + "description": "Grants permission to retrieve the latest device position", + "privilege": "GetDevicePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "tracker*" + }, + { + "condition_keys": [ + "geo:DeviceIds" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list features", - "privilege": "ListFeatures", + "description": "Grants permission to retrieve the device position history", + "privilege": "GetDevicePositionHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "tracker*" + }, + { + "condition_keys": [ + "geo:DeviceIds" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list launches", - "privilege": "ListLaunches", + "description": "Grants permission to retrieve the geofence details from a geofence-collection", + "privilege": "GetGeofence", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "geofence-collection*" + }, + { + "condition_keys": [ + "geo:GeofenceIds" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list projects", - "privilege": "ListProjects", + "description": "Grants permission to retrieve the glyph file for a map resource", + "privilege": "GetMapGlyphs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "map*" } ] }, { "access_level": "Read", - "description": "Grants permission to list resources referencing a segment", - "privilege": "ListSegmentReferences", + "description": "Grants permission to retrieve the sprite file for a map resource", + "privilege": "GetMapSprites", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "map*" } ] }, { "access_level": "Read", - "description": "Grants permission to list segments", - "privilege": "ListSegments", + "description": "Grants permission to retrieve the map style descriptor from a map resource", + "privilege": "GetMapStyleDescriptor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "map*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for resources", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve the map tile from the map resource", + "privilege": "GetMapTile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "map*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send performance events", - "privilege": "PutProjectEvents", + "access_level": "Read", + "description": "Grants permission to find a place by its unique ID", + "privilege": "GetPlace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "place-index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an experiment", - "privilege": "StartExperiment", + "access_level": "Read", + "description": "Grants permission to retrieve a list of devices and their latest positions from the given tracker resource", + "privilege": "ListDevicePositions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "tracker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a launch", - "privilege": "StartLaunch", + "access_level": "List", + "description": "Grants permission to lists geofence-collections", + "privilege": "ListGeofenceCollections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an experiment", - "privilege": "StopExperiment", + "access_level": "Read", + "description": "Grants permission to list geofences stored in a given geofence collection", + "privilege": "ListGeofences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "geofence-collection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a launch", - "privilege": "StopLaunch", + "access_level": "List", + "description": "Grants permission to list API key resources", + "privilege": "ListKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "api-key*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag resources", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list map resources", + "privilege": "ListMaps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment" + "resource_type": "map*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of place index resources", + "privilege": "ListPlaceIndexes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of route calculator resources", + "privilege": "ListRouteCalculators", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "api-key" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature" + "resource_type": "geofence-collection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch" + "resource_type": "map" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project" + "resource_type": "place-index" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment" + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of geofence collections currently associated to the given tracker resource", + "privilege": "ListTrackerConsumers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of tracker resources", + "privilege": "ListTrackers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a new geofence or update an existing geofence to a given geofence-collection", + "privilege": "PutGeofence", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "geo:GeofenceIds" ], "dependent_actions": [], "resource_type": "" @@ -102005,45 +126957,119 @@ }, { "access_level": "Read", - "description": "Grants permission to test a segment pattern", - "privilege": "TestSegmentPattern", + "description": "Grants permission to reverse geocodes a given coordinate", + "privilege": "SearchPlaceIndexForPosition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to generate suggestions for addresses and points of interest based on partial or misspelled free-form text", + "privilege": "SearchPlaceIndexForSuggestions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to geocode free-form text, such as an address, name, city or region", + "privilege": "SearchPlaceIndexForText", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "api-key" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "geofence-collection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "map" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "place-index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to untag resources", + "description": "Grants permission to remove the given tags (metadata) from the resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment" + "resource_type": "api-key" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature" + "resource_type": "geofence-collection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch" + "resource_type": "map" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project" + "resource_type": "place-index" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Segment" + "resource_type": "route-calculator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker" }, { "condition_keys": [ @@ -102057,203 +127083,243 @@ }, { "access_level": "Write", - "description": "Grants permission to update experiment", - "privilege": "UpdateExperiment", + "description": "Grants permission to update a geofence collection", + "privilege": "UpdateGeofenceCollection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Experiment*" + "resource_type": "geofence-collection*" } ] }, { "access_level": "Write", - "description": "Grants permission to update feature", - "privilege": "UpdateFeature", + "description": "Grants permission to update an API key resource", + "privilege": "UpdateKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Feature*" + "resource_type": "api-key*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a launch", - "privilege": "UpdateLaunch", + "description": "Grants permission to update a map resource", + "privilege": "UpdateMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Launch*" + "resource_type": "map*" } ] }, { "access_level": "Write", - "description": "Grants permission to update project", - "privilege": "UpdateProject", + "description": "Grants permission to update a place index resource", + "privilege": "UpdatePlaceIndex", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:GetRole" - ], - "resource_type": "Project*" + "dependent_actions": [], + "resource_type": "place-index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update project data delivery", - "privilege": "UpdateProjectDataDelivery", + "description": "Grants permission to update a route calculator resource", + "privilege": "UpdateRouteCalculator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Project*" + "resource_type": "route-calculator*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a tracker resource", + "privilege": "UpdateTracker", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tracker*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}", + "arn": "arn:${Partition}:geo:${Region}:${Account}:api-key/${KeyName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Project" + "resource": "api-key" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/feature/${FeatureName}", + "arn": "arn:${Partition}:geo:${Region}:${Account}:geofence-collection/${GeofenceCollectionName}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "geo:GeofenceIds" ], - "resource": "Feature" + "resource": "geofence-collection" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/experiment/${ExperimentName}", + "arn": "arn:${Partition}:geo:${Region}:${Account}:map/${MapName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Experiment" + "resource": "map" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:project/${ProjectName}/launch/${LaunchName}", + "arn": "arn:${Partition}:geo:${Region}:${Account}:place-index/${IndexName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Launch" + "resource": "place-index" }, { - "arn": "arn:${Partition}:evidently:${Region}:${Account}:segment/${SegmentName}", + "arn": "arn:${Partition}:geo:${Region}:${Account}:route-calculator/${CalculatorName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Segment" + "resource": "route-calculator" + }, + { + "arn": "arn:${Partition}:geo:${Region}:${Account}:tracker/${TrackerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "geo:DeviceIds" + ], + "resource": "tracker" } ], - "service_name": "Amazon CloudWatch Evidently" + "service_name": "Amazon Location" }, { - "conditions": [], - "prefix": "execute-api", + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "glacier:ArchiveAgeInDays", + "description": "Filters access by how long an archive has been stored in the vault, in days", + "type": "String" + }, + { + "condition": "glacier:ResourceTag/", + "description": "Filters access by a customer-defined tag", + "type": "String" + } + ], + "prefix": "glacier", "privileges": [ { "access_level": "Write", - "description": "Used to invalidate API cache upon a client request", - "privilege": "InvalidateCache", + "description": "Grants permission to abort a multipart upload identified by the upload ID", + "privilege": "AbortMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-general*" + "resource_type": "vault*" } ] }, { - "access_level": "Write", - "description": "Used to invoke an API upon a client request", - "privilege": "Invoke", + "access_level": "Permissions management", + "description": "Grants permission to abort the vault locking process if the vault lock is not in the Locked state", + "privilege": "AbortVaultLock", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-general*" + "resource_type": "vault*" } ] }, { - "access_level": "Write", - "description": "ManageConnections controls access to the @connections API", - "privilege": "ManageConnections", + "access_level": "Tagging", + "description": "Grants permission to add the specified tags to a vault", + "privilege": "AddTagsToVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "execute-api-general*" + "resource_type": "vault*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:execute-api:${Region}:${Account}:${ApiId}/${Stage}/${Method}/${ApiSpecificResourcePath}", - "condition_keys": [], - "resource": "execute-api-general" - } - ], - "service_name": "Amazon API Gateway" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to complete a multipart upload process", + "privilege": "CompleteMultipartUpload", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vault*" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "finspace", - "privileges": [ + "access_level": "Permissions management", + "description": "Grants permission to complete the vault locking process", + "privilege": "CompleteVaultLock", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vault*" + } + ] + }, { "access_level": "Write", - "description": "Grants permission to connect to a kdb cluster", - "privilege": "ConnectKxCluster", + "description": "Grants permission to create a new vault with the specified name", + "privilege": "CreateVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "vault*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a FinSpace environment", - "privilege": "CreateEnvironment", + "description": "Grants permission to delete an archive from a vault", + "privilege": "DeleteArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "vault*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "glacier:ArchiveAgeInDays" ], "dependent_actions": [], "resource_type": "" @@ -102262,88 +127328,137 @@ }, { "access_level": "Write", - "description": "Grants permission to create a changeset for a kdb database", - "privilege": "CreateKxChangeset", + "description": "Grants permission to delete a vault", + "privilege": "DeleteVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the access policy associated with the specified vault", + "privilege": "DeleteVaultAccessPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vault*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a cluster in a managed kdb environment", - "privilege": "CreateKxCluster", + "description": "Grants permission to delete the notification configuration set for a vault", + "privilege": "DeleteVaultNotifications", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeSubnets", - "finspace:MountKxDatabase" - ], - "resource_type": "kxCluster*" - }, + "dependent_actions": [], + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a job previously initiated", + "privilege": "DescribeJob", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a kdb database in a managed kdb environment", - "privilege": "CreateKxDatabase", + "access_level": "Read", + "description": "Grants permission to get information about a vault", + "privilege": "DescribeVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" - }, + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the data retrieval policy", + "privilege": "GetDataRetrievalPolicy", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a managed kdb environment", - "privilege": "CreateKxEnvironment", + "access_level": "Read", + "description": "Grants permission to download the output of the job specified", + "privilege": "GetJobOutput", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the access-policy subresource set on the vault", + "privilege": "GetVaultAccessPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve attributes from the lock-policy subresource set on the specified vault", + "privilege": "GetVaultLock", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the notification-configuration subresource set on the vault", + "privilege": "GetVaultNotifications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vault*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a user in a managed kdb environment", - "privilege": "CreateKxUser", + "description": "Grants permission to initiate a job of the specified type", + "privilege": "InitiateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "vault*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "glacier:ArchiveAgeInDays" ], "dependent_actions": [], "resource_type": "" @@ -102352,687 +127467,613 @@ }, { "access_level": "Write", - "description": "Grants permission to create a FinSpace user", - "privilege": "CreateUser", + "description": "Grants permission to initiate a multipart upload", + "privilege": "InitiateMultipartUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "vault*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to initiate the vault locking process", + "privilege": "InitiateVaultLock", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "vault*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list jobs for a vault that are in-progress and jobs that have recently finished", + "privilege": "ListJobs", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vault*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a FinSpace environment", - "privilege": "DeleteEnvironment", + "access_level": "List", + "description": "Grants permission to list in-progress multipart uploads for the specified vault", + "privilege": "ListMultipartUploads", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "vault*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a kdb cluster", - "privilege": "DeleteKxCluster", + "access_level": "List", + "description": "Grants permission to list the parts of an archive that have been uploaded in a specific multipart upload", + "privilege": "ListParts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "vault*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a kdb database", - "privilege": "DeleteKxDatabase", + "access_level": "List", + "description": "Grants permission to list the provisioned capacity for the specified AWS account", + "privilege": "ListProvisionedCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a managed kdb environment", - "privilege": "DeleteKxEnvironment", + "access_level": "List", + "description": "Grants permission to list all the tags attached to a vault", + "privilege": "ListTagsForVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "vault*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all vaults", + "privilege": "ListVaults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a kdb user", - "privilege": "DeleteKxUser", + "description": "Grants permission to purchases a provisioned capacity unit for an AWS account", + "privilege": "PurchaseProvisionedCapacity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a FinSpace environment", - "privilege": "GetEnvironment", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the set of tags attached to a vault", + "privilege": "RemoveTagsFromVault", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a changeset for a kdb database", - "privilege": "GetKxChangeset", + "access_level": "Permissions management", + "description": "Grants permission to set and then enacts a data retrieval policy in the region specified in the PUT request", + "privilege": "SetDataRetrievalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a cluster in a managed kdb environment", - "privilege": "GetKxCluster", + "access_level": "Permissions management", + "description": "Grants permission to configure an access policy for a vault; will overwrite an existing policy", + "privilege": "SetVaultAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a connection string for kdb clusters", - "privilege": "GetKxConnectionString", + "access_level": "Write", + "description": "Grants permission to configure vault notifications", + "privilege": "SetVaultNotifications", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "finspace:ConnectKxCluster" - ], - "resource_type": "kxCluster*" + "dependent_actions": [], + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a kdb database", - "privilege": "GetKxDatabase", + "access_level": "Write", + "description": "Grants permission to upload an archive to a vault", + "privilege": "UploadArchive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "vault*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a managed kdb environment", - "privilege": "GetKxEnvironment", + "access_level": "Write", + "description": "Grants permission to upload a part of an archive", + "privilege": "UploadMultipartPart", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "vault*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:glacier:${Region}:${Account}:vaults/${VaultName}", + "condition_keys": [], + "resource": "vault" + } + ], + "service_name": "Amazon S3 Glacier" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to describe a kdb user", - "privilege": "GetKxUser", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "globalaccelerator", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add a virtual private cloud (VPC) subnet endpoint to a custom routing accelerator endpoint group", + "privilege": "AddCustomRoutingEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to request status of the loading of sample data bundle", - "privilege": "GetLoadSampleDataSetGroupIntoEnvironmentStatus", + "access_level": "Write", + "description": "Grants permission to add an endpoint to a standard accelerator endpoint group", + "privilege": "AddEndpoints", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "globalaccelerator:UpdateEndpointGroup" + ], + "resource_type": "endpointgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to advertises an IPv4 address range that is provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", + "privilege": "AdvertiseByoipCidr", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a FinSpace user", - "privilege": "GetUser", + "access_level": "Write", + "description": "Grants permission to allows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", + "privilege": "AllowCustomRoutingTraffic", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, + "resource_type": "endpointgroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a standard accelerator", + "privilege": "CreateAccelerator", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a CrossAccountAttachment", + "privilege": "CreateCrossAccountAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Custom Routing accelerator", + "privilege": "CreateCustomRoutingAccelerator", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list FinSpace environments in the AWS account", - "privilege": "ListEnvironments", + "access_level": "Write", + "description": "Grants permission to create an endpoint group for the specified listener for a custom routing accelerator", + "privilege": "CreateCustomRoutingEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "listener*" } ] }, { - "access_level": "List", - "description": "Grants permission to list changesets for a kdb database", - "privilege": "ListKxChangesets", + "access_level": "Write", + "description": "Grants permission to create a listener to process inbound connections from clients to a custom routing accelerator", + "privilege": "CreateCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "accelerator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list cluster nodes in a managed kdb environment", - "privilege": "ListKxClusterNodes", + "access_level": "Write", + "description": "Grants permission to add an endpoint group to a standard accelerator listener", + "privilege": "CreateEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "listener*" } ] }, { - "access_level": "List", - "description": "Grants permission to list clusters in a managed kdb environment", - "privilege": "ListKxClusters", + "access_level": "Write", + "description": "Grants permission to add a listener to a standard accelerator", + "privilege": "CreateListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "accelerator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list kdb databases in a managed kdb environment", - "privilege": "ListKxDatabases", + "access_level": "Write", + "description": "Grants permission to delete a standard accelerator", + "privilege": "DeleteAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "accelerator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed kdb environments", - "privilege": "ListKxEnvironments", + "access_level": "Write", + "description": "Grants permission to delete a CrossAccountAttachment", + "privilege": "DeleteCrossAccountAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { - "access_level": "List", - "description": "Grants permission to list users in a managed kdb environment", - "privilege": "ListKxUsers", + "access_level": "Write", + "description": "Grants permission to delete a custom routing accelerator", + "privilege": "DeleteCustomRoutingAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "accelerator*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete an endpoint group from a listener for a custom routing accelerator", + "privilege": "DeleteCustomRoutingEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxCluster*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxDatabase*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxEnvironment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list FinSpace users in an environment", - "privilege": "ListUsers", + "access_level": "Write", + "description": "Grants permission to delete a listener for a custom routing accelerator", + "privilege": "DeleteCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "listener*" } ] }, { "access_level": "Write", - "description": "Grants permission to load sample data bundle into your FinSpace environment", - "privilege": "LoadSampleDataSetGroupIntoEnvironment", + "description": "Grants permission to delete an endpoint group associated with a standard accelerator listener", + "privilege": "DeleteEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "endpointgroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to mount a database to a kdb cluster", - "privilege": "MountKxDatabase", + "description": "Grants permission to delete a listener from a standard accelerator", + "privilege": "DeleteListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "listener*" } ] }, { "access_level": "Write", - "description": "Grants permission to reset the password for a FinSpace user", - "privilege": "ResetUserPassword", + "description": "Grants permission to disallows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", + "privilege": "DenyCustomRoutingTraffic", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to releases the specified address range that you provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", + "privilege": "DeprovisionByoipCidr", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxCluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxDatabase" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxEnvironment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxUser" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permissions to describe a standard accelerator", + "privilege": "DescribeAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxCluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxDatabase" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxEnvironment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kxUser" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a FinSpace environment", - "privilege": "UpdateEnvironment", + "access_level": "Read", + "description": "Grants permission to describe a standard accelerator attributes", + "privilege": "DescribeAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "accelerator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update databases for a cluster in a managed kdb environment", - "privilege": "UpdateKxClusterDatabases", + "access_level": "Read", + "description": "Grants permissions to describe a CrossAccountAttachment", + "privilege": "DescribeCrossAccountAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxCluster*" + "resource_type": "attachment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a kdb database", - "privilege": "UpdateKxDatabase", + "access_level": "Read", + "description": "Grants permission to describe a custom routing accelerator", + "privilege": "DescribeCustomRoutingAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxDatabase*" + "resource_type": "accelerator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a managed kdb environment", - "privilege": "UpdateKxEnvironment", + "access_level": "Read", + "description": "Grants permission to describe the attributes of a custom routing accelerator", + "privilege": "DescribeCustomRoutingAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "accelerator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the network for a managed kdb environment", - "privilege": "UpdateKxEnvironmentNetwork", + "access_level": "Read", + "description": "Grants permission to describe an endpoint group for a custom routing accelerator", + "privilege": "DescribeCustomRoutingEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxEnvironment*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a kdb user", - "privilege": "UpdateKxUser", + "access_level": "Read", + "description": "Grants permission to describe a listener for a custom routing accelerator", + "privilege": "DescribeCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kxUser*" + "resource_type": "listener*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a FinSpace user", - "privilege": "UpdateUser", + "access_level": "Read", + "description": "Grants permission to describe a standard accelerator endpoint group", + "privilege": "DescribeEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "endpointgroup*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:environment/${EnvironmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:user/${UserId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "user" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxEnvironment" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxUser/${UserName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxUser" - }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxCluster/${KxCluster}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxCluster" }, - { - "arn": "arn:${Partition}:finspace:${Region}:${Account}:kxEnvironment/${EnvironmentId}/kxDatabase/${KxDatabase}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "kxDatabase" - } - ], - "service_name": "Amazon FinSpace" - }, - { - "conditions": [], - "prefix": "finspace-api", - "privileges": [ { "access_level": "Read", - "description": "Grants permission to retrieve FinSpace programmatic access credentials", - "privilege": "GetProgrammaticAccessCredentials", + "description": "Grants permission to describe a standard accelerator listener", + "privilege": "DescribeListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "credential*" + "resource_type": "listener*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:finspace-api:${Region}:${Account}:/credentials/programmatic", - "condition_keys": [], - "resource": "credential" - } - ], - "service_name": "Amazon FinSpace API" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "firehose", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a delivery stream", - "privilege": "CreateDeliveryStream", + "access_level": "List", + "description": "Grants permission to list all standard accelerators", + "privilege": "ListAccelerators", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a delivery stream and its data", - "privilege": "DeleteDeliveryStream", + "access_level": "List", + "description": "Grants permission to list the BYOIP cidrs", + "privilege": "ListByoipCidrs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the specified delivery stream and gets the status", - "privilege": "DescribeDeliveryStream", + "access_level": "List", + "description": "Grants permission to list all CrossAccountAttachments", + "privilege": "ListCrossAccountAttachments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list your delivery streams", - "privilege": "ListDeliveryStreams", + "description": "Grants permission to list accounts with CrossAccountAttachments listing caller as a principal", + "privilege": "ListCrossAccountResourceAccounts", "resource_types": [ { "condition_keys": [], @@ -103043,187 +128084,124 @@ }, { "access_level": "List", - "description": "Grants permission to list the tags for the specified delivery stream", - "privilege": "ListTagsForDeliveryStream", + "description": "Grants permission to list all CrossAccountAttachment resources usable by caller", + "privilege": "ListCrossAccountResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to write a single data record into an Amazon Kinesis Firehose delivery stream", - "privilege": "PutRecord", + "access_level": "List", + "description": "Grants permission to list the custom routing accelerators for an AWS account", + "privilege": "ListCustomRoutingAccelerators", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to write multiple data records into a delivery stream in a single call, which can achieve higher throughput per producer than when writing single records", - "privilege": "PutRecordBatch", + "access_level": "List", + "description": "Grants permission to list the endpoint groups that are associated with a listener for a custom routing accelerator", + "privilege": "ListCustomRoutingEndpointGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "listener*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable server-side encryption (SSE) for the delivery stream", - "privilege": "StartDeliveryStreamEncryption", + "access_level": "List", + "description": "Grants permission to list the listeners for a custom routing accelerator", + "privilege": "ListCustomRoutingListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "accelerator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable the specified destination of the specified delivery stream", - "privilege": "StopDeliveryStreamEncryption", + "access_level": "List", + "description": "Grants permission to list the port mappings for a custom routing accelerator", + "privilege": "ListCustomRoutingPortMappings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "accelerator*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags for the specified delivery stream", - "privilege": "TagDeliveryStream", + "access_level": "List", + "description": "Grants permission to list the port mappings for a specific endpoint IP address (a destination address) in a subnet", + "privilege": "ListCustomRoutingPortMappingsByDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from the specified delivery stream", - "privilege": "UntagDeliveryStream", + "access_level": "List", + "description": "Grants permission to list all endpoint groups associated with a standard accelerator listener", + "privilege": "ListEndpointGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "listener*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the specified destination of the specified delivery stream", - "privilege": "UpdateDestination", + "access_level": "List", + "description": "Grants permission to list all listeners associated with a standard accelerator", + "privilege": "ListListeners", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deliverystream*" + "resource_type": "accelerator*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:firehose:${Region}:${Account}:deliverystream/${DeliveryStreamName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deliverystream" - } - ], - "service_name": "Amazon Kinesis Firehose" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "fis:Operations", - "description": "Filters access by the list of operations on the AWS service that is being affected by the AWS FIS action", - "type": "ArrayOfString" }, { - "condition": "fis:Percentage", - "description": "Filters access by the percentage of calls being affected by the AWS FIS action", - "type": "Numeric" - }, - { - "condition": "fis:Service", - "description": "Filters access by the AWS service that is being affected by the AWS FIS action", - "type": "String" - }, - { - "condition": "fis:Targets", - "description": "Filters access by the list of resource ARNs being targeted by the AWS FIS action", - "type": "ArrayOfString" - } - ], - "prefix": "fis", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an AWS FIS experiment template", - "privilege": "CreateExperimentTemplate", + "access_level": "Read", + "description": "Grants permission to list tags for a globalaccelerator resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action*" + "resource_type": "accelerator" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" - }, + "resource_type": "attachment" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provisions an address range for use with your accelerator through bring your own IP addresses (BYOIP)", + "privilege": "ProvisionByoipCidr", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -103231,48 +128209,49 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the AWS FIS experiment template", - "privilege": "DeleteExperimentTemplate", + "description": "Grants permission to remove virtual private cloud (VPC) subnet endpoints from a custom routing accelerator endpoint group", + "privilege": "RemoveCustomRoutingEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS action", - "privilege": "GetAction", + "access_level": "Write", + "description": "Grants permission to remove an endpoint from a standard accelerator endpoint group", + "privilege": "RemoveEndpoints", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "action*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "dependent_actions": [ + "globalaccelerator:UpdateEndpointGroup" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS experiment", - "privilege": "GetExperiment", + "access_level": "Tagging", + "description": "Grants permission to add tags to a globalaccelerator resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "accelerator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -103280,18 +128259,23 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS FIS Experiment Template", - "privilege": "GetExperimentTemplate", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a globalaccelerator resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "accelerator" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "attachment" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -103299,145 +128283,105 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified resource type", - "privilege": "GetTargetResourceType", + "access_level": "Write", + "description": "Grants permission to update a standard accelerator", + "privilege": "UpdateAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API internal error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiInternalError", + "description": "Grants permission to update a standard accelerator attributes", + "privilege": "UpdateAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API throttle error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiThrottleError", + "description": "Grants permission to update a CrossAccountAttachment", + "privilege": "UpdateCrossAccountAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { "access_level": "Write", - "description": "Grants permission to inject an API unavailable error on the provided AWS service from an FIS Experiment", - "privilege": "InjectApiUnavailableError", + "description": "Grants permission to update a custom routing accelerator", + "privilege": "UpdateCustomRoutingAccelerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" - }, - { - "condition_keys": [ - "fis:Service", - "fis:Operations", - "fis:Percentage", - "fis:Targets" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS actions", - "privilege": "ListActions", + "access_level": "Write", + "description": "Grants permission to update the attributes for a custom routing accelerator", + "privilege": "UpdateCustomRoutingAcceleratorAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "accelerator*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS experiment templates", - "privilege": "ListExperimentTemplates", + "access_level": "Write", + "description": "Grants permission to update a listener for a custom routing accelerator", + "privilege": "UpdateCustomRoutingListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "listener*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all available AWS FIS experiments", - "privilege": "ListExperiments", + "access_level": "Write", + "description": "Grants permission to update an endpoint group on a standard accelerator listener", + "privilege": "UpdateEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpointgroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for an AWS FIS resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a listener on a standard accelerator", + "privilege": "UpdateListener", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "experiment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "experiment-template" + "resource_type": "listener*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the resource types", - "privilege": "ListTargetResourceTypes", + "access_level": "Write", + "description": "Grants permission to stops advertising a BYOIP IPv4 address", + "privilege": "WithdrawByoipCidr", "resource_types": [ { "condition_keys": [], @@ -103445,591 +128389,698 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "accelerator" + }, + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}/listener/${ListenerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "listener" + }, + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${ResourceId}/listener/${ListenerId}/endpoint-group/${EndpointGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "endpointgroup" + }, + { + "arn": "arn:${Partition}:globalaccelerator::${Account}:attachment/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "attachment" + } + ], + "service_name": "AWS Global Accelerator" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "glue:CredentialIssuingService", + "description": "Filters access by the service from which the credentials of the request is issued", + "type": "String" + }, + { + "condition": "glue:RoleAssumedBy", + "description": "Filters access by the service from which the credentials of the request is obtained by assuming the customer role", + "type": "String" + }, + { + "condition": "glue:SecurityGroupIds", + "description": "Filters access by the ID of security groups configured for the Glue job", + "type": "ArrayOfString" + }, + { + "condition": "glue:SubnetIds", + "description": "Filters access by the ID of subnets configured for the Glue job", + "type": "ArrayOfString" }, + { + "condition": "glue:VpcIds", + "description": "Filters access by the ID of the VPC configured for the Glue job", + "type": "ArrayOfString" + } + ], + "prefix": "glue", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to run an AWS FIS experiment", - "privilege": "StartExperiment", + "description": "Grants permission to create one or more partitions", + "privilege": "BatchCreatePartition", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "experiment*" + "dependent_actions": [], + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an AWS FIS experiment", - "privilege": "StopExperiment", + "description": "Grants permission to delete one or more connections", + "privilege": "BatchDeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag AWS FIS resources", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete one or more partitions", + "privilege": "BatchDeletePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag AWS FIS resources", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete one or more tables", + "privilege": "BatchDeleteTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the specified AWS FIS experiment template", - "privilege": "UpdateExperimentTemplate", + "description": "Grants permission to delete one or more versions of a table", + "privilege": "BatchDeleteTableVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experiment-template*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "action" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:fis:${Region}:${Account}:action/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "action" - }, - { - "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "experiment" - }, - { - "arn": "arn:${Partition}:fis:${Region}:${Account}:experiment-template/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "experiment-template" - } - ], - "service_name": "AWS Fault Injection Simulator" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "fms", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to set the AWS Firewall Manager administrator account and enables the service in all organization accounts", - "privilege": "AssociateAdminAccount", + "access_level": "Read", + "description": "Grants permission to retrieve one or more blueprints", + "privilege": "BatchGetBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the Firewall Manager administrator as a tenant administrator of a third-party firewall service", - "privilege": "AssociateThirdPartyFirewall", + "access_level": "Read", + "description": "Grants permission to retrieve one or more crawlers", + "privilege": "BatchGetCrawlers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate resources to an AWS Firewall Manager resource set", - "privilege": "BatchAssociateResource", + "access_level": "Read", + "description": "Grants permission to retrieve one or more Custom Entity Types", + "privilege": "BatchGetCustomEntityTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "customEntityType*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate resources from an AWS Firewall Manager resource set", - "privilege": "BatchDisassociateResource", + "access_level": "Read", + "description": "Grants permission to retrieve one or more development endpoints", + "privilege": "BatchGetDevEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "devendpoint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to permanently deletes an AWS Firewall Manager applications list", - "privilege": "DeleteAppsList", + "access_level": "Read", + "description": "Grants permission to retrieve one or more jobs", + "privilege": "BatchGetJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list*" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to notify the FM administrator about major FM events and errors across the organization", - "privilege": "DeleteNotificationChannel", + "access_level": "Read", + "description": "Grants permission to retrieve one or more partitions", + "privilege": "BatchGetPartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to permanently delete an AWS Firewall Manager policy", - "privilege": "DeletePolicy", - "resource_types": [ + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to permanently deletes an AWS Firewall Manager protocols list", - "privilege": "DeleteProtocolsList", + "access_level": "Permissions management", + "description": "Grants permission to batch get stage files for SparkUI", + "privilege": "BatchGetStageFiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to permanently delete an AWS Firewall Manager resource set", - "privilege": "DeleteResourceSet", + "access_level": "Read", + "description": "Grants permission to return the configuration for the specified table optimizers", + "privilege": "BatchGetTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the account that has been set as the AWS Firewall Manager administrator account and and disables the service in all organization accounts", - "privilege": "DisassociateAdminAccount", + "access_level": "Read", + "description": "Grants permission to retrieve one or more triggers", + "privilege": "BatchGetTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a Firewall Manager administrator from a third-party firewall tenant", - "privilege": "DisassociateThirdPartyFirewall", + "access_level": "Read", + "description": "Grants permission to retrieve one or more workflows", + "privilege": "BatchGetWorkflows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the AWS Organizations account that is associated with AWS Firewall Manager as the AWS Firewall Manager administrator", - "privilege": "GetAdminAccount", + "access_level": "Write", + "description": "Grants permission to stop one or more job runs for a job", + "privilege": "BatchStopJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the specified account's administrative scope", - "privilege": "GetAdminScope", + "access_level": "Write", + "description": "Grants permission to update one or more partitions", + "privilege": "BatchUpdatePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the specified AWS Firewall Manager applications list", - "privilege": "GetAppsList", + "access_level": "Write", + "description": "Grants permission to stop a running Data Quality rule recommendation run", + "privilege": "CancelDataQualityRuleRecommendationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy", - "privilege": "GetComplianceDetail", + "access_level": "Write", + "description": "Grants permission to stop a running Data Quality ruleset evaluation run", + "privilege": "CancelDataQualityRulesetEvaluationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs", - "privilege": "GetNotificationChannel", + "access_level": "Write", + "description": "Grants permission to stop a running ML Task Run", + "privilege": "CancelMLTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified AWS Firewall Manager policy", - "privilege": "GetPolicy", + "access_level": "Write", + "description": "Grants permission to cancel a statement in an interactive session", + "privilege": "CancelStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "session*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve policy-level attack summary information in the event of a potential DDoS attack", - "privilege": "GetProtectionStatus", + "description": "Grants permission to retrieve a check the validity of schema version", + "privilege": "CheckSchemaVersionValidity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about the specified AWS Firewall Manager protocols list", - "privilege": "GetProtocolsList", + "access_level": "Write", + "description": "Grants permission to create a blueprint", + "privilege": "CreateBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list*" + "resource_type": "blueprint*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified AWS Firewall Manager resource set", - "privilege": "GetResourceSet", + "access_level": "Write", + "description": "Grants permission to create a classifier", + "privilege": "CreateClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the onboarding status of a Firewall Manager administrator account to third-party firewall vendor tenant", - "privilege": "GetThirdPartyFirewallAssociationStatus", + "access_level": "Write", + "description": "Grants permission to create a connection", + "privilege": "CreateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "catalog*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve violations for a resource based on the specified AWS Firewall Manager policy and AWS account", - "privilege": "GetViolationDetails", + "access_level": "Write", + "description": "Grants permission to create a crawler", + "privilege": "CreateCrawler", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a AdminAccounts object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by AssociateAdminAccount", - "privilege": "ListAdminAccountsForOrganization", + "access_level": "Write", + "description": "Grants permission to create a Custom Entity Type", + "privilege": "CreateCustomEntityType", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the accounts that are managing the specified AWS Organizations member account", - "privilege": "ListAdminsManagingAccount", + "access_level": "Write", + "description": "Grants permission to create a Data Quality ruleset", + "privilege": "CreateDataQualityRuleset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return an array of AppsListDataSummary objects", - "privilege": "ListAppsLists", + "access_level": "Write", + "description": "Grants permission to create a database", + "privilege": "CreateDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of PolicyComplianceStatus objects in the response. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy", - "privilege": "ListComplianceStatus", + "access_level": "Write", + "description": "Grants permission to create a development endpoint", + "privilege": "CreateDevEndpoint", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of resources in the organization's accounts that are available to be associated with a resource set", - "privilege": "ListDiscoveredResources", + "access_level": "Write", + "description": "Grants permission to create a job", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "job*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "glue:VpcIds", + "glue:SubnetIds", + "glue:SecurityGroupIds" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of member account ids if the caller is FMS admin account", - "privilege": "ListMemberAccounts", + "access_level": "Write", + "description": "Grants permission to create an ML Transform", + "privilege": "CreateMLTransform", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of PolicySummary objects in the response", - "privilege": "ListPolicies", + "access_level": "Write", + "description": "Grants permission to create a partition", + "privilege": "CreatePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to return an array of ProtocolsListDataSummary objects", - "privilege": "ListProtocolsLists", + "access_level": "Write", + "description": "Grants permission to create a specified partition index in an existing table", + "privilege": "CreatePartitionIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of resources that are currently associated to a resource set", - "privilege": "ListResourceSetResources", + "access_level": "Write", + "description": "Grants permission to create a new schema registry", + "privilege": "CreateRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "registry*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve an array of ResourceSetSummary objects", - "privilege": "ListResourceSets", + "access_level": "Write", + "description": "Grants permission to create a new schema container", + "privilege": "CreateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list Tags for a given resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a script", + "privilege": "CreateScript", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account", - "privilege": "ListThirdPartyFirewallFirewallPolicies", + "access_level": "Write", + "description": "Grants permission to create a security configuration", + "privilege": "CreateSecurityConfiguration", "resource_types": [ { "condition_keys": [], @@ -104040,11 +129091,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an Firewall Manager administrator account", - "privilege": "PutAdminAccount", + "description": "Grants permission to create an interactive session", + "privilege": "CreateSession", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "glue:VpcIds", + "glue:SubnetIds", + "glue:SecurityGroupIds" + ], "dependent_actions": [], "resource_type": "" } @@ -104052,45 +129109,59 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Firewall Manager applications list", - "privilege": "PutAppsList", + "description": "Grants permission to create a table", + "privilege": "CreateTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to designate the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager (FM) could use to notify the FM administrator about major FM events and errors across the organization", - "privilege": "PutNotificationChannel", + "description": "Grants permission to create a new table optimizer for a specific function. Compaction is the only currently supported optimizer type", + "privilege": "CreateTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Firewall Manager policy", - "privilege": "PutPolicy", + "description": "Grants permission to create a trigger", + "privilege": "CreateTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "trigger*" }, { "condition_keys": [ @@ -104104,33 +129175,30 @@ }, { "access_level": "Write", - "description": "Grants permission to creates an AWS Firewall Manager protocols list", - "privilege": "PutProtocolsList", + "description": "Grants permission to create a function definition", + "privilege": "CreateUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Firewall Manager resource set", - "privilege": "PutResourceSet", + "description": "Grants permission to create a workflow", + "privilege": "CreateWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set*" + "resource_type": "workflow*" }, { "condition_keys": [ @@ -104143,887 +129211,977 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add a Tag to a given resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a blueprint", + "privilege": "DeleteBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list" - }, + "resource_type": "blueprint*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a classifier", + "privilege": "DeleteClassifier", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the partition column statistics of a column", + "privilege": "DeleteColumnStatisticsForPartition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove a Tag from a given resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete the table statistics of columns", + "privilege": "DeleteColumnStatisticsForTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applications-list" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "protocols-list" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resource-set" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connection*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:fms:${Region}:${Account}:policy/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "policy" - }, - { - "arn": "arn:${Partition}:fms:${Region}:${Account}:applications-list/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "applications-list" - }, - { - "arn": "arn:${Partition}:fms:${Region}:${Account}:protocols-list/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "protocols-list" - }, - { - "arn": "arn:${Partition}:fms:${Region}:${Account}:resource-set/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "resource-set" - } - ], - "service_name": "AWS Firewall Manager" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "forecast", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an auto predictor", - "privilege": "CreateAutoPredictor", + "description": "Grants permission to delete a crawler", + "privilege": "DeleteCrawler", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateDataset", + "description": "Grants permission to delete a Custom Entity Type", + "privilege": "DeleteCustomEntityType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, + "resource_type": "customEntityType*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Data Quality ruleset", + "privilege": "DeleteDataQualityRuleset", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dataset group", - "privilege": "CreateDatasetGroup", + "description": "Grants permission to delete a database", + "privilege": "DeleteDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dataset import job", - "privilege": "CreateDatasetImportJob", + "description": "Grants permission to delete a development endpoint", + "privilege": "DeleteDevEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "devendpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an explainability", - "privilege": "CreateExplainability", + "description": "Grants permission to delete a job", + "privilege": "DeleteJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" - }, + "resource_type": "job*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an ML Transform", + "privilege": "DeleteMLTransform", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an explainability export using an explainability resource", - "privilege": "CreateExplainabilityExport", + "description": "Grants permission to delete a partition", + "privilege": "DeletePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a forecast", - "privilege": "CreateForecast", + "description": "Grants permission to delete a specified partition index from an existing table", + "privilege": "DeletePartitionIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an endpoint using a Predictor resource", - "privilege": "CreateForecastEndpoint", + "description": "Grants permission to delete a schema registry", + "privilege": "DeleteRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" - }, + "resource_type": "registry*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy", + "privilege": "DeleteResourcePolicy", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a forecast export job using a forecast resource", - "privilege": "CreateForecastExportJob", + "description": "Grants permission to delete a schema container", + "privilege": "DeleteSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "registry*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "schema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an monitor using a Predictor resource", - "privilege": "CreateMonitor", + "description": "Grants permission to delete a range of schema versions", + "privilege": "DeleteSchemaVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "registry*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "schema*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a predictor", - "privilege": "CreatePredictor", + "description": "Grants permission to delete a security configuration", + "privilege": "DeleteSecurityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a predictor backtest export job using a predictor", - "privilege": "CreatePredictorBacktestExportJob", + "description": "Grants permission to delete an interactive session after stopping the session if not already stopped", + "privilege": "DeleteSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "session*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a what-if analysis", - "privilege": "CreateWhatIfAnalysis", + "description": "Grants permission to delete a table", + "privilege": "DeleteTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a what-if forecast", - "privilege": "CreateWhatIfForecast", + "description": "Grants permission to delete an optimizer and all associated metadata for a table. The optimization will no longer be performed on the table", + "privilege": "DeleteTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a what-if forecast export using what-if forecast resources", - "privilege": "CreateWhatIfForecastExport", + "description": "Grants permission to delete a version of a table", + "privilege": "DeleteTableVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "description": "Grants permission to delete a trigger", + "privilege": "DeleteTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "trigger*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset group", - "privilege": "DeleteDatasetGroup", + "description": "Grants permission to delete a function definition", + "privilege": "DeleteUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset import job", - "privilege": "DeleteDatasetImportJob", + "description": "Grants permission to delete a workflow", + "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an explainability", - "privilege": "DeleteExplainability", + "access_level": "Permissions management", + "description": "Grants permission to terminate Glue Studio Notebook session", + "privilege": "DeregisterDataPreview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an explainability export", - "privilege": "DeleteExplainabilityExport", + "access_level": "Read", + "description": "Grants permission to retrieve a blueprint", + "privilege": "GetBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport*" + "resource_type": "blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a forecast", - "privilege": "DeleteForecast", + "access_level": "Read", + "description": "Grants permission to retrieve a blueprint run", + "privilege": "GetBlueprintRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an endpoint resource", - "privilege": "DeleteForecastEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve all runs of a blueprint", + "privilege": "GetBlueprintRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a forecast export job", - "privilege": "DeleteForecastExportJob", + "access_level": "Read", + "description": "Grants permission to retrieve the catalog import status", + "privilege": "GetCatalogImportStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" + "resource_type": "catalog*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a monitor resource", - "privilege": "DeleteMonitor", + "access_level": "Read", + "description": "Grants permission to retrieve a classifier", + "privilege": "GetClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a predictor", - "privilege": "DeletePredictor", + "access_level": "Read", + "description": "Grants permission to list all classifiers", + "privilege": "GetClassifiers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a predictor backtest export job", - "privilege": "DeletePredictorBacktestExportJob", + "access_level": "Read", + "description": "Grants permission to retrieve partition statistics of columns", + "privilege": "GetColumnStatisticsForPartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a resource and its child resources", - "privilege": "DeleteResourceTree", + "access_level": "Read", + "description": "Grants permission to retrieve table statistics of columns", + "privilege": "GetColumnStatisticsForTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve Column Statistics run information for the table based on run-id", + "privilege": "GetColumnStatisticsTaskRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve Column Statistics run information for the table based on run-ids", + "privilege": "GetColumnStatisticsTaskRuns", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get generated response for a completion request in Glue from AWS Q", + "privilege": "GetCompletion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport*" - }, + "resource_type": "completion*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a connection", + "privilege": "GetConnection", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of connections", + "privilege": "GetConnections", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" - }, + "resource_type": "connection*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a crawler", + "privilege": "GetCrawler", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" - }, + "resource_type": "crawler*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve metrics about crawlers", + "privilege": "GetCrawlerMetrics", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all crawlers", + "privilege": "GetCrawlers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read a Custom Entity Type", + "privilege": "GetCustomEntityType", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "customEntityType*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a what-if analysis", - "privilege": "DeleteWhatIfAnalysis", + "access_level": "Read", + "description": "Grants permission to retrieve catalog encryption settings", + "privilege": "GetDataCatalogEncryptionSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "catalog*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a what-if forecast", - "privilege": "DeleteWhatIfForecast", + "access_level": "Permissions management", + "description": "Grants permission to get Data Preview Statement", + "privilege": "GetDataPreviewStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a what-if forecast export", - "privilege": "DeleteWhatIfForecastExport", + "access_level": "Read", + "description": "Grants permission to retrieve a Data Quality result", + "privilege": "GetDataQualityResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an auto predictor", - "privilege": "DescribeAutoPredictor", + "description": "Grants permission to retrieve a Data Quality rule recommendation run", + "privilege": "GetDataQualityRuleRecommendationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a dataset", - "privilege": "DescribeDataset", + "description": "Grants permission to retrieve a Data Quality ruleset", + "privilege": "GetDataQualityRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a dataset group", - "privilege": "DescribeDatasetGroup", + "description": "Grants permission to retrieve a Data Quality rule recommendation run", + "privilege": "GetDataQualityRulesetEvaluationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a dataset import job", - "privilege": "DescribeDatasetImportJob", + "description": "Grants permission to retrieve a database", + "privilege": "GetDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an explainability", - "privilege": "DescribeExplainability", + "description": "Grants permission to retrieve all databases", + "privilege": "GetDatabases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an explainability export", - "privilege": "DescribeExplainabilityExport", + "description": "Grants permission to transform a script into a directed acyclic graph (DAG)", + "privilege": "GetDataflowGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a forecast", - "privilege": "DescribeForecast", + "description": "Grants permission to retrieve a development endpoint", + "privilege": "GetDevEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "devendpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an endpoint resource", - "privilege": "DescribeForecastEndpoint", + "description": "Grants permission to retrieve all development endpoints", + "privilege": "GetDevEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get environment details for SparkUI", + "privilege": "GetEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get executors for SparkUI", + "privilege": "GetExecutors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get executor threads for SparkUI", + "privilege": "GetExecutorsThreads", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a forecast export job", - "privilege": "DescribeForecastExportJob", + "description": "Grants permission to retrieve a job", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an monitor resource", - "privilege": "DescribeMonitor", + "description": "Grants permission to retrieve a job bookmark", + "privilege": "GetJobBookmark", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a predictor", - "privilege": "DescribePredictor", + "description": "Grants permission to retrieve a job run", + "privilege": "GetJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a predictor backtest export job", - "privilege": "DescribePredictorBacktestExportJob", + "description": "Grants permission to retrieve all job runs of a job", + "privilege": "GetJobRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" + "resource_type": "job*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a what-if analysis", - "privilege": "DescribeWhatIfAnalysis", + "description": "Grants permission to retrieve all current jobs", + "privilege": "GetJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a what-if forecast", - "privilege": "DescribeWhatIfForecast", + "access_level": "Permissions management", + "description": "Grants permission to get log parsing status for SparkUI", + "privilege": "GetLogParsingStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a what-if forecast export", - "privilege": "DescribeWhatIfForecastExport", + "description": "Grants permission to retrieve an ML Task Run", + "privilege": "GetMLTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the Accuracy Metrics for a predictor", - "privilege": "GetAccuracyMetrics", + "access_level": "List", + "description": "Grants permission to retrieve all ML Task Runs", + "privilege": "GetMLTaskRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "mlTransform*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the forecast context of a timeseries for an endpoint", - "privilege": "GetRecentForecastContext", + "description": "Grants permission to retrieve an ML Transform", + "privilege": "GetMLTransform", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Read", - "description": "Grants permission to invoke the endpoint to get forecast for a timeseries", - "privilege": "InvokeForecastEndpoint", + "access_level": "List", + "description": "Grants permission to retrieve all ML Transforms", + "privilege": "GetMLTransforms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "mlTransform*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the dataset groups", - "privilege": "ListDatasetGroups", + "description": "Grants permission to create a mapping", + "privilege": "GetMapping", "resource_types": [ { "condition_keys": [], @@ -105033,9 +130191,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the dataset import jobs", - "privilege": "ListDatasetImportJobs", + "access_level": "Permissions management", + "description": "Grants permission to retrieve Glue Studio Notebooks session status", + "privilege": "GetNotebookInstanceStatus", "resource_types": [ { "condition_keys": [], @@ -105046,44 +130204,74 @@ }, { "access_level": "Read", - "description": "Grants permission to list all the datasets", - "privilege": "ListDatasets", + "description": "Grants permission to retrieve a partition", + "privilege": "GetPartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the explainabilities", - "privilege": "ListExplainabilities", + "description": "Grants permission to retrieve partition indexes for a table", + "privilege": "GetPartitionIndexes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the explainability exports", - "privilege": "ListExplainabilityExports", + "description": "Grants permission to retrieve the partitions of a table", + "privilege": "GetPartitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the forecast export jobs", - "privilege": "ListForecastExportJobs", + "description": "Grants permission to retrieve a mapping for a script", + "privilege": "GetPlan", "resource_types": [ { "condition_keys": [], @@ -105093,9 +130281,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the forecasts", - "privilege": "ListForecasts", + "access_level": "Permissions management", + "description": "Grants permission to get queries for SparkUI", + "privilege": "GetQueries", "resource_types": [ { "condition_keys": [], @@ -105105,134 +130293,197 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the monitor evaluation result for a monitor", - "privilege": "ListMonitorEvaluations", + "access_level": "Permissions management", + "description": "Grants permission to get a specific query for SparkUI", + "privilege": "GetQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the monitor resources", - "privilege": "ListMonitors", + "description": "Grants permission to retrieve a schema registry", + "privilege": "GetRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "registry*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the predictor backtest export jobs", - "privilege": "ListPredictorBacktestExportJobs", + "description": "Grants permission to retrieve resource policies", + "privilege": "GetResourcePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all the predictors", - "privilege": "ListPredictors", + "description": "Grants permission to retrieve a resource policy", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for an Amazon Forecast resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve a schema container", + "privilege": "GetSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" + "resource_type": "registry*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup" - }, + "resource_type": "schema*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a schema version based on schema definition", + "privilege": "GetSchemaByDefinition", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob" + "resource_type": "registry*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint" - }, + "resource_type": "schema*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a schema version", + "privilege": "GetSchemaVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability" + "resource_type": "registry" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport" - }, + "resource_type": "schema" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to compare two schema versions in schema registry", + "privilege": "GetSchemaVersionsDiff", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast" + "resource_type": "registry*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport" - }, + "resource_type": "schema*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a security configuration", + "privilege": "GetSecurityConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve one or more security configurations", + "privilege": "GetSecurityConfigurations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an interactive session", + "privilege": "GetSession", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob" - }, + "resource_type": "session*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get a stage for SparkUI", + "privilege": "GetStage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get a stage attempt for SparkUI", + "privilege": "GetStageAttempt", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to get the task list for a stage attempt for SparkUI", + "privilege": "GetStageAttemptTaskList", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all the what-if analyses", - "privilege": "ListWhatIfAnalyses", + "access_level": "Permissions management", + "description": "Grants permission to get the task summary for a stage attempt for SparkUI", + "privilege": "GetStageAttemptTaskSummary", "resource_types": [ { "condition_keys": [], @@ -105242,9 +130493,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the what-if forecast exports", - "privilege": "ListWhatIfForecastExports", + "access_level": "Permissions management", + "description": "Grants permission to get stage files for SparkUI", + "privilege": "GetStageFiles", "resource_types": [ { "condition_keys": [], @@ -105254,9 +130505,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the what-if forecasts", - "privilege": "ListWhatIfForecasts", + "access_level": "Permissions management", + "description": "Grants permission to get stages for SparkUI", + "privilege": "GetStages", "resource_types": [ { "condition_keys": [], @@ -105267,1064 +130518,873 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a forecast for a single item", - "privilege": "QueryForecast", + "description": "Grants permission to retrieve result and information about a statement in an interactive session", + "privilege": "GetStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "session*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a what-if forecast for a single item", - "privilege": "QueryWhatIfForecast", + "access_level": "Permissions management", + "description": "Grants permission to get storage details for SparkUI", + "privilege": "GetStorage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to resume Amazon Forecast resource jobs", - "privilege": "ResumeResource", + "access_level": "Permissions management", + "description": "Grants permission to get storage unit details for SparkUI", + "privilege": "GetStorageUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop Amazon Forecast resource jobs", - "privilege": "StopResource", + "access_level": "Read", + "description": "Grants permission to retrieve a table", + "privilege": "GetTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability*" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the configuration of all optimizers associated with a specified table", + "privilege": "GetTableOptimizer", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport*" + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport*" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a version of a table", + "privilege": "GetTableVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob*" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a list of versions of a table", + "privilege": "GetTableVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to associate the specified tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve the tables in a database", + "privilege": "GetTables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainability" - }, + "resource_type": "table*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all tags associated with a resource", + "privilege": "GetTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "explainabilityExport" + "resource_type": "blueprint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecast" + "resource_type": "crawler" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport" + "resource_type": "customEntityType" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor" + "resource_type": "devendpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor" + "resource_type": "job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob" + "resource_type": "trigger" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis" - }, + "resource_type": "workflow" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a trigger", + "privilege": "GetTrigger", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast" - }, + "resource_type": "trigger*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the triggers associated with a job", + "privilege": "GetTriggers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete the specified tags for a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to retrieve a function definition", + "privilege": "GetUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetImportJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainability" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "explainabilityExport" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "forecast" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "forecastExport" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "monitor" - }, + "resource_type": "userdefinedfunction*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve multiple function definitions", + "privilege": "GetUserDefinedFunctions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictor" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "predictorBacktestExportJob" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfAnalysis" - }, + "resource_type": "userdefinedfunction*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a workflow", + "privilege": "GetWorkflow", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecast" - }, + "resource_type": "workflow*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a workflow run", + "privilege": "GetWorkflowRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "whatIfForecastExport" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a dataset group", - "privilege": "UpdateDatasetGroup", + "access_level": "Read", + "description": "Grants permission to retrieve workflow run properties", + "privilege": "GetWorkflowRunProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, + "resource_type": "workflow*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all runs of a workflow", + "privilege": "GetWorkflowRuns", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "workflow*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-group/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "datasetGroup" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:dataset-import-job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "datasetImportJob" - }, - { - "arn": "arn:${Partition}:forecast:::algorithm/${ResourceId}", - "condition_keys": [], - "resource": "algorithm" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "predictor" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:predictor-backtest-export-job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "predictorBacktestExportJob" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "forecast" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-export-job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "forecastExport" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "explainability" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:explainability-export/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "explainabilityExport" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:monitor/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "monitor" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-analysis/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "whatIfAnalysis" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "whatIfForecast" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:what-if-forecast-export/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "whatIfForecastExport" - }, - { - "arn": "arn:${Partition}:forecast:${Region}:${Account}:forecast-endpoint/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "endpoint" - } - ], - "service_name": "Amazon Forecast" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "frauddetector", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a batch of variables", - "privilege": "BatchCreateVariable", + "access_level": "Permissions management", + "description": "Grants permission to access Glue Studio Notebooks", + "privilege": "GlueNotebookAuthorize", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a batch of variables", - "privilege": "BatchGetVariable", + "access_level": "Permissions management", + "description": "Grants permission to refresh Glue Studio Notebooks credentials", + "privilege": "GlueNotebookRefreshCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel the specified batch import job", - "privilege": "CancelBatchImportJob", + "description": "Grants permission to import an Athena data catalog into AWS Glue", + "privilege": "ImportCatalogToGlue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" + "resource_type": "catalog*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel the specified batch prediction job", - "privilege": "CancelBatchPredictionJob", + "access_level": "List", + "description": "Grants permission to retrieve all blueprints", + "privilege": "ListBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a batch import job", - "privilege": "CreateBatchImportJob", + "access_level": "Read", + "description": "Grants permission to list all Column Statistics run-ids that have been executed for the account", + "privilege": "ListColumnStatisticsTaskRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a batch prediction job", - "privilege": "CreateBatchPredictionJob", + "access_level": "List", + "description": "Grants permission to retrieve all crawlers", + "privilege": "ListCrawlers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a detector version. The detector version starts in a DRAFT status", - "privilege": "CreateDetectorVersion", + "access_level": "List", + "description": "Grants permission to retrieve crawl run history for a crawler", + "privilege": "ListCrawls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model-version" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a list", - "privilege": "CreateList", + "access_level": "List", + "description": "Grants permission to retrieve all Custom Entity Types", + "privilege": "ListCustomEntityTypes", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a model using the specified model type", - "privilege": "CreateModel", + "access_level": "List", + "description": "Grants permission to retrieve all Data Quality results", + "privilege": "ListDataQualityResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a version of the model using the specified model type and model id", - "privilege": "CreateModelVersion", + "access_level": "List", + "description": "Grants permission to retrieve all Data Quality rule recommendation runs", + "privilege": "ListDataQualityRuleRecommendationRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a rule for use with the specified detector", - "privilege": "CreateRule", + "access_level": "List", + "description": "Grants permission to retrieve all Data Quality rule recommendation runs", + "privilege": "ListDataQualityRulesetEvaluationRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a variable", - "privilege": "CreateVariable", + "access_level": "List", + "description": "Grants permission to retrieve a list of Data Quality rulesets", + "privilege": "ListDataQualityRulesets", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a batch import job", - "privilege": "DeleteBatchImportJob", + "access_level": "List", + "description": "Grants permission to retrieve all development endpoints", + "privilege": "ListDevEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a batch prediction job", - "privilege": "DeleteBatchPredictionJob", + "access_level": "List", + "description": "Grants permission to retrieve all current jobs", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the detector. Before deleting a detector, you must first delete all detector versions and rule versions associated with the detector", - "privilege": "DeleteDetector", + "access_level": "List", + "description": "Grants permission to retrieve all ML Transforms", + "privilege": "ListMLTransforms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the detector version. You cannot delete detector versions that are in ACTIVE status", - "privilege": "DeleteDetectorVersion", + "access_level": "List", + "description": "Grants permission to retrieve a list of schema registries", + "privilege": "ListRegistries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an entity type. You cannot delete an entity type that is included in an event type", - "privilege": "DeleteEntityType", + "access_level": "List", + "description": "Grants permission to retrieve a list of schema versions", + "privilege": "ListSchemaVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type*" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deletes the specified event", - "privilege": "DeleteEvent", + "access_level": "List", + "description": "Grants permission to retrieve a list of schema containers", + "privilege": "ListSchemas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "registry" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an event type. You cannot delete an event type that is used in a detector or a model", - "privilege": "DeleteEventType", + "access_level": "List", + "description": "Grants permission to retrieve a list of interactive session", + "privilege": "ListSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete events for the specified event type", - "privilege": "DeleteEventsByEventType", + "access_level": "List", + "description": "Grants permission to retrieve a list of statements in an interactive session", + "privilege": "ListStatements", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "session*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a SageMaker model from Amazon Fraud Detector. You can remove an Amazon SageMaker model if it is not associated with a detector version", - "privilege": "DeleteExternalModel", + "access_level": "List", + "description": "Grants permission to list the history of previous optimizer runs for a specific table", + "privilege": "ListTableOptimizerRuns", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model*" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a label. You cannot delete labels that are included in an event type in Amazon Fraud Detector. You cannot delete a label assigned to an event ID. You must first delete the relevant event ID", - "privilege": "DeleteLabel", + "access_level": "List", + "description": "Grants permission to retrieve all triggers", + "privilege": "ListTriggers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a list", - "privilege": "DeleteList", + "access_level": "List", + "description": "Grants permission to retrieve all workflows", + "privilege": "ListWorkflows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a model. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", - "privilege": "DeleteModel", + "description": "Grants permission to notify an event to the event-driven workflow", + "privilege": "NotifyEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a model version. You can delete models and model versions in Amazon Fraud Detector, provided that they are not associated with a detector version", - "privilege": "DeleteModelVersion", + "description": "Grants permission to pass glue connection name in input for APIs that require them", + "privilege": "PassConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version*" + "resource_type": "connection*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an outcome. You cannot delete an outcome that is used in a rule version", - "privilege": "DeleteOutcome", + "description": "Grants permission to publish Data Quality results", + "privilege": "PublishDataQuality", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the rule. You cannot delete a rule if it is used by an ACTIVE or INACTIVE detector version", - "privilege": "DeleteRule", + "description": "Grants permission to update catalog encryption settings", + "privilege": "PutDataCatalogEncryptionSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "catalog*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a variable. You cannot delete variables that are included in an event type in Amazon Fraud Detector", - "privilege": "DeleteVariable", + "access_level": "Permissions management", + "description": "Grants permission to update a resource policy", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable*" + "resource_type": "catalog*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get all versions for a specified detector", - "privilege": "DescribeDetector", + "access_level": "Write", + "description": "Grants permission to add metadata to schema version", + "privilege": "PutSchemaVersionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "registry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema" } ] }, { - "access_level": "Read", - "description": "Grants permission to get all of the model versions for the specified model type or for the specified model type and model ID. You can also get details for a single, specified model version", - "privilege": "DescribeModelVersions", + "access_level": "Write", + "description": "Grants permission to update workflow run properties", + "privilege": "PutWorkflowRunProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "workflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data validation report of a specific batch import job", - "privilege": "GetBatchImportJobValidationReport", + "access_level": "List", + "description": "Grants permission to fetch metadata for a schema version", + "privilege": "QuerySchemaVersionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import*" + "resource_type": "registry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema" } ] }, { - "access_level": "List", - "description": "Grants permission to get all batch import jobs or a specific job if you specify a job ID", - "privilege": "GetBatchImportJobs", + "access_level": "Write", + "description": "Grants permission to create a new schema version", + "privilege": "RegisterSchemaVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { - "access_level": "List", - "description": "Grants permission to get all batch prediction jobs or a specific job if you specify a job ID. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 1 and 50. To get the next page results, provide the pagination token from the GetBatchPredictionJobsResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetBatchPredictionJobs", + "access_level": "Write", + "description": "Grants permission to remove metadata from schema version", + "privilege": "RemoveSchemaVersionMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction" + "resource_type": "registry" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a specific event type DeleteEventsByEventType API execution status", - "privilege": "GetDeleteEventsByEventTypeStatus", + "access_level": "Permissions management", + "description": "Grants permission to request log parsing for SparkUI", + "privilege": "RequestLogParsing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a particular detector version", - "privilege": "GetDetectorVersion", + "access_level": "Write", + "description": "Grants permission to reset a job bookmark", + "privilege": "ResetJobBookmark", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get all detectors or a single detector if a detectorId is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetDetectorsResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetDetectors", + "access_level": "Write", + "description": "Grants permission to resume a workflow run", + "privilege": "ResumeWorkflowRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "workflow*" } ] }, { - "access_level": "List", - "description": "Grants permission to get all entity types or a specific entity type if a name is specified. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEntityTypesResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetEntityTypes", + "access_level": "Permissions management", + "description": "Grants permission to run Data Preview Statement", + "privilege": "RunDataPreviewStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the details of the specified event", - "privilege": "GetEvent", + "access_level": "Write", + "description": "Grants permission to run a code or statement in an interactive session", + "privilege": "RunStatement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "session*" } ] }, { "access_level": "Read", - "description": "Grants permission to evaluate an event against a detector version. If a version ID is not provided, the detector\u2019s (ACTIVE) version is used", - "privilege": "GetEventPrediction", + "description": "Grants permission to retrieve the tables in the catalog", + "privilege": "SearchTables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "catalog*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "database*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get more details of a particular prediction", - "privilege": "GetEventPredictionMetadata", + "access_level": "Write", + "description": "Grants permission to provide feedback about a glue completion experience in AWS Q", + "privilege": "SendFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get all event types or a specific event type if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetEventTypesResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetEventTypes", + "access_level": "Write", + "description": "Grants permission to start running a blueprint", + "privilege": "StartBlueprintRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "blueprint*" } ] }, { - "access_level": "List", - "description": "Grants permission to get the details for one or more Amazon SageMaker models that have been imported into the service. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 10 records per page. If you provide a maxResults, the value must be between 5 and 10. To get the next page results, provide the pagination token from the GetExternalModelsResult as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetExternalModels", + "access_level": "Write", + "description": "Grants permission to start a run for generating Column Statistics for the table", + "privilege": "StartColumnStatisticsTaskRun", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetSecurityConfiguration", + "glue:GetTable" + ], + "resource_type": "database*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model" + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the encryption key if a Key Management Service (KMS) customer master key (CMK) has been specified to be used to encrypt content in Amazon Fraud Detector", - "privilege": "GetKMSEncryptionKey", + "access_level": "Write", + "description": "Grants permission to create a completion request in Glue for AWS Q experience", + "privilege": "StartCompletion", "resource_types": [ { "condition_keys": [], @@ -106334,308 +131394,182 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get all labels or a specific label if name is provided. This is a paginated API. If you provide a null maxResults, this action retrieves a maximum of 50 records per page. If you provide a maxResults, the value must be between 10 and 50. To get the next page results, provide the pagination token from the GetGetLabelsResponse as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetLabels", + "access_level": "Write", + "description": "Grants permission to start a crawler", + "privilege": "StartCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label" + "resource_type": "crawler*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get elements of a list", - "privilege": "GetListElements", + "access_level": "Write", + "description": "Grants permission to change the schedule state of a crawler to SCHEDULED", + "privilege": "StartCrawlerSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get metadata about lists", - "privilege": "GetListsMetadata", + "access_level": "Write", + "description": "Grants permission to start a Data Quality rule recommendation run", + "privilege": "StartDataQualityRuleRecommendationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the details of the specified model version", - "privilege": "GetModelVersion", + "access_level": "Write", + "description": "Grants permission to start a Data Quality rule recommendation run", + "privilege": "StartDataQualityRulesetEvaluationRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version*" + "resource_type": "dataQualityRuleset*" } ] }, { - "access_level": "List", - "description": "Grants permission to get one or more models. Gets all models for the AWS account if no model type and no model id provided. Gets all models for the AWS account and model type, if the model type is specified but model id is not provided. Gets a specific model if (model type, model id) tuple is specified", - "privilege": "GetModels", + "access_level": "Write", + "description": "Grants permission to start an Export Labels ML Task Run", + "privilege": "StartExportLabelsTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "mlTransform*" } ] }, { - "access_level": "List", - "description": "Grants permission to get one or more outcomes. This is a paginated API. If you provide a null maxResults, this actions retrieves a maximum of 100 records per page. If you provide a maxResults, the value must be between 50 and 100. To get the next page results, provide the pagination token from the GetOutcomesResult as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "GetOutcomes", + "access_level": "Write", + "description": "Grants permission to start an Import Labels ML Task Run", + "privilege": "StartImportLabelsTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome" + "resource_type": "mlTransform*" } ] }, { - "access_level": "List", - "description": "Grants permission to get all rules for a detector (paginated) if ruleId and ruleVersion are not specified. Gets all rules for the detector and the ruleId if present (paginated). Gets a specific rule if both the ruleId and the ruleVersion are specified", - "privilege": "GetRules", + "access_level": "Write", + "description": "Grants permission to start running a job", + "privilege": "StartJobRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "job*" } ] }, { - "access_level": "List", - "description": "Grants permission to get all of the variables or the specific variable. This is a paginated API. Providing null maxSizePerPage results in retrieving maximum of 100 records per page. If you provide maxSizePerPage the value must be between 50 and 100. To get the next page result, a provide a pagination token from GetVariablesResult as part of your request. Null pagination token fetches the records from the beginning", - "privilege": "GetVariables", + "access_level": "Write", + "description": "Grants permission to start an Evaluation ML Task Run", + "privilege": "StartMLEvaluationTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable" + "resource_type": "mlTransform*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of past predictions", - "privilege": "ListEventPredictions", + "access_level": "Write", + "description": "Grants permission to start a Labeling Set Generation ML Task Run", + "privilege": "StartMLLabelingSetGenerationTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags associated with the resource. This is a paginated API. To get the next page results, provide the pagination token from the response as part of your request. A null pagination token fetches the records from the beginning", - "privilege": "ListTagsForResource", + "access_level": "Permissions management", + "description": "Grants permission to start Glue Studio Notebooks", + "privilege": "StartNotebook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "batch-prediction" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "detector-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "label" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "list" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "outcome" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "variable" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a detector", - "privilege": "PutDetector", + "description": "Grants permission to start a trigger", + "privilege": "StartTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an entity type. An entity represents who is performing the event. As part of a fraud prediction, you pass the entity ID to indicate the specific entity who performed the event. An entity type classifies the entity. Example classifications include customer, merchant, or account", - "privilege": "PutEntityType", + "description": "Grants permission to start running a workflow", + "privilege": "StartWorkflowRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an event type. An event is a business activity that is evaluated for fraud risk. With Amazon Fraud Detector, you generate fraud predictions for events. An event type defines the structure for an event sent to Amazon Fraud Detector. This includes the variables sent as part of the event, the entity performing the event (such as a customer), and the labels that classify the event. Example event types include online payment transactions, account registrations, and authentications", - "privilege": "PutEventType", + "description": "Grants permission to stop execution for Column Statistics run", + "privilege": "StopColumnStatisticsTaskRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an Amazon SageMaker model endpoint. You can also use this action to update the configuration of the model endpoint, including the IAM role and/or the mapped variables", - "privilege": "PutExternalModel", + "description": "Grants permission to stop a running crawler", + "privilege": "StopCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, { "access_level": "Write", - "description": "Grants permission to specify the Key Management Service (KMS) customer master key (CMK) to be used to encrypt content in Amazon Fraud Detector", - "privilege": "PutKMSEncryptionKey", + "description": "Grants permission to set the schedule state of a crawler to NOT_SCHEDULED", + "privilege": "StopCrawlerSchedule", "resource_types": [ { "condition_keys": [], @@ -106646,138 +131580,109 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update label. A label classifies an event as fraudulent or legitimate. Labels are associated with event types and used to train supervised machine learning models in Amazon Fraud Detector", - "privilege": "PutLabel", + "description": "Grants permission to stop an interactive session", + "privilege": "StopSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "session*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an outcome", - "privilege": "PutOutcome", + "description": "Grants permission to stop a trigger", + "privilege": "StopTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, { "access_level": "Write", - "description": "Grants permission to send event", - "privilege": "SendEvent", + "description": "Grants permission to stop a workflow run", + "privilege": "StopWorkflowRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to assign tags to a resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "batch-prediction" + "resource_type": "blueprint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "connection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version" + "resource_type": "crawler" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type" + "resource_type": "customEntityType" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "dataQualityRuleset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model" + "resource_type": "devendpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "label" + "resource_type": "job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "list" + "resource_type": "mlTransform" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "registry" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "schema" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome" + "resource_type": "session" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "trigger" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable" + "resource_type": "workflow" }, { "condition_keys": [ @@ -106790,84 +131695,102 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Permissions management", + "description": "Grants permission to terminate Glue Studio Notebooks", + "privilege": "TerminateNotebook", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-import" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to test connection in Glue Studio", + "privilege": "TestConnection", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batch-prediction" + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "blueprint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "connection" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version" + "resource_type": "crawler" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity-type" + "resource_type": "customEntityType" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type" + "resource_type": "dataQualityRuleset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "external-model" + "resource_type": "devendpoint" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "label" + "resource_type": "job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "list" + "resource_type": "mlTransform" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "registry" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "schema" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "outcome" + "resource_type": "session" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "trigger" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable" + "resource_type": "workflow" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -106876,314 +131799,169 @@ }, { "access_level": "Write", - "description": "Grants permission to update a detector version. The detector version attributes that you can update include models, external model endpoints, rules, rule execution mode, and description. You can only update a DRAFT detector version", - "privilege": "UpdateDetectorVersion", + "description": "Grants permission to update a blueprint", + "privilege": "UpdateBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "external-model" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model-version" + "resource_type": "blueprint*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the detector version's description. You can update the metadata for any detector version (DRAFT, ACTIVE, or INACTIVE)", - "privilege": "UpdateDetectorVersionMetadata", + "description": "Grants permission to update a classifier", + "privilege": "UpdateClassifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the detector version\u2019s status. You can perform the following promotions or demotions using UpdateDetectorVersionStatus: DRAFT to ACTIVE, ACTIVE to INACTIVE, and INACTIVE to ACTIVE", - "privilege": "UpdateDetectorVersionStatus", + "description": "Grants permission to update partition statistics of columns", + "privilege": "UpdateColumnStatisticsForPartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector-version*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing event record's label value", - "privilege": "UpdateEventLabel", - "resource_types": [ + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-type*" + "resource_type": "database*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a list", - "privilege": "UpdateList", + "description": "Grants permission to update table statistics of columns", + "privilege": "UpdateColumnStatisticsForTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "list*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a model. You can update the description attribute using this action", - "privilege": "UpdateModel", + "description": "Grants permission to update a connection", + "privilege": "UpdateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a model version. Updating a model version retrains an existing model version using updated training data and produces a new minor version of the model. You can update the training data set location and data access role attributes using this action. This action creates and trains a new minor version of the model, for example version 1.01, 1.02, 1.03", - "privilege": "UpdateModelVersion", + "description": "Grants permission to update a crawler", + "privilege": "UpdateCrawler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "crawler*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status of a model version", - "privilege": "UpdateModelVersionStatus", + "description": "Grants permission to update the schedule of a crawler", + "privilege": "UpdateCrawlerSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model-version*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a rule's metadata. The description attribute can be updated", - "privilege": "UpdateRuleMetadata", + "description": "Grants permission to update a Data Quality ruleset", + "privilege": "UpdateDataQualityRuleset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "dataQualityRuleset*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a rule version resulting in a new rule version. Updates a rule version resulting in a new rule version (version 1, 2, 3 ...)", - "privilege": "UpdateRuleVersion", + "description": "Grants permission to update a database", + "privilege": "UpdateDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "catalog*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a variable", - "privilege": "UpdateVariable", + "description": "Grants permission to update a development endpoint", + "privilege": "UpdateDevEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "variable*" + "resource_type": "devendpoint*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-prediction/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "batch-prediction" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detector" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:detector-version/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detector-version" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:entity-type/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity-type" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:external-model/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "external-model" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:event-type/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "event-type" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:label/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "label" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:model-version/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model-version" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:outcome/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "outcome" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:rule/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "rule" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:variable/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "variable" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:batch-import/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "batch-import" - }, - { - "arn": "arn:${Partition}:frauddetector:${Region}:${Account}:list/${ResourcePath}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "list" - } - ], - "service_name": "Amazon Fraud Detector" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "A tag key that is present in the request that the user makes to Amazon FreeRTOS", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "The tag key component of a tag attached to an Amazon FreeRTOS resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "The list of all the tag key names associated with the resource in the request", - "type": "ArrayOfString" - } - ], - "prefix": "freertos", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a software configuration", - "privilege": "CreateSoftwareConfiguration", + "description": "Grants permission to update a job", + "privilege": "UpdateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "job*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "glue:VpcIds", + "glue:SubnetIds", + "glue:SecurityGroupIds" ], "dependent_actions": [], "resource_type": "" @@ -107192,143 +131970,187 @@ }, { "access_level": "Write", - "description": "Grants permission to create a subscription for FreeRTOS extended maintenance plan (EMP)", - "privilege": "CreateSubscription", + "description": "Grants permission to update a job from source control provider", + "privilege": "UpdateJobFromSourceControl", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the software configuration", - "privilege": "DeleteSoftwareConfiguration", + "description": "Grants permission to update an ML Transform", + "privilege": "UpdateMLTransform", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "mlTransform*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the hardware platform", - "privilege": "DescribeHardwarePlatform", + "access_level": "Write", + "description": "Grants permission to update a partition", + "privilege": "UpdatePartition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the software configuration", - "privilege": "DescribeSoftwareConfiguration", + "access_level": "Write", + "description": "Grants permission to update a schema registry", + "privilege": "UpdateRegistry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "registry*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describes the subscription for FreeRTOS extended maintenance plan (EMP)", - "privilege": "DescribeSubscription", + "access_level": "Write", + "description": "Grants permission to update a schema container", + "privilege": "UpdateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscription*" + "resource_type": "registry*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "schema*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get URL for sotware patch-release, patch-diff and release notes under FreeRTOS extended maintenance plan (EMP)", - "privilege": "GetEmpPatchUrl", + "access_level": "Write", + "description": "Grants permission to update source control provider from a job", + "privilege": "UpdateSourceControlFromJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the URL for Amazon FreeRTOS software download", - "privilege": "GetSoftwareURL", + "access_level": "Write", + "description": "Grants permission to update a table", + "privilege": "UpdateTable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the URL for Amazon FreeRTOS software download based on the configuration", - "privilege": "GetSoftwareURLForConfiguration", + "access_level": "Write", + "description": "Grants permission to update the configuration for an existing table optimizer", + "privilege": "UpdateTableOptimizer", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "glue:GetTable" + ], + "resource_type": "catalog*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "table*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the subscription billing amount for FreeRTOS extended maintenance plan (EMP)", - "privilege": "GetSubscriptionBillingAmount", + "access_level": "Write", + "description": "Grants permission to update a trigger", + "privilege": "UpdateTrigger", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "trigger*" } ] }, { - "access_level": "List", - "description": "Grants permission to lists versions of AmazonFreeRTOS", - "privilege": "ListFreeRTOSVersions", + "access_level": "Write", + "description": "Grants permission to update a function definition", + "privilege": "UpdateUserDefinedFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "catalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userdefinedfunction*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the hardware platforms", - "privilege": "ListHardwarePlatforms", + "access_level": "Write", + "description": "Grants permission to update a workflow", + "privilege": "UpdateWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the hardware vendors", - "privilege": "ListHardwareVendors", + "access_level": "Permissions management", + "description": "Grants permission to use Glue Studio and access its internal APIs", + "privilege": "UseGlueStudio", "resource_types": [ { "condition_keys": [], @@ -107338,286 +132160,349 @@ ] }, { - "access_level": "List", - "description": "Grants permission to lists the software configurations", - "privilege": "ListSoftwareConfigurations", + "access_level": "Write", + "description": "Grants permission to use an ML Transform from within a Glue ETL Script", + "privilege": "UseMLTransforms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mlTransform*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:catalog", + "condition_keys": [], + "resource": "catalog" }, { - "access_level": "List", - "description": "Grants permission to list software patches of subscription for FreeRTOS extended maintenance plan (EMP)", - "privilege": "ListSoftwarePatches", + "arn": "arn:${Partition}:glue:${Region}:${Account}:database/${DatabaseName}", + "condition_keys": [], + "resource": "database" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:table/${DatabaseName}/${TableName}", + "condition_keys": [], + "resource": "table" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:tableVersion/${DatabaseName}/${TableName}/${TableVersionName}", + "condition_keys": [], + "resource": "tableversion" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:connection/${ConnectionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connection" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:userDefinedFunction/${DatabaseName}/${UserDefinedFunctionName}", + "condition_keys": [], + "resource": "userdefinedfunction" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:devEndpoint/${DevEndpointName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "devendpoint" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:job/${JobName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "job" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:trigger/${TriggerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "trigger" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:crawler/${CrawlerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "crawler" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:workflow/${WorkflowName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workflow" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "blueprint" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:mlTransform/${TransformId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "mlTransform" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:registry/${RegistryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "registry" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:schema/${SchemaName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "schema" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:session/${SessionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "session" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:dataQualityRuleset/${RulesetName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dataQualityRuleset" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:customEntityType/${CustomEntityTypeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "customEntityType" + }, + { + "arn": "arn:${Partition}:glue:${Region}:${Account}:completion/${CompletionId}", + "condition_keys": [], + "resource": "completion" + } + ], + "service_name": "AWS Glue" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by actions based on tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "grafana", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to upgrade a workspace with a license", + "privilege": "AssociateLicense", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "aws-marketplace:ViewSubscriptions" + ], + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the subscription emails for FreeRTOS extended maintenance plan (EMP)", - "privilege": "ListSubscriptionEmails", + "access_level": "Write", + "description": "Grants permission to create a workspace", + "privilege": "CreateWorkspace", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:GetManagedPrefixListEntries", + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganization", + "sso:CreateManagedApplicationInstance", + "sso:DescribeRegisteredRegions", + "sso:GetSharedSsoConfiguration" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the subscriptions for FreeRTOS extended maintenance plan (EMP)", - "privilege": "ListSubscriptions", + "access_level": "Write", + "description": "Grants permission to create API keys for a workspace", + "privilege": "CreateWorkspaceApiKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to update list of subscription email address for FreeRTOS extended maintenance plan (EMP)", - "privilege": "UpdateEmailRecipients", + "description": "Grants permission to delete a workspace", + "privilege": "DeleteWorkspace", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" + ], + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the software configuration", - "privilege": "UpdateSoftwareConfiguration", + "description": "Grants permission to delete API keys from a workspace", + "privilege": "DeleteWorkspaceApiKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "workspace*" } ] }, { - "access_level": "Write", - "description": "Grants permission to verify the email for FreeRTOS extended maintenance plan (EMP)", - "privilege": "VerifyEmail", + "access_level": "Read", + "description": "Grants permission to describe a workspace", + "privilege": "DescribeWorkspace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:freertos:${Region}:${Account}:configuration/${ConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "configuration" }, - { - "arn": "arn:${Partition}:freertos:${Region}:${Account}:subscription/${SubscriptionID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "subscription" - } - ], - "service_name": "Amazon FreeRTOS" - }, - { - "conditions": [], - "prefix": "freetier", - "privileges": [ { "access_level": "Read", - "description": "Allow or deny IAM users permission to get free tier alert preference (email address)", - "privilege": "GetFreeTierAlertPreference", + "description": "Grants permission to describe authentication providers on a workspace", + "privilege": "DescribeWorkspaceAuthentication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Allow or deny IAM users permission to get free tier usage limits and MTD usage status", - "privilege": "GetFreeTierUsage", + "description": "Grants permission to describe the current configuration string for the given workspace", + "privilege": "DescribeWorkspaceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Allow or deny IAM users permission to set free tier alert preference (email address)", - "privilege": "PutFreeTierAlertPreference", + "description": "Grants permission to remove a license from a workspace", + "privilege": "DisassociateLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] - } - ], - "resources": [], - "service_name": "AWS Free Tier" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "fsx:IsBackupCopyDestination", - "description": "Filters access by whether the backup is a destination backup for a CopyBackup operation", - "type": "Bool" - }, - { - "condition": "fsx:IsBackupCopySource", - "description": "Filters access by whether the backup is a source backup for a CopyBackup operation", - "type": "Bool" - }, - { - "condition": "fsx:NfsDataRepositoryAuthenticationEnabled", - "description": "Filters access by NFS data repositories which support authentication", - "type": "Bool" - }, - { - "condition": "fsx:NfsDataRepositoryEncryptionInTransitEnabled", - "description": "Filters access by NFS data repositories which support encryption-in-transit", - "type": "Bool" - }, - { - "condition": "fsx:ParentVolumeId", - "description": "Filters access by the containing parent volume for mutating volume operations", - "type": "String" }, { - "condition": "fsx:StorageVirtualMachineId", - "description": "Filters access by the containing storage virtual machine for a volume for mutating volume operations", - "type": "String" - } - ], - "prefix": "fsx", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a File Gateway instance with an Amazon FSx for Windows File Server file system", - "privilege": "AssociateFileGateway", + "access_level": "List", + "description": "Grants permission to list the permissions on a wokspace", + "privilege": "ListPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "workspace*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate DNS aliases with an Amazon FSx for Windows File Server file system", - "privilege": "AssociateFileSystemAliases", + "access_level": "Read", + "description": "Grants permission to list tags associated with a workspace", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "workspace" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a data repository task", - "privilege": "CancelDataRepositoryTask", + "access_level": "List", + "description": "Grants permission to list all available supported Grafana versions. Optionally, include a workspace to list the versions to which it can be upgraded", + "privilege": "ListVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "task*" + "resource_type": "workspace" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy a backup", - "privilege": "CopyBackup", + "access_level": "Read", + "description": "Grants permission to list workspaces", + "privilege": "ListWorkspaces", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new backup of an Amazon FSx file system or an Amazon FSx volume", - "privilege": "CreateBackup", + "access_level": "Tagging", + "description": "Grants permission to add tags to, or update tag values of, a workspace", + "privilege": "TagResource", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "backup*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume" + "resource_type": "workspace*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -107625,26 +132510,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new data respository association for an Amazon FSx for Lustre file system", - "privilege": "CreateDataRepositoryAssociation", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a workspace", + "privilege": "UntagResource", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "association*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "workspace*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -107652,229 +132530,163 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new data respository task for an Amazon FSx for Lustre file system", - "privilege": "CreateDataRepositoryTask", + "access_level": "Permissions management", + "description": "Grants permission to modify the permissions on a workspace", + "privilege": "UpdatePermissions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "task*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new, empty, Amazon file cache", - "privilege": "CreateFileCache", + "description": "Grants permission to modify a workspace", + "privilege": "UpdateWorkspace", "resource_types": [ { "condition_keys": [], "dependent_actions": [ "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "fsx:CreateDataRepositoryAssociation", - "fsx:TagResource", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "s3:ListBucket" - ], - "resource_type": "file-cache*" - }, - { - "condition_keys": [ - "fsx:NfsDataRepositoryEncryptionInTransitEnabled", - "fsx:NfsDataRepositoryAuthenticationEnabled" - ], - "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "ec2:GetManagedPrefixListEntries", + "iam:CreateServiceLinkedRole" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new, empty, Amazon FSx file system", - "privilege": "CreateFileSystem", + "description": "Grants permission to modify authentication providers on a workspace", + "privilege": "UpdateWorkspaceAuthentication", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon FSx file system from an existing backup", - "privilege": "CreateFileSystemFromBackup", + "description": "Grants permission to update the configuration string for the given workspace", + "privilege": "UpdateWorkspaceConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "backup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:grafana:${Region}:${Account}:/workspaces/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workspace" + } + ], + "service_name": "Amazon Managed Grafana" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by checking tag key/value pairs included in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to create a new snapshot on a volume", - "privilege": "CreateSnapshot", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by checking tag key/value pairs associated with a specific resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by checking tag keys passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "greengrass", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", + "privilege": "AssociateServiceRoleToAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "snapshot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iam:PassRole" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system", - "privilege": "CreateStorageVirtualMachine", + "description": "Grants permission to associate a list of client devices with a core device", + "privilege": "BatchAssociateClientDeviceWithCoreDevice", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storage-virtual-machine*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new volume", - "privilege": "CreateVolume", + "description": "Grants permission to disassociate a list of client devices from a core device", + "privilege": "BatchDisassociateClientDeviceFromCoreDevice", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "volume*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "fsx:StorageVirtualMachineId", - "fsx:ParentVolumeId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new volume from backup", - "privilege": "CreateVolumeFromBackup", + "description": "Grants permission to cancel a deployment", + "privilege": "CancelDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "fsx:TagResource" + "iot:CancelJob", + "iot:DeleteThingShadow", + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow", + "iot:UpdateJob", + "iot:UpdateThingShadow" ], - "resource_type": "backup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storage-virtual-machine*" - }, + "resource_type": "deployment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a component", + "privilege": "CreateComponentVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "component*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "fsx:StorageVirtualMachineId" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -107883,188 +132695,164 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a backup, deleting its contents. After deletion, the backup no longer exists, and its data is no longer available", - "privilege": "DeleteBackup", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iot:CancelJob", + "iot:CreateJob", + "iot:DeleteThingShadow", + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow", + "iot:UpdateJob", + "iot:UpdateThingShadow" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a data repository association", - "privilege": "DeleteDataRepositoryAssociation", + "description": "Grants permission to delete a component", + "privilege": "DeleteComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association*" + "resource_type": "componentVersion*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a file cache, deleting its contents", - "privilege": "DeleteFileCache", + "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", + "privilege": "DeleteCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "fsx:DeleteDataRepositoryAssociation" - ], - "resource_type": "file-cache*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iot:DescribeJobExecution" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a file system, deleting its contents and any existing automatic backups of the file system", - "privilege": "DeleteFileSystem", + "description": "Grants permission to delete a deployment. To delete an active deployment, it needs to be cancelled first", + "privilege": "DeleteDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "fsx:CreateBackup", - "fsx:TagResource" - ], - "resource_type": "file-system*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iot:DeleteJob" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "deployment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a snapshot on a volume", - "privilege": "DeleteSnapshot", + "access_level": "Read", + "description": "Grants permission to retrieve metadata for a version of a component", + "privilege": "DescribeComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" + "resource_type": "componentVersion*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a storage virtual machine, deleting its contents", - "privilege": "DeleteStorageVirtualMachine", + "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", + "privilege": "DisassociateServiceRoleFromAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume", - "privilege": "DeleteVolume", + "access_level": "Read", + "description": "Grants permission to get the recipe for a version of a component", + "privilege": "GetComponent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "fsx:TagResource" - ], - "resource_type": "volume*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "fsx:StorageVirtualMachineId", - "fsx:ParentVolumeId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "componentVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the File Gateway instances associated with an Amazon FSx for Windows File Server file system", - "privilege": "DescribeAssociatedFileGateways", + "description": "Grants permission to get the pre-signed URL to download a public component artifact", + "privilege": "GetComponentVersionArtifact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "componentVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all backups owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeBackups", + "description": "Grants permission to retrieve the connectivity information for a Greengrass core device", + "privilege": "GetConnectivityInfo", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iot:GetThingShadow" + ], + "resource_type": "connectivityInfo*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all data repository associations owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeDataRepositoryAssociations", + "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", + "privilege": "GetCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDevice*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all data repository tasks owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeDataRepositoryTasks", + "description": "Grants permission to get a deployment", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "deployment*" } ] }, { "access_level": "Read", - "description": "Grants permission to return the descriptions of all file caches owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeFileCaches", + "description": "Grants permission to retrieve the service role that is attached to an account", + "privilege": "GetServiceRoleForAccount", "resource_types": [ { "condition_keys": [], @@ -108074,33 +132862,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the description of all DNS aliases owned by your Amazon FSx for Windows File Server file system", - "privilege": "DescribeFileSystemAliases", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of client devices associated to a AWS IoT Greengrass core device", + "privilege": "ListClientDevicesAssociatedWithCoreDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "coreDevice*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all file systems owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeFileSystems", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of all versions for a component", + "privilege": "ListComponentVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "component*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all snapshots owned by your AWS account in the AWS Region of the endpoint you're calling", - "privilege": "DescribeSnapshots", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of component summaries", + "privilege": "ListComponents", "resource_types": [ { "condition_keys": [], @@ -108110,9 +132898,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeStorageVirtualMachines", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", + "privilege": "ListCoreDevices", "resource_types": [ { "condition_keys": [], @@ -108122,178 +132910,128 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling", - "privilege": "DescribeVolumes", + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployments", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a File Gateway instance from an Amazon FSx for Windows File Server file system", - "privilege": "DisassociateFileGateway", + "access_level": "List", + "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", + "privilege": "ListEffectiveDeployments", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" + "dependent_actions": [ + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:GetThingShadow" + ], + "resource_type": "coreDevice*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate file system aliases with an Amazon FSx for Windows File Server file system", - "privilege": "DisassociateFileSystemAliases", + "access_level": "List", + "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", + "privilege": "ListInstalledComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "coreDevice*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for an Amazon FSx resource", + "description": "Grants permission to list the tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-cache" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" + "resource_type": "component" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "componentVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine" + "resource_type": "coreDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "deployment" }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to manage backup principal associations through AWS Backup", - "privilege": "ManageBackupPrincipalAssociations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to release file system NFS V3 locks", - "privilege": "ReleaseFileSystemNfsV3Locks", - "resource_types": [ - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "file-system*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to restore volume state from a snapshot", - "privilege": "RestoreVolumeFromSnapshot", + "access_level": "List", + "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", + "privilege": "ResolveComponentCandidates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume*" + "resource_type": "componentVersion*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag an Amazon FSx resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-cache" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "component" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine" + "resource_type": "componentVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "coreDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume" + "resource_type": "deployment" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -108302,51 +133040,32 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove a tag from an Amazon FSx resource", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "association" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "backup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-cache" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" + "resource_type": "component" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "storage-virtual-machine" + "resource_type": "componentVersion" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "task" + "resource_type": "coreDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "volume" + "resource_type": "deployment" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -108356,193 +133075,105 @@ }, { "access_level": "Write", - "description": "Grants permission to update data repository association configuration", - "privilege": "UpdateDataRepositoryAssociation", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "association*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update file cache configuration", - "privilege": "UpdateFileCache", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-cache*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update file system configuration", - "privilege": "UpdateFileSystem", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "file-system*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update snapshot configuration", - "privilege": "UpdateSnapshot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update storage virtual machine configuration", - "privilege": "UpdateStorageVirtualMachine", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "storage-virtual-machine*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update volume configuration", - "privilege": "UpdateVolume", + "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", + "privilege": "UpdateConnectivityInfo", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "volume*" - }, - { - "condition_keys": [ - "fsx:StorageVirtualMachineId", - "fsx:ParentVolumeId" + "dependent_actions": [ + "iot:GetThingShadow", + "iot:UpdateThingShadow" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "connectivityInfo*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-system/${FileSystemId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "file-system" - }, - { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:file-cache/${FileCacheId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "file-cache" - }, - { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:backup/${BackupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "backup" - }, - { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:storage-virtual-machine/${FileSystemId}/${StorageVirtualMachineId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "storage-virtual-machine" + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", + "condition_keys": [], + "resource": "connectivityInfo" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:task/${TaskId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "task" + "resource": "component" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:association/${FileSystemIdOrFileCacheId}/${DataRepositoryAssociationId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "association" + "resource": "componentVersion" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "volume" + "resource": "coreDevice" }, { - "arn": "arn:${Partition}:fsx:${Region}:${Account}:snapshot/${VolumeId}/${SnapshotId}", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "snapshot" + "resource": "deployment" } ], - "service_name": "Amazon FSx" + "service_name": "AWS IoT Greengrass V2" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by the allowed set of values for each of the mandatory tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by the tag value associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by the presence of mandatory tags in the request", "type": "ArrayOfString" } ], - "prefix": "gamelift", + "prefix": "greengrass", "privileges": [ { "access_level": "Write", - "description": "Grants permission to register player acceptance or rejection of a proposed FlexMatch match", - "privilege": "AcceptMatch", + "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", + "privilege": "AssociateRoleToGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to locate and reserve a game server to host a new game session", - "privilege": "ClaimGameServer", + "access_level": "Permissions management", + "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", + "privilege": "AssociateServiceRoleToAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to define a new alias for a fleet", - "privilege": "CreateAlias", + "description": "Grants permission to create a connector definition", + "privilege": "CreateConnectorDefinition", "resource_types": [ { "condition_keys": [ @@ -108556,23 +133187,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new game build using files stored in an Amazon S3 bucket", - "privilege": "CreateBuild", + "description": "Grants permission to create a version of an existing connector definition", + "privilege": "CreateConnectorDefinitionVersion", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectorDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new fleet of computing resources to run your game servers", - "privilege": "CreateFleet", + "description": "Grants permission to create a core definition", + "privilege": "CreateCoreDefinition", "resource_types": [ { "condition_keys": [ @@ -108586,20 +133214,32 @@ }, { "access_level": "Write", - "description": "Grants permission to specify additional locations for a fleet", - "privilege": "CreateFleetLocations", + "description": "Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core", + "privilege": "CreateCoreDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new game server group, set up a corresponding Auto Scaling group, and launche instances to host game servers", - "privilege": "CreateGameServerGroup", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a device definition", + "privilege": "CreateDeviceDefinition", "resource_types": [ { "condition_keys": [ @@ -108613,20 +133253,20 @@ }, { "access_level": "Write", - "description": "Grants permission to start a new game session on a specified fleet", - "privilege": "CreateGameSession", + "description": "Grants permission to create a version of an existing device definition", + "privilege": "CreateDeviceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deviceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to set up a new queue for processing game session placement requests", - "privilege": "CreateGameSessionQueue", + "description": "Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations", + "privilege": "CreateFunctionDefinition", "resource_types": [ { "condition_keys": [ @@ -108640,23 +133280,20 @@ }, { "access_level": "Write", - "description": "Grants permission to define a new location for a fleet", - "privilege": "CreateLocation", + "description": "Grants permission to create a version of an existing Lambda function definition", + "privilege": "CreateFunctionDefinitionVersion", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new FlexMatch matchmaker", - "privilege": "CreateMatchmakingConfiguration", + "description": "Grants permission to create a group", + "privilege": "CreateGroup", "resource_types": [ { "condition_keys": [ @@ -108670,26 +133307,38 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new matchmaking rule set for FlexMatch", - "privilege": "CreateMatchmakingRuleSet", + "description": "Grants permission to create a CA for the group, or rotate the existing CA", + "privilege": "CreateGroupCertificateAuthority", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a version of a group that has already been defined", + "privilege": "CreateGroupVersion", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to reserve an available game session slot for a player", - "privilege": "CreatePlayerSession", + "description": "Grants permission to create a logger definition", + "privilege": "CreateLoggerDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -108697,20 +133346,20 @@ }, { "access_level": "Write", - "description": "Grants permission to reserve available game session slots for multiple players", - "privilege": "CreatePlayerSessions", + "description": "Grants permission to create a version of an existing logger definition", + "privilege": "CreateLoggerDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Realtime Servers script", - "privilege": "CreateScript", + "description": "Grants permission to create a resource definition that contains a list of resources to be used in a group", + "privilege": "CreateResourceDefinition", "resource_types": [ { "condition_keys": [ @@ -108724,20 +133373,20 @@ }, { "access_level": "Write", - "description": "Grants permission to allow GameLift to create or delete a peering connection between a GameLift fleet VPC and a VPC on another AWS account", - "privilege": "CreateVpcPeeringAuthorization", + "description": "Grants permission to create a version of an existing resource definition", + "privilege": "CreateResourceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to establish a peering connection between your GameLift fleet VPC and a VPC on another account", - "privilege": "CreateVpcPeeringConnection", + "description": "Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running", + "privilege": "CreateSoftwareUpdateJob", "resource_types": [ { "condition_keys": [], @@ -108748,140 +133397,143 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an alias", - "privilege": "DeleteAlias", + "description": "Grants permission to create a subscription definition", + "privilege": "CreateSubscriptionDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "alias*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a game build", - "privilege": "DeleteBuild", + "description": "Grants permission to create a version of an existing subscription definition", + "privilege": "CreateSubscriptionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "build*" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an empty fleet", - "privilege": "DeleteFleet", + "description": "Grants permission to delete a connector definition", + "privilege": "DeleteConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "connectorDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete locations for a fleet", - "privilege": "DeleteFleetLocations", + "description": "Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to permanently delete a game server group and terminate FleetIQ activity for the corresponding Auto Scaling group", - "privilege": "DeleteGameServerGroup", + "description": "Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteDeviceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "deviceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing game session queue", - "privilege": "DeleteGameSessionQueue", + "description": "Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue*" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a location", - "privilege": "DeleteLocation", + "description": "Grants permission to delete a group that is not currently in use in a deployment", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "location*" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing FlexMatch matchmaker", - "privilege": "DeleteMatchmakingConfiguration", + "description": "Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration*" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing FlexMatch matchmaking rule set", - "privilege": "DeleteMatchmakingRuleSet", + "description": "Grants permission to delete a resource definition", + "privilege": "DeleteResourceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingRuleSet*" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a set of auto-scaling rules", - "privilege": "DeleteScalingPolicy", + "description": "Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments", + "privilege": "DeleteSubscriptionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Realtime Servers script", - "privilege": "DeleteScript", + "description": "Grants permission to disassociate the role from a group", + "privilege": "DisassociateRoleFromGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "script*" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a VPC peering authorization", - "privilege": "DeleteVpcPeeringAuthorization", + "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", + "privilege": "DisassociateServiceRoleFromAccount", "resource_types": [ { "condition_keys": [], @@ -108891,261 +133543,306 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove a peering connection between VPCs", - "privilege": "DeleteVpcPeeringConnection", + "access_level": "Read", + "description": "Grants permission to retrieve information required to connect to a Greengrass core", + "privilege": "Discover", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister a compute against a fleet", - "privilege": "DeregisterCompute", + "access_level": "Read", + "description": "Grants permission to retrieve the role associated with a group", + "privilege": "GetAssociatedRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a game server from a game server group", - "privilege": "DeregisterGameServer", + "access_level": "Read", + "description": "Grants permission to return the status of a bulk deployment", + "privilege": "GetBulkDeploymentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "bulkDeployment*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for an alias", - "privilege": "DescribeAlias", + "description": "Grants permission to retrieve the connectivity information for a core", + "privilege": "GetConnectivityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" + "resource_type": "connectivityInfo*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for a game build", - "privilege": "DescribeBuild", + "description": "Grants permission to retrieve information about a connector definition", + "privilege": "GetConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "build*" + "resource_type": "connectorDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve general properties of the compute such as ARN, fleet details, SDK endpoints, and location", - "privilege": "DescribeCompute", + "description": "Grants permission to retrieve information about a connector definition version", + "privilege": "GetConnectorDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "connectorDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the maximum allowed and current usage for EC2 instance types", - "privilege": "DescribeEC2InstanceLimits", + "description": "Grants permission to retrieve information about a core definition", + "privilege": "GetCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve general properties, including status, for fleets", - "privilege": "DescribeFleetAttributes", + "description": "Grants permission to retrieve information about a core definition version", + "privilege": "GetCoreDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "coreDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the current capacity setting for fleets", - "privilege": "DescribeFleetCapacity", + "description": "Grants permission to return the status of a deployment", + "privilege": "GetDeploymentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "deployment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve entries from a fleet's event log", - "privilege": "DescribeFleetEvents", + "description": "Grants permission to retrieve information about a device definition", + "privilege": "GetDeviceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "deviceDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve general properties, including statuses, for a fleet's locations", - "privilege": "DescribeFleetLocationAttributes", + "description": "Grants permission to retrieve information about a device definition version", + "privilege": "GetDeviceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "deviceDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the current capacity setting for a fleet's location", - "privilege": "DescribeFleetLocationCapacity", + "description": "Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version", + "privilege": "GetFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve utilization statistics for fleet's location", - "privilege": "DescribeFleetLocationUtilization", + "description": "Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations", + "privilege": "GetFunctionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "functionDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the inbound connection permissions for a fleet", - "privilege": "DescribeFleetPortSettings", + "description": "Grants permission to retrieve information about a group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve utilization statistics for fleets", - "privilege": "DescribeFleetUtilization", + "description": "Grants permission to return the public key of the CA associated with a group", + "privilege": "GetGroupCertificateAuthority", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "certificateAuthority*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for a game server", - "privilege": "DescribeGameServer", + "description": "Grants permission to retrieve the current configuration for the CA used by a group", + "privilege": "GetGroupCertificateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for a game server group", - "privilege": "DescribeGameServerGroup", + "description": "Grants permission to retrieve information about a group version", + "privilege": "GetGroupVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "groupVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the status of EC2 instances in a game server group", - "privilege": "DescribeGameServerInstances", + "description": "Grants permission to retrieve information about a logger definition", + "privilege": "GetLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for game sessions in a fleet, including the protection policy", - "privilege": "DescribeGameSessionDetails", + "description": "Grants permission to retrieve information about a logger definition version", + "privilege": "GetLoggerDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of a game session placement request", - "privilege": "DescribeGameSessionPlacement", + "description": "Grants permission to retrieve information about a resource definition, such as its creation time and latest version", + "privilege": "GetResourceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for game session queues", - "privilege": "DescribeGameSessionQueues", + "description": "Grants permission to retrieve information about a resource definition version, such as which resources are included in the version", + "privilege": "GetResourceDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for game sessions in a fleet", - "privilege": "DescribeGameSessions", + "description": "Grants permission to retrieve the service role that is attached to an account", + "privilege": "GetServiceRoleForAccount", "resource_types": [ { "condition_keys": [], @@ -109156,56 +133853,61 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve information about instances in a fleet", - "privilege": "DescribeInstances", + "description": "Grants permission to retrieve information about a subscription definition", + "privilege": "GetSubscriptionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of matchmaking tickets", - "privilege": "DescribeMatchmaking", + "description": "Grants permission to retrieve information about a subscription definition version", + "privilege": "GetSubscriptionDefinitionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "subscriptionDefinition*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinitionVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for FlexMatch matchmakers", - "privilege": "DescribeMatchmakingConfigurations", + "description": "Grants permission to retrieve runtime configuration of a thing", + "privilege": "GetThingRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thingRuntimeConfig*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve properties for FlexMatch matchmaking rule sets", - "privilege": "DescribeMatchmakingRuleSets", + "description": "Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status", + "privilege": "ListBulkDeploymentDetailedReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bulkDeployment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for player sessions in a game session", - "privilege": "DescribePlayerSessions", + "access_level": "List", + "description": "Grants permission to retrieve a list of bulk deployments", + "privilege": "ListBulkDeployments", "resource_types": [ { "condition_keys": [], @@ -109215,45 +133917,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current runtime configuration for a fleet", - "privilege": "DescribeRuntimeConfiguration", + "access_level": "List", + "description": "Grants permission to list the versions of a connector definition", + "privilege": "ListConnectorDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "connectorDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all scaling policies that are applied to a fleet", - "privilege": "DescribeScalingPolicies", + "access_level": "List", + "description": "Grants permission to retrieve a list of connector definitions", + "privilege": "ListConnectorDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve properties for a Realtime Servers script", - "privilege": "DescribeScript", + "access_level": "List", + "description": "Grants permission to list the versions of a core definition", + "privilege": "ListCoreDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "script*" + "resource_type": "coreDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve valid VPC peering authorizations", - "privilege": "DescribeVpcPeeringAuthorizations", + "access_level": "List", + "description": "Grants permission to retrieve a list of core definitions", + "privilege": "ListCoreDefinitions", "resource_types": [ { "condition_keys": [], @@ -109263,45 +133965,57 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details on active or pending VPC peering connections", - "privilege": "DescribeVpcPeeringConnections", + "access_level": "List", + "description": "Grants permission to retrieve a list of all deployments for a group", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve access credentials of the compute", - "privilege": "GetComputeAccess", + "access_level": "List", + "description": "Grants permission to list the versions of a device definition", + "privilege": "ListDeviceDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "deviceDefinition*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an authorization token for a compute and fleet to use in game server processes", - "privilege": "GetComputeAuthToken", + "access_level": "List", + "description": "Grants permission to retrieve a list of device definitions", + "privilege": "ListDeviceDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the location of stored logs for a game session", - "privilege": "GetGameSessionLogUrl", + "access_level": "List", + "description": "Grants permission to list the versions of a Lambda function definition", + "privilege": "ListFunctionDefinitionVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of Lambda function definitions", + "privilege": "ListFunctionDefinitions", "resource_types": [ { "condition_keys": [], @@ -109311,33 +134025,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to request remote access to a specified fleet instance", - "privilege": "GetInstanceAccess", + "access_level": "List", + "description": "Grants permission to retrieve a list of current CAs for a group", + "privilege": "ListGroupCertificateAuthorities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "group*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all aliases that are defined in the current Region", - "privilege": "ListAliases", + "description": "Grants permission to list the versions of a group", + "privilege": "ListGroupVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all game build in the current Region", - "privilege": "ListBuilds", + "description": "Grants permission to retrieve a list of groups", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], @@ -109348,20 +134062,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve all compute resources in the current Region", - "privilege": "ListCompute", + "description": "Grants permission to list the versions of a logger definition", + "privilege": "ListLoggerDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of fleet IDs for all fleets in the current Region", - "privilege": "ListFleets", + "description": "Grants permission to retrieve a list of logger definitions", + "privilege": "ListLoggerDefinitions", "resource_types": [ { "condition_keys": [], @@ -109372,44 +134086,44 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve all game server groups that are defined in the current Region", - "privilege": "ListGameServerGroups", + "description": "Grants permission to list the versions of a resource definition", + "privilege": "ListResourceDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all game servers that are currently running in a game server group", - "privilege": "ListGameServers", + "description": "Grants permission to retrieve a list of resource definitions", + "privilege": "ListResourceDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all locations in this account", - "privilege": "ListLocations", + "description": "Grants permission to list the versions of a subscription definition", + "privilege": "ListSubscriptionDefinitionVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "subscriptionDefinition*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve properties for all Realtime Servers scripts in the current region", - "privilege": "ListScripts", + "description": "Grants permission to retrieve a list of subscription definitions", + "privilege": "ListSubscriptionDefinitions", "resource_types": [ { "condition_keys": [], @@ -109420,348 +134134,572 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve tags for GameLift resources", + "description": "Grants permission to list the tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias" + "resource_type": "bulkDeployment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "build" + "resource_type": "connectorDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "coreDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup" + "resource_type": "deviceDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue" + "resource_type": "functionDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "location" + "resource_type": "group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration" + "resource_type": "loggerDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingRuleSet" + "resource_type": "resourceDefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "script" + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a fleet auto-scaling policy", - "privilege": "PutScalingPolicy", + "description": "Grants permission to reset a group's deployments", + "privilege": "ResetDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to register a compute against a fleet", - "privilege": "RegisterCompute", + "description": "Grants permission to deploy multiple groups in one operation", + "privilege": "StartBulkDeployment", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to notify GameLift FleetIQ when a new game server is ready to host gameplay", - "privilege": "RegisterGameServer", + "description": "Grants permission to stop the execution of a bulk deployment", + "privilege": "StopBulkDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "bulkDeployment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve fresh upload credentials to use when uploading a new game build", - "privilege": "RequestUploadCredentials", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "build*" + "resource_type": "bulkDeployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the fleet ID associated with an alias", - "privilege": "ResolveAlias", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" + "resource_type": "bulkDeployment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connectorDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "coreDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deviceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "functionDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "loggerDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourceDefinition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriptionDefinition" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reinstate suspended FleetIQ activity for a game server group", - "privilege": "ResumeGameServerGroup", + "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", + "privilege": "UpdateConnectivityInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "connectivityInfo*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve game sessions that match a set of search criteria", - "privilege": "SearchGameSessions", + "access_level": "Write", + "description": "Grants permission to update a connector definition", + "privilege": "UpdateConnectorDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "connectorDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to resume auto-scaling activity on a fleet after it was suspended with StopFleetActions()", - "privilege": "StartFleetActions", + "description": "Grants permission to update a core definition", + "privilege": "UpdateCoreDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "coreDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to send a game session placement request to a game session queue", - "privilege": "StartGameSessionPlacement", + "description": "Grants permission to update a device definition", + "privilege": "UpdateDeviceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue*" + "resource_type": "deviceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to request FlexMatch matchmaking to fill available player slots in an existing game session", - "privilege": "StartMatchBackfill", + "description": "Grants permission to update a Lambda function definition", + "privilege": "UpdateFunctionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "functionDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to request FlexMatch matchmaking for one or a group of players and initiate game session placement", - "privilege": "StartMatchmaking", + "description": "Grants permission to update a group", + "privilege": "UpdateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to suspend auto-scaling activity on a fleet", - "privilege": "StopFleetActions", + "description": "Grants permission to update the certificate expiry time for a group", + "privilege": "UpdateGroupCertificateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a game session placement request that is in progress", - "privilege": "StopGameSessionPlacement", + "description": "Grants permission to update a logger definition", + "privilege": "UpdateLoggerDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "loggerDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a matchmaking or match backfill request that is in progress", - "privilege": "StopMatchmaking", + "description": "Grants permission to update a resource definition", + "privilege": "UpdateResourceDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "resourceDefinition*" } ] }, { "access_level": "Write", - "description": "Grants permission to temporarily stop FleetIQ activity for a game server group", - "privilege": "SuspendGameServerGroup", + "description": "Grants permission to update a subscription definition", + "privilege": "UpdateSubscriptionDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "subscriptionDefinition*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag GameLift resources", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update runtime configuration of a thing", + "privilege": "UpdateThingRuntimeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "build" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "gameServerGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "gameSessionQueue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "matchmakingConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "matchmakingRuleSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "script" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "thingRuntimeConfig*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", + "condition_keys": [], + "resource": "connectivityInfo" }, { - "access_level": "Tagging", - "description": "Grants permission to untag GameLift resources", - "privilege": "UntagResource", + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/certificateauthorities/${CertificateAuthorityId}", + "condition_keys": [], + "resource": "certificateAuthority" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/deployments/${DeploymentId}", + "condition_keys": [], + "resource": "deployment" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/bulk/deployments/${BulkDeploymentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "bulkDeployment" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "group" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/versions/${VersionId}", + "condition_keys": [], + "resource": "groupVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "coreDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "coreDefinitionVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deviceDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "deviceDefinitionVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "functionDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "functionDefinitionVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "subscriptionDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "subscriptionDefinitionVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "loggerDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "loggerDefinitionVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "resourceDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "resourceDefinitionVersion" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connectorDefinition" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}/versions/${VersionId}", + "condition_keys": [], + "resource": "connectorDefinitionVersion" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "condition_keys": [], + "resource": "thing" + }, + { + "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/runtimeconfig", + "condition_keys": [], + "resource": "thingRuntimeConfig" + } + ], + "service_name": "AWS IoT Greengrass" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "groundstation:AgentId", + "description": "Filters access by the ID of an agent", + "type": "String" + }, + { + "condition": "groundstation:ConfigId", + "description": "Filters access by the ID of a config", + "type": "String" + }, + { + "condition": "groundstation:ConfigType", + "description": "Filters access by the type of a config", + "type": "String" + }, + { + "condition": "groundstation:ContactId", + "description": "Filters access by the ID of a contact", + "type": "String" + }, + { + "condition": "groundstation:DataflowEndpointGroupId", + "description": "Filters access by the ID of a dataflow endpoint group", + "type": "String" + }, + { + "condition": "groundstation:EphemerisId", + "description": "Filters access by the ID of an ephemeris", + "type": "String" + }, + { + "condition": "groundstation:GroundStationId", + "description": "Filters access by the ID of a ground station", + "type": "String" + }, + { + "condition": "groundstation:MissionProfileId", + "description": "Filters access by the ID of a mission profile", + "type": "String" + }, + { + "condition": "groundstation:SatelliteId", + "description": "Filters access by the ID of a satellite", + "type": "String" + } + ], + "prefix": "groundstation", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel a contact", + "privilege": "CancelContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "build" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "gameServerGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "gameSessionQueue" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "location" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "matchmakingConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "matchmakingRuleSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "script" - }, + "resource_type": "Contact*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a configuration", + "privilege": "CreateConfig", + "resource_types": [ { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -109771,152 +134709,161 @@ }, { "access_level": "Write", - "description": "Grants permission to update the properties of an existing alias", - "privilege": "UpdateAlias", + "description": "Grants permission to create a data flow endpoint group", + "privilege": "CreateDataflowEndpointGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "alias*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing build's metadata", - "privilege": "UpdateBuild", + "description": "Grants permission to create an ephemeris item", + "privilege": "CreateEphemeris", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "build*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the general properties of an existing fleet", - "privilege": "UpdateFleetAttributes", + "description": "Grants permission to create a mission profile", + "privilege": "CreateMissionProfile", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to adjust a fleet's capacity settings", - "privilege": "UpdateFleetCapacity", + "description": "Grants permission to delete a config", + "privilege": "DeleteConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "Config*" } ] }, { - "access_level": "Write", - "description": "Grants permission to adjust a fleet's port settings", - "privilege": "UpdateFleetPortSettings", + "access_level": "Write", + "description": "Grants permission to delete a data flow endpoint group", + "privilege": "DeleteDataflowEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "DataflowEndpointGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to change game server properties, health status, or utilization status", - "privilege": "UpdateGameServer", + "description": "Grants permission to delete an ephemeris item", + "privilege": "DeleteEphemeris", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "EphemerisItem*" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties for game server group, including allowed instance types", - "privilege": "UpdateGameServerGroup", + "description": "Grants permission to delete a mission profile", + "privilege": "DeleteMissionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameServerGroup*" + "resource_type": "MissionProfile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the properties of an existing game session", - "privilege": "UpdateGameSession", + "access_level": "Read", + "description": "Grants permission to describe a contact", + "privilege": "DescribeContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Contact*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update properties of an existing game session queue", - "privilege": "UpdateGameSessionQueue", + "access_level": "Read", + "description": "Grants permission to describe an ephemeris item", + "privilege": "DescribeEphemeris", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gameSessionQueue*" + "resource_type": "EphemerisItem*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update properties of an existing FlexMatch matchmaking configuration", - "privilege": "UpdateMatchmakingConfiguration", + "access_level": "Read", + "description": "Grants permission to get the configuration of an agent", + "privilege": "GetAgentConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "matchmakingConfiguration*" + "resource_type": "Agent*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update how server processes are configured on instances in an existing fleet", - "privilege": "UpdateRuntimeConfiguration", + "access_level": "Read", + "description": "Grants permission to return a configuration", + "privilege": "GetConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "Config*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the metadata and content of an existing Realtime Servers script", - "privilege": "UpdateScript", + "access_level": "Read", + "description": "Grants permission to return a data flow endpoint group", + "privilege": "GetDataflowEndpointGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "script*" + "resource_type": "DataflowEndpointGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to validate the syntax of a FlexMatch matchmaking rule set", - "privilege": "ValidateMatchmakingRuleSet", + "description": "Grants permission to return minutes usage", + "privilege": "GetMinuteUsage", "resource_types": [ { "condition_keys": [], @@ -109924,259 +134871,110 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:gamelift:${Region}::alias/${AliasId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "alias" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:build/${BuildId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "build" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:fleet/${FleetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "fleet" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gameservergroup/${GameServerGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "gameServerGroup" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:gamesessionqueue/${GameSessionQueueName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "gameSessionQueue" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:location/${LocationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "location" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingconfiguration/${MatchmakingConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "matchmakingConfiguration" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:matchmakingruleset/${MatchmakingRuleSetName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "matchmakingRuleSet" - }, - { - "arn": "arn:${Partition}:gamelift:${Region}:${Account}:script/${ScriptId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "script" - } - ], - "service_name": "Amazon GameLift" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "gamesparks", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a game", - "privilege": "CreateGame", + "access_level": "Read", + "description": "Grants permission to retrieve a mission profile", + "privilege": "GetMissionProfile", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MissionProfile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a snapshot of a game", - "privilege": "CreateSnapshot", + "access_level": "Read", + "description": "Grants permission to return information about a satellite", + "privilege": "GetSatellite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Satellite*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a stage in a game", - "privilege": "CreateStage", + "access_level": "List", + "description": "Grants permission to return a list of past configurations", + "privilege": "ListConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a game", - "privilege": "DeleteGame", + "access_level": "List", + "description": "Grants permission to return a list of contacts", + "privilege": "ListContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a stage from a game", - "privilege": "DeleteStage", + "access_level": "List", + "description": "Grants permission to list data flow endpoint groups", + "privilege": "ListDataflowEndpointGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect a player from the game runtime", - "privilege": "DisconnectPlayer", + "access_level": "List", + "description": "Grants permission to list ephemerides", + "privilege": "ListEphemerides", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to export a snapshot of the game configuration", - "privilege": "ExportSnapshot", + "access_level": "List", + "description": "Grants permission to list ground stations", + "privilege": "ListGroundStations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about an extension", - "privilege": "GetExtension", + "access_level": "List", + "description": "Grants permission to return a list of mission profiles", + "privilege": "ListMissionProfiles", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about an extension version", - "privilege": "GetExtensionVersion", + "access_level": "List", + "description": "Grants permission to list satellites", + "privilege": "ListSatellites", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -110184,55 +134982,52 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about a game", - "privilege": "GetGame", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "Config" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the configuration for the game", - "privilege": "GetGameConfiguration", - "resource_types": [ + "resource_type": "Contact" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "DataflowEndpointGroup" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MissionProfile" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a job that is generating code for a snapshot", - "privilege": "GetGeneratedCodeJob", + "access_level": "Write", + "description": "Grants permission to register an agent", + "privilege": "RegisterAgent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reserve a contact", + "privilege": "ReserveContact", + "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -110240,41 +135035,38 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of a player connection", - "privilege": "GetPlayerConnectionStatus", + "access_level": "Tagging", + "description": "Grants permission to assign a resource tag", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "Config" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "Contact" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a snapshot of the game", - "privilege": "GetSnapshot", - "resource_types": [ + "resource_type": "DataflowEndpointGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "EphemerisItem" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "MissionProfile" }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}" ], "dependent_actions": [], @@ -110283,47 +135075,38 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to gets information about a stage", - "privilege": "GetStage", + "access_level": "Tagging", + "description": "Grants permission to unassign a resource tag", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "Config" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "Contact" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about a stage deployment", - "privilege": "GetStageDeployment", - "resource_types": [ + "resource_type": "DataflowEndpointGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" + "resource_type": "EphemerisItem" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage*" + "resource_type": "MissionProfile" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -110332,75 +135115,127 @@ }, { "access_level": "Write", - "description": "Grants permission to import a snapshot of a game configuration", - "privilege": "ImportGameConfiguration", + "description": "Grants permission to update the status of an agent", + "privilege": "UpdateAgentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Agent*" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke backend services for a specific game", - "privilege": "InvokeBackend", + "description": "Grants permission to update a configuration", + "privilege": "UpdateConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Config*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the extension versions", - "privilege": "ListExtensionVersions", + "access_level": "Write", + "description": "Grants permission to update an ephemeris item", + "privilege": "UpdateEphemeris", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "EphemerisItem*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the extensions", - "privilege": "ListExtensions", + "access_level": "Write", + "description": "Grants permission to update a mission profile", + "privilege": "UpdateMissionProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MissionProfile*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:config/${ConfigType}/${ConfigId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:ConfigId", + "groundstation:ConfigType" + ], + "resource": "Config" }, { - "access_level": "List", - "description": "Grants permission to list the games", - "privilege": "ListGames", + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:contact/${ContactId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:ContactId" + ], + "resource": "Contact" + }, + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:dataflow-endpoint-group/${DataflowEndpointGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:DataflowEndpointGroupId" + ], + "resource": "DataflowEndpointGroup" + }, + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:ephemeris/${EphemerisId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:EphemerisId" + ], + "resource": "EphemerisItem" + }, + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:groundstation:${GroundStationId}", + "condition_keys": [ + "groundstation:GroundStationId" + ], + "resource": "GroundStationResource" + }, + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:mission-profile/${MissionProfileId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "groundstation:MissionProfileId" + ], + "resource": "MissionProfile" + }, + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:satellite/${SatelliteId}", + "condition_keys": [ + "groundstation:SatelliteId" + ], + "resource": "Satellite" + }, + { + "arn": "arn:${Partition}:groundstation:${Region}:${Account}:agent/${AgentId}", + "condition_keys": [ + "groundstation:AgentId" + ], + "resource": "Agent" + } + ], + "service_name": "AWS Ground Station" + }, + { + "conditions": [], + "prefix": "groundtruthlabeling", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a patch file with the manifest file to update the manifest file", + "privilege": "AssociatePatchToManifestJob", "resource_types": [ { "condition_keys": [], @@ -110410,351 +135245,254 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of code generation jobs for a snapshot", - "privilege": "ListGeneratedCodeJobs", + "access_level": "Write", + "description": "Grants permission to create a GT+ Batch", + "privilege": "CreateBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of snapshot summaries for a game", - "privilege": "ListSnapshots", + "access_level": "Write", + "description": "Grants permission to create intake form", + "privilege": "CreateIntakeForm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of stage deployment summaries for a game", - "privilege": "ListStageDeployments", + "access_level": "Write", + "description": "Grants permission to create a GT+ Project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of stage summaries for a game", - "privilege": "ListStages", + "access_level": "Write", + "description": "Grants permission to create a GT+ Workflow Definition", + "privilege": "CreateWorkflowDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags associated with a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get status of GroundTruthLabeling Jobs", + "privilege": "DescribeConsoleJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start an asynchronous process that generates client code for system-defined and custom messages", - "privilege": "StartGeneratedCodeJob", + "description": "Grants permission to generate LiDAR Preview Task", + "privilege": "GenerateLIDARPreviewTaskConfigJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deploy a snapshot to a stage and creates a new game runtime", - "privilege": "StartStageDeployment", + "access_level": "Read", + "description": "Grants permission to get a GT+ Batch", + "privilege": "GetBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to adds tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get a intake forms", + "privilege": "GetIntakeFormStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list a GT+ Batchs", + "privilege": "ListBatches", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to list dataset objects in a manifest file", + "privilege": "ListDatasetObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list a GT+ Projects", + "privilege": "ListProjects", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stage" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the metadata of a game", - "privilege": "UpdateGame", + "description": "Grants permission to filter records from a manifest file using S3 select. Get sample entries based on random sampling", + "privilege": "RunFilterOrSampleDatasetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to change the working copy of the game configuration", - "privilege": "UpdateGameConfiguration", + "description": "Grants permission to list a S3 prefix and create manifest files from objects in that location", + "privilege": "RunGenerateManifestByCrawlingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the metadata of a snapshot", - "privilege": "UpdateSnapshot", + "description": "Grants permission to generate metrics from objects in manifest", + "privilege": "RunGenerateManifestMetricsJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the metadata of a stage", - "privilege": "UpdateStage", + "description": "Grants permission to update a GT+ Batch", + "privilege": "UpdateBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "game*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stage*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] } ], - "resources": [ - { - "arn": "arn:${Partition}:gamesparks:${Region}:${Account}:game/${GameId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "game" - }, - { - "arn": "arn:${Partition}:gamesparks:${Region}:${Account}:game/${GameId}/stage/${StageName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stage" - } - ], - "service_name": "Amazon GameSparks" + "resources": [], + "service_name": "Amazon GroundTruth Labeling" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", + "description": "Filters access by tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - }, - { - "condition": "geo:DeviceIds", - "description": "Filters access by the presence of device ids in the request", - "type": "ArrayOfString" - }, - { - "condition": "geo:GeofenceIds", - "description": "Filters access by the presence of geofence ids in the request", + "description": "Filters access by tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "geo", + "prefix": "guardduty", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an association between a geofence-collection and a tracker resource", - "privilege": "AssociateTrackerConsumer", + "description": "Grants permission to accept invitations to become a GuardDuty member account", + "privilege": "AcceptAdministratorInvitation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a batch of device position histories from a tracker resource", - "privilege": "BatchDeleteDevicePositionHistory", + "description": "Grants permission to accept invitations to become a GuardDuty member account", + "privilege": "AcceptInvitation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to archive GuardDuty findings", + "privilege": "ArchiveFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a detector", + "privilege": "CreateDetector", + "resource_types": [ { "condition_keys": [ - "geo:DeviceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -110763,17 +135501,18 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a batch of geofences from a geofence collection", - "privilege": "BatchDeleteGeofence", + "description": "Grants permission to create GuardDuty filters. A filters defines finding attributes and conditions used to filter findings", + "privilege": "CreateFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "filter*" }, { "condition_keys": [ - "geo:GeofenceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -110782,48 +135521,70 @@ }, { "access_level": "Write", - "description": "Grants permission to evaluate device positions against the position of geofences in a given geofence collection", - "privilege": "BatchEvaluateGeofences", + "description": "Grants permission to create an IPSet", + "privilege": "CreateIPSet", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:DeleteRolePolicy", + "iam:PutRolePolicy" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to send a batch request to retrieve device positions", - "privilege": "BatchGetDevicePosition", + "access_level": "Write", + "description": "Grants permission to create GuardDuty member accounts, where the account used to create a member becomes the GuardDuty administrator account", + "privilege": "CreateMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a publishing destination", + "privilege": "CreatePublishingDestination", + "resource_types": [ { - "condition_keys": [ - "geo:DeviceIds" + "condition_keys": [], + "dependent_actions": [ + "s3:GetObject", + "s3:ListBucket" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send a batch request for adding geofences into a given geofence collection", - "privilege": "BatchPutGeofence", + "description": "Grants permission to create sample findings", + "privilege": "CreateSampleFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create GuardDuty ThreatIntelSets, where a ThreatIntelSet consists of known malicious IP addresses used by GuardDuty to generate findings", + "privilege": "CreateThreatIntelSet", + "resource_types": [ { "condition_keys": [ - "geo:GeofenceIds" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -110832,72 +135593,59 @@ }, { "access_level": "Write", - "description": "Grants permission to upload a position update for one or more devices to a tracker resource", - "privilege": "BatchUpdateDevicePosition", + "description": "Grants permission to decline invitations to become a GuardDuty member account", + "privilege": "DeclineInvitations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, - { - "condition_keys": [ - "geo:DeviceIds" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to calculate routes using a given route calculator resource", - "privilege": "CalculateRoute", + "access_level": "Write", + "description": "Grants permission to delete GuardDuty detectors", + "privilege": "DeleteDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "detector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to calculate a route matrix using a given route calculator resource", - "privilege": "CalculateRouteMatrix", + "access_level": "Write", + "description": "Grants permission to delete GuardDuty filters", + "privilege": "DeleteFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "filter*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a geofence-collection", - "privilege": "CreateGeofenceCollection", + "description": "Grants permission to delete GuardDuty IPSets", + "privilege": "DeleteIPSet", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ipset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an API key resource", - "privilege": "CreateKey", + "description": "Grants permission to delete invitations to become a GuardDuty member account", + "privilege": "DeleteInvitations", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -110905,14 +135653,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a map resource", - "privilege": "CreateMap", + "description": "Grants permission to delete GuardDuty member accounts", + "privilege": "DeleteMembers", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -110920,219 +135665,227 @@ }, { "access_level": "Write", - "description": "Grants permission to create a place index resource", - "privilege": "CreatePlaceIndex", + "description": "Grants permission to delete a publishing destination", + "privilege": "DeletePublishingDestination", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "publishingDestination*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a route calculator resource", - "privilege": "CreateRouteCalculator", + "description": "Grants permission to delete GuardDuty ThreatIntelSets", + "privilege": "DeleteThreatIntelSet", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "threatintelset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve details about malware scans", + "privilege": "DescribeMalwareScans", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a tracker resource", - "privilege": "CreateTracker", + "access_level": "Read", + "description": "Grants permission to retrieve details about the delegated administrator associated with a GuardDuty detector", + "privilege": "DescribeOrganizationConfiguration", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a geofence-collection", - "privilege": "DeleteGeofenceCollection", + "access_level": "Read", + "description": "Grants permission to retrieve details about a publishing destination", + "privilege": "DescribePublishingDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "publishingDestination*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an API key resource", - "privilege": "DeleteKey", + "description": "Grants permission to disable the organization delegated administrator for GuardDuty", + "privilege": "DisableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a map resource", - "privilege": "DeleteMap", + "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", + "privilege": "DisassociateFromAdministratorAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a place index resource", - "privilege": "DeletePlaceIndex", + "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", + "privilege": "DisassociateFromMasterAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a route calculator resource", - "privilege": "DeleteRouteCalculator", + "description": "Grants permission to disassociate GuardDuty member accounts from their administrator GuardDuty account", + "privilege": "DisassociateMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a tracker resource", - "privilege": "DeleteTracker", + "description": "Grants permission to enable an organization delegated administrator for GuardDuty", + "privilege": "EnableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve geofence collection details", - "privilege": "DescribeGeofenceCollection", + "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", + "privilege": "GetAdministratorAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve API key resource details and secret", - "privilege": "DescribeKey", + "description": "Grants permission to list Amazon GuardDuty coverage statistics for the specified GuardDuty account in a Region", + "privilege": "GetCoverageStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "detector*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve map resource details", - "privilege": "DescribeMap", + "description": "Grants permission to retrieve GuardDuty detectors", + "privilege": "GetDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "detector*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve place-index resource details", - "privilege": "DescribePlaceIndex", + "description": "Grants permission to retrieve GuardDuty filters", + "privilege": "GetFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "filter*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve route calculator resource details", - "privilege": "DescribeRouteCalculator", + "description": "Grants permission to retrieve GuardDuty findings", + "privilege": "GetFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a tracker resource details", - "privilege": "DescribeTracker", + "description": "Grants permission to retrieve a list of GuardDuty finding statistics", + "privilege": "GetFindingsStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the association between a tracker resource and a geofence-collection", - "privilege": "DisassociateTrackerConsumer", + "access_level": "Read", + "description": "Grants permission to retrieve GuardDuty IPSets", + "privilege": "GetIPSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "ipset*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the latest device position", - "privilege": "GetDevicePosition", + "description": "Grants permission to retrieve the count of all GuardDuty invitations sent to a specified account, which does not include the accepted invitation", + "privilege": "GetInvitationsCount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the malware scan settings", + "privilege": "GetMalwareScanSettings", + "resource_types": [ { - "condition_keys": [ - "geo:DeviceIds" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -111140,18 +135893,23 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the device position history", - "privilege": "GetDevicePositionHistory", + "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", + "privilege": "GetMasterAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe which data sources are enabled for member accounts detectors", + "privilege": "GetMemberDetectors", + "resource_types": [ { - "condition_keys": [ - "geo:DeviceIds" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -111159,18 +135917,23 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the geofence details from a geofence-collection", - "privilege": "GetGeofence", + "description": "Grants permission to retrieve the member accounts associated with an administrator account", + "privilege": "GetMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve GuardDuty protection plan coverage statistics for member accounts in a Region", + "privilege": "GetOrganizationStatistics", + "resource_types": [ { - "condition_keys": [ - "geo:GeofenceIds" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -111178,80 +135941,92 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the glyph file for a map resource", - "privilege": "GetMapGlyphs", + "description": "Grants permission to provide the number of days left for each data source used in the free trial period", + "privilege": "GetRemainingFreeTrialDays", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the sprite file for a map resource", - "privilege": "GetMapSprites", + "description": "Grants permission to retrieve GuardDuty ThreatIntelSets", + "privilege": "GetThreatIntelSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "threatintelset*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the map style descriptor from a map resource", - "privilege": "GetMapStyleDescriptor", + "description": "Grants permission to list Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID", + "privilege": "GetUsageStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the map tile from the map resource", - "privilege": "GetMapTile", + "access_level": "Write", + "description": "Grants permission to invite other AWS accounts to enable GuardDuty and become GuardDuty member accounts", + "privilege": "InviteMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to find a place by its unique ID", - "privilege": "GetPlace", + "access_level": "List", + "description": "Grants permission to list all the resource details for a given account in a Region", + "privilege": "ListCoverage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "detector*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty detectors", + "privilege": "ListDetectors", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of devices and their latest positions from the given tracker resource", - "privilege": "ListDevicePositions", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty filters", + "privilege": "ListFilters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to lists geofence-collections", - "privilege": "ListGeofenceCollections", + "description": "Grants permission to retrieve a list of GuardDuty findings", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], @@ -111261,21 +136036,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list geofences stored in a given geofence collection", - "privilege": "ListGeofences", + "access_level": "List", + "description": "Grants permission to retrieve a list of GuardDuty IPSets", + "privilege": "ListIPSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list API key resources", - "privilege": "ListKeys", + "description": "Grants permission to retrieve a list of all of the GuardDuty membership invitations that were sent to an AWS account", + "privilege": "ListInvitations", "resource_types": [ { "condition_keys": [], @@ -111286,8 +136061,8 @@ }, { "access_level": "List", - "description": "Grants permission to list map resources", - "privilege": "ListMaps", + "description": "Grants permission to retrieve a list of GuardDuty member accounts associated with an administrator account", + "privilege": "ListMembers", "resource_types": [ { "condition_keys": [], @@ -111298,8 +136073,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of place index resources", - "privilege": "ListPlaceIndexes", + "description": "Grants permission to list details about the organization delegated administrator for GuardDuty", + "privilege": "ListOrganizationAdminAccounts", "resource_types": [ { "condition_keys": [], @@ -111310,8 +136085,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of route calculator resources", - "privilege": "ListRouteCalculators", + "description": "Grants permission to retrieve a list of publishing destinations", + "privilege": "ListPublishingDestinations", "resource_types": [ { "condition_keys": [], @@ -111322,57 +136097,35 @@ }, { "access_level": "Read", - "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", + "description": "Grants permission to retrieve a list of tags associated with a GuardDuty resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index" + "resource_type": "filter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator" + "resource_type": "ipset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of geofence collections currently associated to the given tracker resource", - "privilege": "ListTrackerConsumers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "threatintelset" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of tracker resources", - "privilege": "ListTrackers", + "description": "Grants permission to retrieve a list of GuardDuty ThreatIntelSets", + "privilege": "ListThreatIntelSets", "resource_types": [ { "condition_keys": [], @@ -111383,93 +136136,76 @@ }, { "access_level": "Write", - "description": "Grants permission to add a new geofence or update an existing geofence to a given geofence-collection", - "privilege": "PutGeofence", + "description": "Grants permission to send security telemetry for a specific GuardDuty account in a Region", + "privilege": "SendSecurityTelemetry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" - }, - { - "condition_keys": [ - "geo:GeofenceIds" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to reverse geocodes a given coordinate", - "privilege": "SearchPlaceIndexForPosition", + "access_level": "Write", + "description": "Grants permission to initiate a new malware scan", + "privilege": "StartMalwareScan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate suggestions for addresses and points of interest based on partial or misspelled free-form text", - "privilege": "SearchPlaceIndexForSuggestions", + "access_level": "Write", + "description": "Grants permission to a GuardDuty administrator account to monitor findings from GuardDuty member accounts", + "privilege": "StartMonitoringMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to geocode free-form text, such as an address, name, city or region", - "privilege": "SearchPlaceIndexForText", + "access_level": "Write", + "description": "Grants permission to disable monitoring findings from member accounts", + "privilege": "StopMonitoringMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", + "description": "Grants permission to add tags to a GuardDuty resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "map" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index" + "resource_type": "filter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator" + "resource_type": "ipset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker" + "resource_type": "threatintelset" }, { "condition_keys": [ @@ -111482,43 +136218,44 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from the resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to unarchive GuardDuty findings", + "privilege": "UnarchiveFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "geofence-collection" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from a GuardDuty resource", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map" + "resource_type": "detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index" + "resource_type": "filter" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator" + "resource_type": "ipset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker" + "resource_type": "threatintelset" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -111528,188 +136265,202 @@ }, { "access_level": "Write", - "description": "Grants permission to update a geofence collection", - "privilege": "UpdateGeofenceCollection", + "description": "Grants permission to update GuardDuty detectors", + "privilege": "UpdateDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "geofence-collection*" + "resource_type": "detector*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an API key resource", - "privilege": "UpdateKey", + "description": "Grants permission to updates GuardDuty filters", + "privilege": "UpdateFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "api-key*" + "resource_type": "filter*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a map resource", - "privilege": "UpdateMap", + "description": "Grants permission to update findings feedback to mark GuardDuty findings as useful or not useful", + "privilege": "UpdateFindingsFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "map*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a place index resource", - "privilege": "UpdatePlaceIndex", + "description": "Grants permission to update GuardDuty IPSets", + "privilege": "UpdateIPSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:DeleteRolePolicy", + "iam:PutRolePolicy" + ], + "resource_type": "ipset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the malware scan settings", + "privilege": "UpdateMalwareScanSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "place-index*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a route calculator resource", - "privilege": "UpdateRouteCalculator", + "description": "Grants permission to update which data sources are enabled for member accounts detectors", + "privilege": "UpdateMemberDetectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "route-calculator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a tracker resource", - "privilege": "UpdateTracker", + "description": "Grants permission to update the delegated administrator configuration associated with a GuardDuty detector", + "privilege": "UpdateOrganizationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tracker*" + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a publishing destination", + "privilege": "UpdatePublishingDestination", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "s3:GetObject", + "s3:ListBucket" + ], + "resource_type": "publishingDestination*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to updates the GuardDuty ThreatIntelSets", + "privilege": "UpdateThreatIntelSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:DeleteRolePolicy", + "iam:PutRolePolicy" + ], + "resource_type": "threatintelset*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:geo:${Region}:${Account}:api-key/${KeyName}", + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "api-key" - }, - { - "arn": "arn:${Partition}:geo:${Region}:${Account}:geofence-collection/${GeofenceCollectionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "geo:GeofenceIds" - ], - "resource": "geofence-collection" + "resource": "detector" }, { - "arn": "arn:${Partition}:geo:${Region}:${Account}:map/${MapName}", + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/filter/${FilterName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "map" + "resource": "filter" }, { - "arn": "arn:${Partition}:geo:${Region}:${Account}:place-index/${IndexName}", + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/ipset/${IPSetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "place-index" + "resource": "ipset" }, { - "arn": "arn:${Partition}:geo:${Region}:${Account}:route-calculator/${CalculatorName}", + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatintelset/${ThreatIntelSetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "route-calculator" + "resource": "threatintelset" }, { - "arn": "arn:${Partition}:geo:${Region}:${Account}:tracker/${TrackerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "geo:DeviceIds" - ], - "resource": "tracker" + "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/publishingDestination/${PublishingDestinationId}", + "condition_keys": [], + "resource": "publishingDestination" } ], - "service_name": "Amazon Location" + "service_name": "Amazon GuardDuty" }, { "conditions": [ { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "glacier:ArchiveAgeInDays", - "description": "Filters access by how long an archive has been stored in the vault, in days", + "condition": "health:eventTypeCode", + "description": "Filters access by event type", "type": "String" }, { - "condition": "glacier:ResourceTag/", - "description": "Filters access by a customer-defined tag", + "condition": "health:service", + "description": "Filters access by impacted service", "type": "String" } ], - "prefix": "glacier", + "prefix": "health", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to abort a multipart upload identified by the upload ID", - "privilege": "AbortMultipartUpload", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to abort the vault locking process if the vault lock is not in the Locked state", - "privilege": "AbortVaultLock", + "access_level": "Read", + "description": "Grants permission to retrieve a list of accounts that have been affected by the specified events in organization", + "privilege": "DescribeAffectedAccountsForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add the specified tags to a vault", - "privilege": "AddTagsToVault", + "access_level": "Read", + "description": "Grants permission to retrieve a list of entities that have been affected by the specified events", + "privilege": "DescribeAffectedEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "event*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "health:eventTypeCode", + "health:service" ], "dependent_actions": [], "resource_type": "" @@ -111717,124 +136468,107 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to complete a multipart upload process", - "privilege": "CompleteMultipartUpload", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to complete the vault locking process", - "privilege": "CompleteVaultLock", + "access_level": "Read", + "description": "Grants permission to retrieve a list of entities that have been affected by the specified events and accounts in organization", + "privilege": "DescribeAffectedEntitiesForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new vault with the specified name", - "privilege": "CreateVault", + "access_level": "Read", + "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events", + "privilege": "DescribeEntityAggregates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an archive from a vault", - "privilege": "DeleteArchive", + "access_level": "Read", + "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events in an organization", + "privilege": "DescribeEntityAggregatesForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" - }, - { - "condition_keys": [ - "glacier:ArchiveAgeInDays" + "dependent_actions": [ + "organizations:ListAccounts" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a vault", - "privilege": "DeleteVault", + "access_level": "Read", + "description": "Grants permission to retrieve the number of events of each event type (issue, scheduled change, and account notification)", + "privilege": "DescribeEventAggregates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the access policy associated with the specified vault", - "privilege": "DeleteVaultAccessPolicy", + "access_level": "Read", + "description": "Grants permission to retrieve detailed information about one or more specified events", + "privilege": "DescribeEventDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the notification configuration set for a vault", - "privilege": "DeleteVaultNotifications", - "resource_types": [ + "resource_type": "event*" + }, { - "condition_keys": [], + "condition_keys": [ + "health:eventTypeCode", + "health:service" + ], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a job previously initiated", - "privilege": "DescribeJob", + "description": "Grants permission to retrieve detailed information about one or more specified events for provided accounts in organization", + "privilege": "DescribeEventDetailsForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a vault", - "privilege": "DescribeVault", + "description": "Grants permission to retrieve the event types that meet the specified filter criteria", + "privilege": "DescribeEventTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the data retrieval policy", - "privilege": "GetDataRetrievalPolicy", + "description": "Grants permission to retrieve information about events that meet the specified filter criteria", + "privilege": "DescribeEvents", "resource_types": [ { "condition_keys": [], @@ -111845,65 +136579,102 @@ }, { "access_level": "Read", - "description": "Grants permission to download the output of the job specified", - "privilege": "GetJobOutput", + "description": "Grants permission to retrieve information about events that meet the specified filter criteria in organization", + "privilege": "DescribeEventsForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the access-policy subresource set on the vault", - "privilege": "GetVaultAccessPolicy", + "description": "Grants permission to retrieve the status of enabling or disabling the Organizational View feature", + "privilege": "DescribeHealthServiceStatusForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve attributes from the lock-policy subresource set on the specified vault", - "privilege": "GetVaultLock", + "access_level": "Permissions management", + "description": "Grants permission to disable the Organizational View feature", + "privilege": "DisableHealthServiceAccessForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "organizations:DisableAWSServiceAccess", + "organizations:ListAccounts" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the notification-configuration subresource set on the vault", - "privilege": "GetVaultNotifications", + "access_level": "Permissions management", + "description": "Grants permission to enable the Organizational View feature", + "privilege": "EnableHealthServiceAccessForOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:EnableAWSServiceAccess", + "organizations:ListAccounts" + ], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:health:*::event/${Service}/${EventTypeCode}/*", + "condition_keys": [], + "resource": "event" + } + ], + "service_name": "AWS Health APIs and Notifications" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "healthlake", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to initiate a job of the specified type", - "privilege": "InitiateJob", + "description": "Grants permission to create a datastore that can ingest and export FHIR data", + "privilege": "CreateFHIRDatastore", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" - }, { "condition_keys": [ - "glacier:ArchiveAgeInDays" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -111912,104 +136683,92 @@ }, { "access_level": "Write", - "description": "Grants permission to initiate a multipart upload", - "privilege": "InitiateMultipartUpload", + "description": "Grants permission to create resource", + "privilege": "CreateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to initiate the vault locking process", - "privilege": "InitiateVaultLock", + "access_level": "Write", + "description": "Grants permission to delete a datastore", + "privilege": "DeleteFHIRDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list jobs for a vault that are in-progress and jobs that have recently finished", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to delete resource", + "privilege": "DeleteResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list in-progress multipart uploads for the specified vault", - "privilege": "ListMultipartUploads", + "access_level": "Read", + "description": "Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint", + "privilege": "DescribeFHIRDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the parts of an archive that have been uploaded in a specific multipart upload", - "privilege": "ListParts", + "access_level": "Read", + "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore", + "privilege": "DescribeFHIRExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the provisioned capacity for the specified AWS account", - "privilege": "ListProvisionedCapacity", + "access_level": "Read", + "description": "Grants permission to display the properties of a FHIR import job, including the ID, ARN, name, and the status of the datastore", + "privilege": "DescribeFHIRImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the tags attached to a vault", - "privilege": "ListTagsForVault", + "access_level": "Read", + "description": "Grants permission to get the capabilities of a FHIR datastore", + "privilege": "GetCapabilities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { "access_level": "List", - "description": "Grants permission to list all vaults", - "privilege": "ListVaults", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to purchases a provisioned capacity unit for an AWS account", - "privilege": "PurchaseProvisionedCapacity", + "description": "Grants permission to list all FHIR datastores that are in the user\u2019s account, regardless of datastore status", + "privilege": "ListFHIRDatastores", "resource_types": [ { "condition_keys": [], @@ -112019,164 +136778,116 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the set of tags attached to a vault", - "privilege": "RemoveTagsFromVault", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vault*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to set and then enacts a data retrieval policy in the region specified in the PUT request", - "privilege": "SetDataRetrievalPolicy", + "access_level": "List", + "description": "Grants permission to get a list of export jobs for the specified datastore", + "privilege": "ListFHIRExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to configure an access policy for a vault; will overwrite an existing policy", - "privilege": "SetVaultAccessPolicy", + "access_level": "List", + "description": "Grants permission to get a list of import jobs for the specified datastore", + "privilege": "ListFHIRImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure vault notifications", - "privilege": "SetVaultNotifications", + "access_level": "Read", + "description": "Grants permission to get a list of tags for the specified datastore", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload an archive to a vault", - "privilege": "UploadArchive", + "access_level": "Read", + "description": "Grants permission to read resource", + "privilege": "ReadResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload a part of an archive", - "privilege": "UploadMultipartPart", + "access_level": "Read", + "description": "Grants permission to search resources with GET method", + "privilege": "SearchWithGet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vault*" + "resource_type": "datastore*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:glacier:${Region}:${Account}:vaults/${VaultName}", - "condition_keys": [], - "resource": "vault" - } - ], - "service_name": "Amazon S3 Glacier" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "globalaccelerator", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add a virtual private cloud (VPC) subnet endpoint to a custom routing accelerator endpoint group", - "privilege": "AddCustomRoutingEndpoints", + "access_level": "Read", + "description": "Grants permission to search resources with POST method", + "privilege": "SearchWithPost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "datastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to add an endpoint to a standard accelerator endpoint group", - "privilege": "AddEndpoints", + "description": "Grants permission to begin a FHIR Export job", + "privilege": "StartFHIRExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "datastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to advertises an IPv4 address range that is provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", - "privilege": "AdvertiseByoipCidr", + "description": "Grants permission to begin a FHIR Import job", + "privilege": "StartFHIRImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to allows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", - "privilege": "AllowCustomRoutingTraffic", + "access_level": "Tagging", + "description": "Grants permission to add tags to a datastore", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a standard accelerator", - "privilege": "CreateAccelerator", - "resource_types": [ + "resource_type": "datastore" + }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -112184,13 +136895,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a Custom Routing accelerator", - "privilege": "CreateCustomRoutingAccelerator", + "access_level": "Tagging", + "description": "Grants permission to remove tags associated with a datastore", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datastore" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -112200,140 +136915,132 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint group for the specified listener for a custom routing accelerator", - "privilege": "CreateCustomRoutingEndpointGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a listener to process inbound connections from clients to a custom routing accelerator", - "privilege": "CreateCustomRoutingListener", + "description": "Grants permission to update resource", + "privilege": "UpdateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "datastore*" } ] - }, + } + ], + "resources": [ { - "access_level": "Write", - "description": "Grants permission to add an endpoint group to a standard accelerator listener", - "privilege": "CreateEndpointGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener*" - } - ] - }, + "arn": "arn:${Partition}:healthlake:${Region}:${Account}:datastore/fhir/${DatastoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "datastore" + } + ], + "service_name": "AWS HealthLake" + }, + { + "conditions": [], + "prefix": "honeycode", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to add a listener to a standard accelerator", - "privilege": "CreateListener", + "description": "Grants permission to approve a team association request for your AWS Account", + "privilege": "ApproveTeamAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a standard accelerator", - "privilege": "DeleteAccelerator", + "description": "Grants permission to create new rows in a table", + "privilege": "BatchCreateTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a custom routing accelerator", - "privilege": "DeleteCustomRoutingAccelerator", + "description": "Grants permission to delete rows from a table", + "privilege": "BatchDeleteTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an endpoint group from a listener for a custom routing accelerator", - "privilege": "DeleteCustomRoutingEndpointGroup", + "description": "Grants permission to update rows in a table", + "privilege": "BatchUpdateTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a listener for a custom routing accelerator", - "privilege": "DeleteCustomRoutingListener", + "description": "Grants permission to upsert rows in a table", + "privilege": "BatchUpsertTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an endpoint group associated with a standard accelerator listener", - "privilege": "DeleteEndpointGroup", + "description": "Grants permission to create a new Amazon Honeycode team for your AWS Account", + "privilege": "CreateTeam", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a listener from a standard accelerator", - "privilege": "DeleteListener", + "description": "Grants permission to create a new tenant within Amazon Honeycode for your AWS Account", + "privilege": "CreateTenant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disallows custom routing of user traffic to a private destination IP:PORT in a specific VPC subnet", - "privilege": "DenyCustomRoutingTraffic", + "description": "Grants permission to delete Amazon Honeycode domains for your AWS Account", + "privilege": "DeleteDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to releases the specified address range that you provisioned for use with your accelerator through bring your own IP addresses (BYOIP)", - "privilege": "DeprovisionByoipCidr", + "description": "Grants permission to remove groups from an Amazon Honeycode team for your AWS Account", + "privilege": "DeregisterGroups", "resource_types": [ { "condition_keys": [], @@ -112344,116 +137051,56 @@ }, { "access_level": "Read", - "description": "Grants permissions to describe a standard accelerator", - "privilege": "DescribeAccelerator", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a standard accelerator attributes", - "privilege": "DescribeAcceleratorAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a custom routing accelerator", - "privilege": "DescribeCustomRoutingAccelerator", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the attributes of a custom routing accelerator", - "privilege": "DescribeCustomRoutingAcceleratorAttributes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an endpoint group for a custom routing accelerator", - "privilege": "DescribeCustomRoutingEndpointGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpointgroup*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a listener for a custom routing accelerator", - "privilege": "DescribeCustomRoutingListener", + "description": "Grants permission to get details about a table data import job", + "privilege": "DescribeTableDataImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "table*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a standard accelerator endpoint group", - "privilege": "DescribeEndpointGroup", + "description": "Grants permission to get details about Amazon Honeycode teams for your AWS Account", + "privilege": "DescribeTeam", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a standard accelerator listener", - "privilege": "DescribeListener", + "description": "Grants permission to load the data from a screen", + "privilege": "GetScreenData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "screen*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all standard accelerators", - "privilege": "ListAccelerators", + "access_level": "Write", + "description": "Grants permission to invoke a screen automation", + "privilege": "InvokeScreenAutomation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "screen-automation*" } ] }, { "access_level": "List", - "description": "Grants permission to list the BYOIP cidrs", - "privilege": "ListByoipCidrs", + "description": "Grants permission to list all Amazon Honeycode domains and their verification status for your AWS Account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], @@ -112464,8 +137111,8 @@ }, { "access_level": "List", - "description": "Grants permission to list the custom routing accelerators for an AWS account", - "privilege": "ListCustomRoutingAccelerators", + "description": "Grants permission to list all groups in an Amazon Honeycode team for your AWS Account", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], @@ -112476,44 +137123,44 @@ }, { "access_level": "List", - "description": "Grants permission to list the endpoint groups that are associated with a listener for a custom routing accelerator", - "privilege": "ListCustomRoutingEndpointGroups", + "description": "Grants permission to list the columns in a table", + "privilege": "ListTableColumns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "table*" } ] }, { "access_level": "List", - "description": "Grants permission to list the listeners for a custom routing accelerator", - "privilege": "ListCustomRoutingListeners", + "description": "Grants permission to list the rows in a table", + "privilege": "ListTableRows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "table*" } ] }, { "access_level": "List", - "description": "Grants permission to list the port mappings for a custom routing accelerator", - "privilege": "ListCustomRoutingPortMappings", + "description": "Grants permission to list the tables in a workbook", + "privilege": "ListTables", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "workbook*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the port mappings for a specific endpoint IP address (a destination address) in a subnet", - "privilege": "ListCustomRoutingPortMappingsByDestination", + "access_level": "Tagging", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -112524,44 +137171,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all endpoint groups associated with a standard accelerator listener", - "privilege": "ListEndpointGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "listener*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all listeners associated with a standard accelerator", - "privilege": "ListListeners", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for a globalaccelerator resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to provisions an address range for use with your accelerator through bring your own IP addresses (BYOIP)", - "privilege": "ProvisionByoipCidr", + "description": "Grants permission to list all pending and approved team associations with your AWS Account", + "privilege": "ListTeamAssociations", "resource_types": [ { "condition_keys": [], @@ -112571,156 +137182,117 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove virtual private cloud (VPC) subnet endpoints from a custom routing accelerator endpoint group", - "privilege": "RemoveCustomRoutingEndpoints", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpointgroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove an endpoint from a standard accelerator endpoint group", - "privilege": "RemoveEndpoints", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "endpointgroup*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a globalaccelerator resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list all tenants of Amazon Honeycode for your AWS Account", + "privilege": "ListTenants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a globalaccelerator resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "accelerator" - }, + "access_level": "Read", + "description": "Grants permission to query the rows of a table using a filter", + "privilege": "QueryTableRows", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "table*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a standard accelerator", - "privilege": "UpdateAccelerator", + "description": "Grants permission to request verification of the Amazon Honeycode domains for your AWS Account", + "privilege": "RegisterDomainForVerification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a standard accelerator attributes", - "privilege": "UpdateAcceleratorAttributes", + "description": "Grants permission to add groups to an Amazon Honeycode team for your AWS Account", + "privilege": "RegisterGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a custom routing accelerator", - "privilege": "UpdateCustomRoutingAccelerator", + "description": "Grants permission to reject a team association request for your AWS Account", + "privilege": "RejectTeamAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the attributes for a custom routing accelerator", - "privilege": "UpdateCustomRoutingAcceleratorAttributes", + "description": "Grants permission to restart verification of the Amazon Honeycode domains for your AWS Account", + "privilege": "RestartDomainVerification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accelerator*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a listener for a custom routing accelerator", - "privilege": "UpdateCustomRoutingListener", + "description": "Grants permission to start a table data import job", + "privilege": "StartTableDataImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "table*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an endpoint group on a standard accelerator listener", - "privilege": "UpdateEndpointGroup", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpointgroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a listener on a standard accelerator", - "privilege": "UpdateListener", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listener*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stops advertising a BYOIP IPv4 address", - "privilege": "WithdrawByoipCidr", + "description": "Grants permission to update an Amazon Honeycode team for your AWS Account", + "privilege": "UpdateTeam", "resource_types": [ { "condition_keys": [], @@ -112732,374 +137304,368 @@ ], "resources": [ { - "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${AcceleratorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "accelerator" + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:workbook:workbook/${WorkbookId}", + "condition_keys": [], + "resource": "workbook" }, { - "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${AcceleratorId}/listener/${ListenerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "listener" + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:table:workbook/${WorkbookId}/table/${TableId}", + "condition_keys": [], + "resource": "table" }, { - "arn": "arn:${Partition}:globalaccelerator::${Account}:accelerator/${AcceleratorId}/listener/${ListenerId}/endpoint-group/${EndpointGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "endpointgroup" + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}", + "condition_keys": [], + "resource": "screen" + }, + { + "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen-automation:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}/automation/${AutomationId}", + "condition_keys": [], + "resource": "screen-automation" } ], - "service_name": "AWS Global Accelerator" + "service_name": "Amazon Honeycode" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access based on the tag keys that are passed in the request", "type": "ArrayOfString" }, { - "condition": "glue:CredentialIssuingService", - "description": "Filters access by the service from which the credentials of the request is issued", + "condition": "iam:AWSServiceName", + "description": "Filters access by the AWS service to which this role is attached", "type": "String" }, { - "condition": "glue:RoleAssumedBy", - "description": "Filters access by the service from which the credentials of the request is obtained by assuming the customer role", + "condition": "iam:AssociatedResourceArn", + "description": "Filters access by the resource that the role will be used on behalf of", + "type": "ARN" + }, + { + "condition": "iam:FIDO-FIPS-140-2-certification", + "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key", "type": "String" }, { - "condition": "glue:SecurityGroupIds", - "description": "Filters access by the ID of security groups configured for the Glue job", - "type": "ArrayOfString" + "condition": "iam:FIDO-FIPS-140-3-certification", + "description": "Filters access by the MFA device FIPS-140-3 validation certification level at the time of registration of a FIDO security key", + "type": "String" }, { - "condition": "glue:SubnetIds", - "description": "Filters access by the ID of subnets configured for the Glue job", - "type": "ArrayOfString" + "condition": "iam:FIDO-certification", + "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key", + "type": "String" }, { - "condition": "glue:VpcIds", - "description": "Filters access by the ID of the VPC configured for the Glue job", - "type": "ArrayOfString" + "condition": "iam:OrganizationsPolicyId", + "description": "Filters access by the ID of an AWS Organizations policy", + "type": "String" + }, + { + "condition": "iam:PassedToService", + "description": "Filters access by the AWS service to which this role is passed", + "type": "String" + }, + { + "condition": "iam:PermissionsBoundary", + "description": "Filters access if the specified policy is set as the permissions boundary on the IAM entity (user or role)", + "type": "ARN" + }, + { + "condition": "iam:PolicyARN", + "description": "Filters access by the ARN of an IAM policy", + "type": "ARN" + }, + { + "condition": "iam:RegisterSecurityKey", + "description": "Filters access by the current state of MFA device enablement", + "type": "String" + }, + { + "condition": "iam:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to an IAM entity (user or role)", + "type": "String" } ], - "prefix": "glue", + "prefix": "iam", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create one or more partitions", - "privilege": "BatchCreatePartition", + "description": "Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource", + "privilege": "AddClientIDToOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "oidc-provider*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more connections", - "privilege": "BatchDeleteConnection", + "description": "Grants permission to add an IAM role to the specified instance profile", + "privilege": "AddRoleToInstanceProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "instance-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete one or more partitions", - "privilege": "BatchDeletePartition", + "description": "Grants permission to add an IAM user to the specified IAM group", + "privilege": "AddUserToGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete one or more tables", - "privilege": "BatchDeleteTable", + "access_level": "Permissions management", + "description": "Grants permission to attach a managed policy to the specified IAM group", + "privilege": "AttachGroupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "group*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:PolicyARN" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete one or more versions of a table", - "privilege": "BatchDeleteTableVersion", + "access_level": "Permissions management", + "description": "Grants permission to attach a managed policy to the specified IAM role", + "privilege": "AttachRolePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "role*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more blueprints", - "privilege": "BatchGetBlueprints", + "access_level": "Permissions management", + "description": "Grants permission to attach a managed policy to the specified IAM user", + "privilege": "AttachUserPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more crawlers", - "privilege": "BatchGetCrawlers", + "access_level": "Write", + "description": "Grants permission to an IAM user to change their own password", + "privilege": "ChangePassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more Custom Entity Types", - "privilege": "BatchGetCustomEntityTypes", + "access_level": "Write", + "description": "Grants permission to create access key and secret access key for the specified IAM user", + "privilege": "CreateAccessKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more development endpoints", - "privilege": "BatchGetDevEndpoints", + "access_level": "Write", + "description": "Grants permission to create an alias for your AWS account", + "privilege": "CreateAccountAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more jobs", - "privilege": "BatchGetJobs", + "access_level": "Write", + "description": "Grants permission to create a new group", + "privilege": "CreateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more partitions", - "privilege": "BatchGetPartition", + "access_level": "Write", + "description": "Grants permission to create a new instance profile", + "privilege": "CreateInstanceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "instance-profile*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more triggers", - "privilege": "BatchGetTriggers", + "access_level": "Write", + "description": "Grants permission to create a password for the specified IAM user", + "privilege": "CreateLoginProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more workflows", - "privilege": "BatchGetWorkflows", + "access_level": "Write", + "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)", + "privilege": "CreateOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop one or more job runs for a job", - "privilege": "BatchStopJobRun", - "resource_types": [ + "resource_type": "oidc-provider*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update one or more partitions", - "privilege": "BatchUpdatePartition", + "access_level": "Permissions management", + "description": "Grants permission to create a new managed policy", + "privilege": "CreatePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "policy*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a running Data Quality rule recommendation run", - "privilege": "CancelDataQualityRuleRecommendationRun", + "access_level": "Permissions management", + "description": "Grants permission to create a new version of the specified managed policy", + "privilege": "CreatePolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a running Data Quality ruleset evaluation run", - "privilege": "CancelDataQualityRulesetEvaluationRun", + "description": "Grants permission to create a new role", + "privilege": "CreateRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a running ML Task Run", - "privilege": "CancelMLTaskRun", - "resource_types": [ + "resource_type": "role*" + }, { - "condition_keys": [], + "condition_keys": [ + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a statement in an interactive session", - "privilege": "CancelStatement", + "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0", + "privilege": "CreateSAMLProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a check the validity of schema version", - "privilege": "CheckSchemaVersionValidity", - "resource_types": [ + "resource_type": "saml-provider*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -113107,18 +137673,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create a blueprint", - "privilege": "CreateBlueprint", + "description": "Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf", + "privilege": "CreateServiceLinkedRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "role*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iam:AWSServiceName" ], "dependent_actions": [], "resource_type": "" @@ -113127,30 +137692,31 @@ }, { "access_level": "Write", - "description": "Grants permission to create a classifier", - "privilege": "CreateClassifier", + "description": "Grants permission to create a new service-specific credential for an IAM user", + "privilege": "CreateServiceSpecificCredential", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a connection", - "privilege": "CreateConnection", + "description": "Grants permission to create a new IAM user", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "user*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iam:PermissionsBoundary", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -113159,28 +137725,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a crawler", - "privilege": "CreateCrawler", + "description": "Grants permission to create a new virtual MFA device", + "privilege": "CreateVirtualMFADevice", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a Custom Entity Type", - "privilege": "CreateCustomEntityType", - "resource_types": [ + "resource_type": "mfa*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -113189,84 +137745,59 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Data Quality ruleset", - "privilege": "CreateDataQualityRuleset", + "description": "Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled", + "privilege": "DeactivateMFADevice", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a database", - "privilege": "CreateDatabase", + "description": "Grants permission to delete the access key pair that is associated with the specified IAM user", + "privilege": "DeleteAccessKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a development endpoint", - "privilege": "CreateDevEndpoint", + "description": "Grants permission to delete the specified AWS account alias", + "privilege": "DeleteAccountAlias", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a job", - "privilege": "CreateJob", + "access_level": "Permissions management", + "description": "Grants permission to delete the password policy for the AWS account", + "privilege": "DeleteAccountPasswordPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "glue:VpcIds", - "glue:SubnetIds", - "glue:SecurityGroupIds" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an ML Transform", - "privilege": "CreateMLTransform", + "description": "Grants permission to delete an existing CloudFront public key", + "privilege": "DeleteCloudFrontPublicKey", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -113274,163 +137805,113 @@ }, { "access_level": "Write", - "description": "Grants permission to create a partition", - "privilege": "CreatePartition", + "description": "Grants permission to delete the specified IAM group", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a specified partition index in an existing table", - "privilege": "CreatePartitionIndex", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified inline policy from its group", + "privilege": "DeleteGroupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "group*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new schema registry", - "privilege": "CreateRegistry", + "description": "Grants permission to delete the specified instance profile", + "privilege": "DeleteInstanceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "instance-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new schema container", - "privilege": "CreateSchema", + "description": "Grants permission to delete the password for the specified IAM user", + "privilege": "DeleteLoginProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a script", - "privilege": "CreateScript", + "description": "Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM", + "privilege": "DeleteOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "oidc-provider*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a security configuration", - "privilege": "CreateSecurityConfiguration", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached", + "privilege": "DeletePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an interactive session", - "privilege": "CreateSession", + "access_level": "Permissions management", + "description": "Grants permission to delete a version from the specified managed policy", + "privilege": "DeletePolicyVersion", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a table", - "privilege": "CreateTable", + "description": "Grants permission to delete the specified role", + "privilege": "DeleteRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "role*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a trigger", - "privilege": "CreateTrigger", + "access_level": "Permissions management", + "description": "Grants permission to remove the permissions boundary from a role", + "privilege": "DeleteRolePermissionsBoundary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "role*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "iam:PermissionsBoundary" ], "dependent_actions": [], "resource_type": "" @@ -113438,332 +137919,349 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a function definition", - "privilege": "CreateUserDefinedFunction", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified inline policy from the specified role", + "privilege": "DeleteRolePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "role*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:PermissionsBoundary" + ], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a workflow", - "privilege": "CreateWorkflow", + "description": "Grants permission to delete a SAML provider resource in IAM", + "privilege": "DeleteSAMLProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "saml-provider*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a blueprint", - "privilege": "DeleteBlueprint", + "description": "Grants permission to delete the specified SSH public key", + "privilege": "DeleteSSHPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a classifier", - "privilege": "DeleteClassifier", + "description": "Grants permission to delete the specified server certificate", + "privilege": "DeleteServerCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "server-certificate*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the partition column statistics of a column", - "privilege": "DeleteColumnStatisticsForPartition", + "description": "Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it", + "privilege": "DeleteServiceLinkedRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "role*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the table statistics of columns", - "privilege": "DeleteColumnStatisticsForTable", + "description": "Grants permission to delete the specified service-specific credential for an IAM user", + "privilege": "DeleteServiceSpecificCredential", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", + "description": "Grants permission to delete a signing certificate that is associated with the specified IAM user", + "privilege": "DeleteSigningCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a crawler", - "privilege": "DeleteCrawler", + "description": "Grants permission to delete the specified IAM user", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Custom Entity Type", - "privilege": "DeleteCustomEntityType", + "access_level": "Permissions management", + "description": "Grants permission to remove the permissions boundary from the specified IAM user", + "privilege": "DeleteUserPermissionsBoundary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:PermissionsBoundary" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Data Quality ruleset", - "privilege": "DeleteDataQualityRuleset", + "access_level": "Permissions management", + "description": "Grants permission to delete the specified inline policy from an IAM user", + "privilege": "DeleteUserPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:PermissionsBoundary" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a database", - "privilege": "DeleteDatabase", + "description": "Grants permission to delete a virtual MFA device", + "privilege": "DeleteVirtualMFADevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "mfa" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "sms-mfa" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to detach a managed policy from the specified IAM group", + "privilege": "DetachGroupPolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "group*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:PolicyARN" + ], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a development endpoint", - "privilege": "DeleteDevEndpoint", + "access_level": "Permissions management", + "description": "Grants permission to detach a managed policy from the specified role", + "privilege": "DetachRolePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "role*" + }, + { + "condition_keys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job", - "privilege": "DeleteJob", + "access_level": "Permissions management", + "description": "Grants permission to detach a managed policy from the specified IAM user", + "privilege": "DetachUserPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:PolicyARN", + "iam:PermissionsBoundary" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an ML Transform", - "privilege": "DeleteMLTransform", + "description": "Grants permission to enable an MFA device and associate it with the specified IAM user", + "privilege": "EnableMFADevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "iam:RegisterSecurityKey", + "iam:FIDO-FIPS-140-2-certification", + "iam:FIDO-FIPS-140-3-certification", + "iam:FIDO-certification" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a partition", - "privilege": "DeletePartition", + "access_level": "Read", + "description": "Grants permission to generate a credential report for the AWS account", + "privilege": "GenerateCredentialReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to generate an access report for an AWS Organizations entity", + "privilege": "GenerateOrganizationsAccessReport", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "dependent_actions": [ + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListTargetsForPolicy" + ], + "resource_type": "access-report*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:OrganizationsPolicyId" + ], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified partition index from an existing table", - "privilege": "DeletePartitionIndex", + "access_level": "Read", + "description": "Grants permission to generate a service last accessed data report for an IAM resource", + "privilege": "GenerateServiceLastAccessedDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "policy*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a schema registry", - "privilege": "DeleteRegistry", - "resource_types": [ + "resource_type": "role*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "user*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a resource policy", - "privilege": "DeleteResourcePolicy", + "access_level": "Read", + "description": "Grants permission to retrieve information about when the specified access key was last used", + "privilege": "GetAccessKeyLastUsed", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "user*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a schema container", - "privilege": "DeleteSchema", + "access_level": "Read", + "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another", + "privilege": "GetAccountAuthorizationDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a range of schema versions", - "privilege": "DeleteSchemaVersions", + "access_level": "Read", + "description": "Grants permission to retrieve the email address that is associated with the account", + "privilege": "GetAccountEmailAddress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a security configuration", - "privilege": "DeleteSecurityConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve the account name that is associated with the account", + "privilege": "GetAccountName", "resource_types": [ { "condition_keys": [], @@ -113773,111 +138271,79 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an interactive session after stopping the session if not already stopped", - "privilege": "DeleteSession", + "access_level": "Read", + "description": "Grants permission to retrieve the password policy for the AWS account", + "privilege": "GetAccountPasswordPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a table", - "privilege": "DeleteTable", + "access_level": "List", + "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account", + "privilege": "GetAccountSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a version of a table", - "privilege": "DeleteTableVersion", + "access_level": "Read", + "description": "Grants permission to retrieve information about the specified CloudFront public key", + "privilege": "GetCloudFrontPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a trigger", - "privilege": "DeleteTrigger", + "access_level": "Read", + "description": "Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy", + "privilege": "GetContextKeysForCustomPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a function definition", - "privilege": "DeleteUserDefinedFunction", + "access_level": "Read", + "description": "Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)", + "privilege": "GetContextKeysForPrincipalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "role" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a workflow", - "privilege": "DeleteWorkflow", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "user" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to terminate Glue Studio Notebook session", - "privilege": "DeregisterDataPreview", + "access_level": "Read", + "description": "Grants permission to retrieve a credential report for the AWS account", + "privilege": "GetCredentialReport", "resource_types": [ { "condition_keys": [], @@ -113888,218 +138354,188 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a blueprint", - "privilege": "GetBlueprint", + "description": "Grants permission to retrieve a list of IAM users in the specified IAM group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a blueprint run", - "privilege": "GetBlueprintRun", + "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM group", + "privilege": "GetGroupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all runs of a blueprint", - "privilege": "GetBlueprintRuns", + "description": "Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role", + "privilege": "GetInstanceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "instance-profile*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the catalog import status", - "privilege": "GetCatalogImportStatus", + "access_level": "List", + "description": "Grants permission to retrieve the user name and password creation date for the specified IAM user", + "privilege": "GetLoginProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "user*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a classifier", - "privilege": "GetClassifier", + "description": "Grants permission to retrieve information about an MFA device for the specified user", + "privilege": "GetMFADevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all classifiers", - "privilege": "GetClassifiers", + "description": "Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM", + "privilege": "GetOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "oidc-provider*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve partition statistics of columns", - "privilege": "GetColumnStatisticsForPartition", + "description": "Grants permission to retrieve an AWS Organizations access report", + "privilege": "GetOrganizationsAccessReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve table statistics of columns", - "privilege": "GetColumnStatisticsForTable", + "description": "Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "policy*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a connection", - "privilege": "GetConnection", + "description": "Grants permission to retrieve information about a version of the specified managed policy, including the policy document", + "privilege": "GetPolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "policy*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of connections", - "privilege": "GetConnections", + "description": "Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy", + "privilege": "GetRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "role*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a crawler", - "privilege": "GetCrawler", + "description": "Grants permission to retrieve an inline policy document that is embedded with the specified IAM role", + "privilege": "GetRolePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "role*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve metrics about crawlers", - "privilege": "GetCrawlerMetrics", + "description": "Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated", + "privilege": "GetSAMLProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "saml-provider*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all crawlers", - "privilege": "GetCrawlers", + "description": "Grants permission to retrieve the specified SSH public key, including metadata about the key", + "privilege": "GetSSHPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Read", - "description": "Grants permission to read a Custom Entity Type", - "privilege": "GetCustomEntityType", + "description": "Grants permission to retrieve information about the specified server certificate stored in IAM", + "privilege": "GetServerCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType*" + "resource_type": "server-certificate*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve catalog encryption settings", - "privilege": "GetDataCatalogEncryptionSettings", + "description": "Grants permission to retrieve information about the service last accessed data report", + "privilege": "GetServiceLastAccessedDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to get Data Preview Statement", - "privilege": "GetDataPreviewStatement", + "access_level": "Read", + "description": "Grants permission to retrieve information about the entities from the service last accessed data report", + "privilege": "GetServiceLastAccessedDetailsWithEntities", "resource_types": [ { "condition_keys": [], @@ -114110,114 +138546,104 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality result", - "privilege": "GetDataQualityResult", + "description": "Grants permission to retrieve an IAM service-linked role deletion status", + "privilege": "GetServiceLinkedRoleDeletionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "role*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality rule recommendation run", - "privilege": "GetDataQualityRuleRecommendationRun", + "description": "Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN", + "privilege": "GetUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "user*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality ruleset", - "privilege": "GetDataQualityRuleset", + "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM user", + "privilege": "GetUserPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Data Quality rule recommendation run", - "privilege": "GetDataQualityRulesetEvaluationRun", + "access_level": "List", + "description": "Grants permission to list information about the access key IDs that are associated with the specified IAM user", + "privilege": "ListAccessKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a database", - "privilege": "GetDatabase", + "access_level": "List", + "description": "Grants permission to list the account alias that is associated with the AWS account", + "privilege": "ListAccountAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all databases", - "privilege": "GetDatabases", + "access_level": "List", + "description": "Grants permission to list all managed policies that are attached to the specified IAM group", + "privilege": "ListAttachedGroupPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to transform a script into a directed acyclic graph (DAG)", - "privilege": "GetDataflowGraph", + "access_level": "List", + "description": "Grants permission to list all managed policies that are attached to the specified IAM role", + "privilege": "ListAttachedRolePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "role*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a development endpoint", - "privilege": "GetDevEndpoint", + "access_level": "List", + "description": "Grants permission to list all managed policies that are attached to the specified IAM user", + "privilege": "ListAttachedUserPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all development endpoints", - "privilege": "GetDevEndpoints", + "access_level": "List", + "description": "Grants permission to list all current CloudFront public keys for the account", + "privilege": "ListCloudFrontPublicKeys", "resource_types": [ { "condition_keys": [], @@ -114227,129 +138653,129 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a job", - "privilege": "GetJob", + "access_level": "List", + "description": "Grants permission to list all IAM identities to which the specified managed policy is attached", + "privilege": "ListEntitiesForPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a job bookmark", - "privilege": "GetJobBookmark", + "access_level": "List", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM group", + "privilege": "ListGroupPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a job run", - "privilege": "GetJobRun", + "access_level": "List", + "description": "Grants permission to list the IAM groups that have the specified path prefix", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all job runs of a job", - "privilege": "GetJobRuns", + "access_level": "List", + "description": "Grants permission to list the IAM groups that the specified IAM user belongs to", + "privilege": "ListGroupsForUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all current jobs", - "privilege": "GetJobs", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified instance profile", + "privilege": "ListInstanceProfileTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "instance-profile*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an ML Task Run", - "privilege": "GetMLTaskRun", + "access_level": "List", + "description": "Grants permission to list the instance profiles that have the specified path prefix", + "privilege": "ListInstanceProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all ML Task Runs", - "privilege": "GetMLTaskRuns", + "description": "Grants permission to list the instance profiles that have the specified associated IAM role", + "privilege": "ListInstanceProfilesForRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "role*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an ML Transform", - "privilege": "GetMLTransform", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified virtual mfa device", + "privilege": "ListMFADeviceTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "mfa*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve all ML Transforms", - "privilege": "GetMLTransforms", + "description": "Grants permission to list the MFA devices for an IAM user", + "privilege": "ListMFADevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "user" } ] }, { - "access_level": "Read", - "description": "Grants permission to create a mapping", - "privilege": "GetMapping", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified OpenID Connect provider", + "privilege": "ListOpenIDConnectProviderTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "oidc-provider*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to retrieve Glue Studio Notebooks session status", - "privilege": "GetNotebookInstanceStatus", + "access_level": "List", + "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account", + "privilege": "ListOpenIDConnectProviders", "resource_types": [ { "condition_keys": [], @@ -114359,203 +138785,163 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a partition", - "privilege": "GetPartition", + "access_level": "List", + "description": "Grants permission to list all managed policies", + "privilege": "ListPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve partition indexes for a table", - "privilege": "GetPartitionIndexes", + "access_level": "List", + "description": "Grants permission to list information about the policies that grant an entity access to a specific service", + "privilege": "ListPoliciesGrantingServiceAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "role*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the partitions of a table", - "privilege": "GetPartitions", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified managed policy", + "privilege": "ListPolicyTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a mapping for a script", - "privilege": "GetPlan", + "access_level": "List", + "description": "Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version", + "privilege": "ListPolicyVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema registry", - "privilege": "GetRegistry", + "access_level": "List", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM role", + "privilege": "ListRolePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "role*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve resource policies", - "privilege": "GetResourcePolicies", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified IAM role", + "privilege": "ListRoleTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "role*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a resource policy", - "privilege": "GetResourcePolicy", + "access_level": "List", + "description": "Grants permission to list the IAM roles that have the specified path prefix", + "privilege": "ListRoles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema container", - "privilege": "GetSchema", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified SAML provider", + "privilege": "ListSAMLProviderTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "saml-provider*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema version based on schema definition", - "privilege": "GetSchemaByDefinition", + "access_level": "List", + "description": "Grants permission to list the SAML provider resources in IAM", + "privilege": "ListSAMLProviders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a schema version", - "privilege": "GetSchemaVersion", + "access_level": "List", + "description": "Grants permission to list information about the SSH public keys that are associated with the specified IAM user", + "privilege": "ListSSHPublicKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to compare two schema versions in schema registry", - "privilege": "GetSchemaVersionsDiff", + "access_level": "List", + "description": "Grants permission to list the status of all active STS regional endpoints", + "privilege": "ListSTSRegionalEndpointsStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a security configuration", - "privilege": "GetSecurityConfiguration", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified server certificate", + "privilege": "ListServerCertificateTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "server-certificate*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve one or more security configurations", - "privilege": "GetSecurityConfigurations", + "access_level": "List", + "description": "Grants permission to list the server certificates that have the specified path prefix", + "privilege": "ListServerCertificates", "resource_types": [ { "condition_keys": [], @@ -114565,327 +138951,261 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an interactive session", - "privilege": "GetSession", + "access_level": "List", + "description": "Grants permission to list the service-specific credentials that are associated with the specified IAM user", + "privilege": "ListServiceSpecificCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve result and information about a statement in an interactive session", - "privilege": "GetStatement", + "access_level": "List", + "description": "Grants permission to list information about the signing certificates that are associated with the specified IAM user", + "privilege": "ListSigningCertificates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a table", - "privilege": "GetTable", + "access_level": "List", + "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM user", + "privilege": "ListUserPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a version of a table", - "privilege": "GetTableVersion", + "access_level": "List", + "description": "Grants permission to list the tags that are attached to the specified IAM user", + "privilege": "ListUserTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "user*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of versions of a table", - "privilege": "GetTableVersions", + "access_level": "List", + "description": "Grants permission to list the IAM users that have the specified path prefix", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the tables in a database", - "privilege": "GetTables", + "access_level": "List", + "description": "Grants permission to list virtual MFA devices by assignment status", + "privilege": "ListVirtualMFADevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all tags associated with a resource", - "privilege": "GetTags", + "access_level": "Write", + "description": "Grants permission to pass a role to a service", + "privilege": "PassRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "crawler" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customEntityType" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "devendpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "trigger" + "resource_type": "role*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:AssociatedResourceArn", + "iam:PassedToService" + ], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a trigger", - "privilege": "GetTrigger", + "access_level": "Permissions management", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM group", + "privilege": "PutGroupPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the triggers associated with a job", - "privilege": "GetTriggers", + "access_level": "Permissions management", + "description": "Grants permission to set a managed policy as a permissions boundary for a role", + "privilege": "PutRolePermissionsBoundary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "role*" + }, + { + "condition_keys": [ + "iam:PermissionsBoundary" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a function definition", - "privilege": "GetUserDefinedFunction", + "access_level": "Permissions management", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM role", + "privilege": "PutRolePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "role*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:PermissionsBoundary" + ], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve multiple function definitions", - "privilege": "GetUserDefinedFunctions", + "access_level": "Permissions management", + "description": "Grants permission to set a managed policy as a permissions boundary for an IAM user", + "privilege": "PutUserPermissionsBoundary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "user*" }, { - "condition_keys": [], + "condition_keys": [ + "iam:PermissionsBoundary" + ], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a workflow", - "privilege": "GetWorkflow", + "access_level": "Permissions management", + "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM user", + "privilege": "PutUserPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a workflow run", - "privilege": "GetWorkflowRun", - "resource_types": [ + "resource_type": "user*" + }, { - "condition_keys": [], + "condition_keys": [ + "iam:PermissionsBoundary" + ], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow run properties", - "privilege": "GetWorkflowRunProperties", + "access_level": "Write", + "description": "Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource", + "privilege": "RemoveClientIDFromOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "oidc-provider*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all runs of a workflow", - "privilege": "GetWorkflowRuns", + "access_level": "Write", + "description": "Grants permission to remove an IAM role from the specified EC2 instance profile", + "privilege": "RemoveRoleFromInstanceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "instance-profile*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to access Glue Studio Notebooks", - "privilege": "GlueNotebookAuthorize", + "access_level": "Write", + "description": "Grants permission to remove an IAM user from the specified group", + "privilege": "RemoveUserFromGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "group*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to refresh Glue Studio Notebooks credentials", - "privilege": "GlueNotebookRefreshCredentials", + "access_level": "Write", + "description": "Grants permission to reset the password for an existing service-specific credential for an IAM user", + "privilege": "ResetServiceSpecificCredential", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to import an Athena data catalog into AWS Glue", - "privilege": "ImportCatalogToGlue", + "description": "Grants permission to synchronize the specified MFA device with its IAM entity (user or role)", + "privilege": "ResyncMFADevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "user*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all blueprints", - "privilege": "ListBlueprints", + "access_level": "Permissions management", + "description": "Grants permission to set the version of the specified policy as the policy's default version", + "privilege": "SetDefaultPolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all crawlers", - "privilege": "ListCrawlers", + "access_level": "Write", + "description": "Grants permission to activate or deactivate an STS regional endpoint", + "privilege": "SetSTSRegionalEndpointStatus", "resource_types": [ { "condition_keys": [], @@ -114895,9 +139215,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve crawl run history for a crawler", - "privilege": "ListCrawls", + "access_level": "Write", + "description": "Grants permission to set the STS global endpoint token version", + "privilege": "SetSecurityTokenServicePreferences", "resource_types": [ { "condition_keys": [], @@ -114907,70 +139227,53 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Custom Entity Types", - "privilege": "ListCustomEntityTypes", + "access_level": "Read", + "description": "Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources", + "privilege": "SimulateCustomPolicy", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all Data Quality results", - "privilege": "ListDataQualityResults", + "access_level": "Read", + "description": "Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources", + "privilege": "SimulatePrincipalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve all Data Quality rule recommendation runs", - "privilege": "ListDataQualityRuleRecommendationRuns", - "resource_types": [ + "resource_type": "group" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve all Data Quality rule recommendation runs", - "privilege": "ListDataQualityRulesetEvaluationRuns", - "resource_types": [ + "resource_type": "role" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "user" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of Data Quality rulesets", - "privilege": "ListDataQualityRulesets", + "access_level": "Tagging", + "description": "Grants permission to add tags to an instance profile", + "privilege": "TagInstanceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "instance-profile*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -114978,43 +139281,59 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all development endpoints", - "privilege": "ListDevEndpoints", + "access_level": "Tagging", + "description": "Grants permission to add tags to a virtual mfa device", + "privilege": "TagMFADevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "mfa*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all current jobs", - "privilege": "ListJobs", + "access_level": "Tagging", + "description": "Grants permission to add tags to an OpenID Connect provider", + "privilege": "TagOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "oidc-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all ML Transforms", - "privilege": "ListMLTransforms", + "access_level": "Tagging", + "description": "Grants permission to add tags to a managed policy", + "privilege": "TagPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "policy*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -115022,226 +139341,265 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of schema registries", - "privilege": "ListRegistries", + "access_level": "Tagging", + "description": "Grants permission to add tags to an IAM role", + "privilege": "TagRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "role*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of schema versions", - "privilege": "ListSchemaVersions", + "access_level": "Tagging", + "description": "Grants permission to add tags to a SAML Provider", + "privilege": "TagSAMLProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "saml-provider*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of schema containers", - "privilege": "ListSchemas", + "access_level": "Tagging", + "description": "Grants permission to add tags to a server certificate", + "privilege": "TagServerCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of interactive session", - "privilege": "ListSessions", - "resource_types": [ + "resource_type": "server-certificate*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of statements in an interactive session", - "privilege": "ListStatements", + "access_level": "Tagging", + "description": "Grants permission to add tags to an IAM user", + "privilege": "TagUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve all triggers", - "privilege": "ListTriggers", - "resource_types": [ + "resource_type": "user*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all workflows", - "privilege": "ListWorkflows", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the instance profile", + "privilege": "UntagInstanceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "instance-profile*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to notify an event to the event-driven workflow", - "privilege": "NotifyEvent", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the virtual mfa device", + "privilege": "UntagMFADevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "mfa*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish Data Quality results", - "privilege": "PublishDataQuality", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the OpenID Connect provider", + "privilege": "UntagOpenIDConnectProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "oidc-provider*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update catalog encryption settings", - "privilege": "PutDataCatalogEncryptionSettings", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the managed policy", + "privilege": "UntagPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update a resource policy", - "privilege": "PutResourcePolicy", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the role", + "privilege": "UntagRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "role*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add metadata to schema version", - "privilege": "PutSchemaVersionMetadata", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the SAML Provider", + "privilege": "UntagSAMLProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" + "resource_type": "saml-provider*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "schema" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update workflow run properties", - "privilege": "PutWorkflowRunProperties", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the server certificate", + "privilege": "UntagServerCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "server-certificate*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to fetch metadata for a schema version", - "privilege": "QuerySchemaVersionMetadata", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the user", + "privilege": "UntagUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" + "resource_type": "user*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "schema" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new schema version", - "privilege": "RegisterSchemaVersion", + "description": "Grants permission to update the status of the specified access key as Active or Inactive", + "privilege": "UpdateAccessKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove metadata from schema version", - "privilege": "RemoveSchemaVersionMetadata", + "description": "Grants permission to update the email address that is associated with the account", + "privilege": "UpdateAccountEmailAddress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "schema" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reset a job bookmark", - "privilege": "ResetJobBookmark", + "description": "Grants permission to update the account name that is associated with the account", + "privilege": "UpdateAccountName", "resource_types": [ { "condition_keys": [], @@ -115252,792 +139610,948 @@ }, { "access_level": "Write", - "description": "Grants permission to resume a workflow run", - "privilege": "ResumeWorkflowRun", + "description": "Grants permission to update the password policy settings for the AWS account", + "privilege": "UpdateAccountPasswordPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to run Data Preview Statement", - "privilege": "RunDataPreviewStatement", + "description": "Grants permission to update the policy that grants an IAM entity permission to assume a role", + "privilege": "UpdateAssumeRolePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "role*" } ] }, { "access_level": "Write", - "description": "Grants permission to run a code or statement in an interactive session", - "privilege": "RunStatement", + "description": "Grants permission to update an existing CloudFront public key", + "privilege": "UpdateCloudFrontPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the tables in the catalog", - "privilege": "SearchTables", + "access_level": "Write", + "description": "Grants permission to update the name or path of the specified IAM group", + "privilege": "UpdateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change the password for the specified IAM user", + "privilege": "UpdateLoginProfile", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "user*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource", + "privilege": "UpdateOpenIDConnectProviderThumbprint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "oidc-provider*" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a blueprint", - "privilege": "StartBlueprintRun", + "description": "Grants permission to update the description or maximum session duration setting of a role", + "privilege": "UpdateRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" + "resource_type": "role*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a crawler", - "privilege": "StartCrawler", + "description": "Grants permission to update only the description of a role", + "privilege": "UpdateRoleDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "role*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the schedule state of a crawler to SCHEDULED", - "privilege": "StartCrawlerSchedule", + "description": "Grants permission to update the metadata document for an existing SAML provider resource", + "privilege": "UpdateSAMLProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "saml-provider*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Data Quality rule recommendation run", - "privilege": "StartDataQualityRuleRecommendationRun", + "description": "Grants permission to update the status of an IAM user's SSH public key to active or inactive", + "privilege": "UpdateSSHPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Data Quality rule recommendation run", - "privilege": "StartDataQualityRulesetEvaluationRun", + "description": "Grants permission to update the name or the path of the specified server certificate stored in IAM", + "privilege": "UpdateServerCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" + "resource_type": "server-certificate*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Export Labels ML Task Run", - "privilege": "StartExportLabelsTaskRun", + "description": "Grants permission to update the status of a service-specific credential to active or inactive for an IAM user", + "privilege": "UpdateServiceSpecificCredential", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Import Labels ML Task Run", - "privilege": "StartImportLabelsTaskRun", + "description": "Grants permission to update the status of the specified user signing certificate to active or disabled", + "privilege": "UpdateSigningCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to start running a job", - "privilege": "StartJobRun", + "description": "Grants permission to update the name or the path of the specified IAM user", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "user*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an Evaluation ML Task Run", - "privilege": "StartMLEvaluationTaskRun", + "description": "Grants permission to upload a CloudFront public key", + "privilege": "UploadCloudFrontPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Labeling Set Generation ML Task Run", - "privilege": "StartMLLabelingSetGenerationTaskRun", + "description": "Grants permission to upload an SSH public key and associate it with the specified IAM user", + "privilege": "UploadSSHPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "user*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to start Glue Studio Notebooks", - "privilege": "StartNotebook", + "access_level": "Write", + "description": "Grants permission to upload a server certificate entity for the AWS account", + "privilege": "UploadServerCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "server-certificate*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a trigger", - "privilege": "StartTrigger", + "description": "Grants permission to upload an X.509 signing certificate and associate it with the specified IAM user", + "privilege": "UploadSigningCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "user*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iam::${Account}:access-report/${EntityPath}", + "condition_keys": [], + "resource": "access-report" }, { - "access_level": "Write", - "description": "Grants permission to start running a workflow", - "privilege": "StartWorkflowRun", + "arn": "arn:${Partition}:iam::${Account}:assumed-role/${RoleName}/${RoleSessionName}", + "condition_keys": [], + "resource": "assumed-role" + }, + { + "arn": "arn:${Partition}:iam::${Account}:federated-user/${UserName}", + "condition_keys": [], + "resource": "federated-user" + }, + { + "arn": "arn:${Partition}:iam::${Account}:group/${GroupNameWithPath}", + "condition_keys": [], + "resource": "group" + }, + { + "arn": "arn:${Partition}:iam::${Account}:instance-profile/${InstanceProfileNameWithPath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "instance-profile" + }, + { + "arn": "arn:${Partition}:iam::${Account}:mfa/${MfaTokenIdWithPath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "mfa" + }, + { + "arn": "arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "oidc-provider" + }, + { + "arn": "arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "policy" + }, + { + "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "iam:ResourceTag/${TagKey}" + ], + "resource": "role" + }, + { + "arn": "arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "saml-provider" + }, + { + "arn": "arn:${Partition}:iam::${Account}:server-certificate/${CertificateNameWithPath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "server-certificate" + }, + { + "arn": "arn:${Partition}:iam::${Account}:sms-mfa/${MfaTokenIdWithPath}", + "condition_keys": [], + "resource": "sms-mfa" + }, + { + "arn": "arn:${Partition}:iam::${Account}:user/${UserNameWithPath}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "iam:ResourceTag/${TagKey}" + ], + "resource": "user" + } + ], + "service_name": "AWS Identity and Access Management (IAM)" + }, + { + "conditions": [], + "prefix": "identity-sync", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to configure vended log delivery for a Sync Profile", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "SyncProfileResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a running crawler", - "privilege": "StopCrawler", + "description": "Grants permission to create a sync filter on the sync profile", + "privilege": "CreateSyncFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" + "resource_type": "SyncProfileResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to set the schedule state of a crawler to NOT_SCHEDULED", - "privilege": "StopCrawlerSchedule", + "description": "Grants permission to create a sync profile for the identity source", + "privilege": "CreateSyncProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "ds:AuthorizeApplication" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an interactive session", - "privilege": "StopSession", + "description": "Grants permission to create a sync target for the identity source", + "privilege": "CreateSyncTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session*" + "resource_type": "SyncProfileResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a trigger", - "privilege": "StopTrigger", + "description": "Grants permission to delete a sync filter from the sync profile", + "privilege": "DeleteSyncFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "SyncProfileResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a workflow run", - "privilege": "StopWorkflowRun", + "description": "Grants permission to delete a sync profile from the source", + "privilege": "DeleteSyncProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "workflow*" + "dependent_actions": [ + "ds:UnauthorizeApplication" + ], + "resource_type": "SyncProfileResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a sync target from the source", + "privilege": "DeleteSyncTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "crawler" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customEntityType" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataQualityRuleset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "devendpoint" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "mlTransform" + "resource_type": "SyncProfileResource*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, + "resource_type": "SyncTargetResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a sync profile by using a sync profile name", + "privilege": "GetSyncProfile", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema" - }, + "resource_type": "SyncProfileResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a sync target from the sync profile", + "privilege": "GetSyncTarget", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "session" + "resource_type": "SyncProfileResource*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger" - }, + "resource_type": "SyncTargetResource*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the sync filters from the sync profile", + "privilege": "ListSyncFilters", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SyncProfileResource*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to terminate Glue Studio Notebooks", - "privilege": "TerminateNotebook", + "access_level": "Write", + "description": "Grants permission to start a sync process or to resume a sync process that was previously paused", + "privilege": "StartSync", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SyncProfileResource*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to test connection in Glue Studio", - "privilege": "TestConnection", + "access_level": "Write", + "description": "Grants permission to stop any planned sync process in the sync schedule from starting", + "privilege": "StopSync", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SyncProfileResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a sync target on the sync profile", + "privilege": "UpdateSyncTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint" + "resource_type": "SyncProfileResource*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection" - }, + "resource_type": "SyncTargetResource*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:identity-sync:${Region}:${Account}:profile/${SyncProfileName}", + "condition_keys": [], + "resource": "SyncProfileResource" + }, + { + "arn": "arn:${Partition}:identity-sync:${Region}:${Account}:target/${SyncProfileName}/${SyncTargetName}", + "condition_keys": [], + "resource": "SyncTargetResource" + } + ], + "service_name": "AWS Identity Sync" + }, + { + "conditions": [ + { + "condition": "identitystore:UserId", + "description": "Filters access by IAM Identity Center User ID", + "type": "String" + } + ], + "prefix": "identitystore", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a group in the specified IdentityStore", + "privilege": "CreateGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler" - }, + "resource_type": "Identitystore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a member to a group in the specified IdentityStore", + "privilege": "CreateGroupMembership", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "customEntityType" + "resource_type": "Group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset" + "resource_type": "Identitystore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint" - }, + "resource_type": "User*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a user in the specified IdentityStore", + "privilege": "CreateUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" - }, + "resource_type": "Identitystore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a group in the specified IdentityStore", + "privilege": "DeleteGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform" + "resource_type": "Group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry" - }, + "resource_type": "Identitystore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a member that is part of a group in the specified IdentityStore", + "privilege": "DeleteGroupMembership", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema" + "resource_type": "Group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "session" + "resource_type": "GroupMembership*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger" + "resource_type": "Identitystore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "User*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a blueprint", - "privilege": "UpdateBlueprint", + "description": "Grants permission to delete a user in the specified IdentityStore", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "blueprint*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a classifier", - "privilege": "UpdateClassifier", - "resource_types": [ + "resource_type": "Identitystore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update partition statistics of columns", - "privilege": "UpdateColumnStatisticsForPartition", + "access_level": "Read", + "description": "Grants permission to retrieve information about a group in the specified IdentityStore", + "privilege": "DescribeGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "Group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "Identitystore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update table statistics of columns", - "privilege": "UpdateColumnStatisticsForTable", + "access_level": "Read", + "description": "Grants permission to retrieve information about a member that is part of a group in the specified IdentityStore", + "privilege": "DescribeGroupMembership", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "Group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "GroupMembership*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "Identitystore*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a connection", - "privilege": "UpdateConnection", + "access_level": "Read", + "description": "Grants permission to retrieve information about user in the specified IdentityStore", + "privilege": "DescribeUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "Identitystore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a crawler", - "privilege": "UpdateCrawler", + "access_level": "Read", + "description": "Grants permission to retrieve ID information about group in the specified IdentityStore", + "privilege": "GetGroupId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "crawler*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the schedule of a crawler", - "privilege": "UpdateCrawlerSchedule", - "resource_types": [ + "resource_type": "Group*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Identitystore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a Data Quality ruleset", - "privilege": "UpdateDataQualityRuleset", + "access_level": "Read", + "description": "Grants permission to retrieve ID information of a member which is part of a group in the specified IdentityStore", + "privilege": "GetGroupMembershipId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataQualityRuleset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a database", - "privilege": "UpdateDatabase", - "resource_types": [ + "resource_type": "Group*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "GroupMembership*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a development endpoint", - "privilege": "UpdateDevEndpoint", - "resource_types": [ + "resource_type": "Identitystore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "devendpoint*" + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a job", - "privilege": "UpdateJob", + "access_level": "Read", + "description": "Grants permission to retrieves ID information about user in the specified IdentityStore", + "privilege": "GetUserId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "Identitystore*" }, { - "condition_keys": [ - "glue:VpcIds", - "glue:SubnetIds", - "glue:SecurityGroupIds" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a job from source control provider", - "privilege": "UpdateJobFromSourceControl", + "access_level": "Read", + "description": "Grants permission to check if a member is a part of groups in the specified IdentityStore", + "privilege": "IsMemberInGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an ML Transform", - "privilege": "UpdateMLTransform", - "resource_types": [ + "resource_type": "AllGroupMemberships*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "Group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Identitystore*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a partition", - "privilege": "UpdatePartition", + "access_level": "List", + "description": "Grants permission to retrieve all members that are part of a group in the specified IdentityStore", + "privilege": "ListGroupMemberships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" + "resource_type": "AllGroupMemberships*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "Group*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "Identitystore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a schema registry", - "privilege": "UpdateRegistry", + "access_level": "List", + "description": "Grants permission to list groups of the target member in the specified IdentityStore", + "privilege": "ListGroupMembershipsForMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a schema container", - "privilege": "UpdateSchema", - "resource_types": [ + "resource_type": "AllGroupMemberships*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "registry*" + "resource_type": "Identitystore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "User*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update source control provider from a job", - "privilege": "UpdateSourceControlFromJob", + "access_level": "List", + "description": "Grants permission to search for groups within the specified IdentityStore", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "AllGroups*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Identitystore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a table", - "privilege": "UpdateTable", + "access_level": "List", + "description": "Grants permission to search for users in the specified IdentityStore", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "AllUsers*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "Identitystore*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a trigger", - "privilege": "UpdateTrigger", + "description": "Grants permission to update information about a group in the specified IdentityStore", + "privilege": "UpdateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "trigger*" + "resource_type": "Group*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Identitystore*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a function definition", - "privilege": "UpdateUserDefinedFunction", + "description": "Grants permission to update user information in the specified IdentityStore", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "catalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "database*" + "resource_type": "Identitystore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "userdefinedfunction*" + "resource_type": "User*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:identitystore::${Account}:identitystore/${IdentityStoreId}", + "condition_keys": [], + "resource": "Identitystore" + }, + { + "arn": "arn:${Partition}:identitystore:::user/${UserId}", + "condition_keys": [], + "resource": "User" + }, + { + "arn": "arn:${Partition}:identitystore:::group/${GroupId}", + "condition_keys": [], + "resource": "Group" + }, + { + "arn": "arn:${Partition}:identitystore:::membership/${MembershipId}", + "condition_keys": [], + "resource": "GroupMembership" + }, + { + "arn": "arn:${Partition}:identitystore:::user/*", + "condition_keys": [], + "resource": "AllUsers" + }, + { + "arn": "arn:${Partition}:identitystore:::group/*", + "condition_keys": [], + "resource": "AllGroups" }, + { + "arn": "arn:${Partition}:identitystore:::membership/*", + "condition_keys": [], + "resource": "AllGroupMemberships" + } + ], + "service_name": "AWS Identity Store" + }, + { + "conditions": [], + "prefix": "identitystore-auth", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to update a workflow", - "privilege": "UpdateWorkflow", + "description": "Grants permission to delete a batch of specified sessions", + "privilege": "BatchDeleteSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to use Glue Studio and access its internal APIs", - "privilege": "UseGlueStudio", + "access_level": "Read", + "description": "Grants permission to return session attributes for a batch of specified sessions", + "privilege": "BatchGetSession", "resource_types": [ { "condition_keys": [], @@ -116047,1672 +140561,1535 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to use an ML Transform from within a Glue ETL Script", - "privilege": "UseMLTransforms", + "access_level": "List", + "description": "Grants permission to retrieve a list of active sessions for the specified user", + "privilege": "ListSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlTransform*" + "resource_type": "" } ] } ], - "resources": [ - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:catalog", - "condition_keys": [], - "resource": "catalog" - }, - { - "arn": "arn:${Partition}:glue:${Region}:${Account}:database/${DatabaseName}", - "condition_keys": [], - "resource": "database" - }, + "resources": [], + "service_name": "AWS Identity Store Auth" + }, + { + "conditions": [ { - "arn": "arn:${Partition}:glue:${Region}:${Account}:table/${DatabaseName}/${TableName}", - "condition_keys": [], - "resource": "table" + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:tableVersion/${DatabaseName}/${TableName}/${TableVersionName}", - "condition_keys": [], - "resource": "tableversion" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:connection/${ConnectionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connection" + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:userDefinedFunction/${DatabaseName}/${UserDefinedFunctionName}", - "condition_keys": [], - "resource": "userdefinedfunction" + "condition": "imagebuilder:CreatedResourceTag/", + "description": "Filters access by the tag key-value pairs attached to the resource created by Image Builder", + "type": "String" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:devEndpoint/${DevEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "devendpoint" + "condition": "imagebuilder:CreatedResourceTagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:job/${JobName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "job" + "condition": "imagebuilder:Ec2MetadataHttpTokens", + "description": "Filters access by the EC2 Instance Metadata HTTP Token Requirement specified in the request", + "type": "String" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:trigger/${TriggerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "trigger" + "condition": "imagebuilder:LifecyclePolicyResourceType", + "description": "Filters access by the Lifecycle Policy Resource Type specified in the request", + "type": "String" }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:crawler/${CrawlerName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "crawler" - }, + "condition": "imagebuilder:StatusTopicArn", + "description": "Filters access by the SNS Topic Arn in the request to which terminal state notifications will be published", + "type": "ARN" + } + ], + "prefix": "imagebuilder", + "privileges": [ { - "arn": "arn:${Partition}:glue:${Region}:${Account}:workflow/${WorkflowName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workflow" + "access_level": "Write", + "description": "Grants permission to cancel an image creation", + "privilege": "CancelImageCreation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "image*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:blueprint/${BlueprintName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "blueprint" + "access_level": "Write", + "description": "Grants permission to cancel a lifecycle execution", + "privilege": "CancelLifecycleExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "lifecycleExecution*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:mlTransform/${TransformId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "mlTransform" + "access_level": "Write", + "description": "Grants permission to create a new component", + "privilege": "CreateComponent", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "imagebuilder:TagResource", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "resource_type": "component*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:registry/${RegistryName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "registry" + "access_level": "Write", + "description": "Grants permission to create a new Container Recipe", + "privilege": "CreateContainerRecipe", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "iam:CreateServiceLinkedRole", + "imagebuilder:GetComponent", + "imagebuilder:GetImage", + "imagebuilder:TagResource", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "resource_type": "containerRecipe*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:schema/${SchemaName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "schema" + "access_level": "Write", + "description": "Grants permission to create a new distribution configuration", + "privilege": "CreateDistributionConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "imagebuilder:TagResource" + ], + "resource_type": "distributionConfiguration*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:session/${SessionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "session" + "access_level": "Write", + "description": "Grants permission to create a new image", + "privilege": "CreateImage", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "imagebuilder:GetContainerRecipe", + "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImageRecipe", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetWorkflow", + "imagebuilder:TagResource" + ], + "resource_type": "image*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:dataQualityRuleset/${RulesetName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dataQualityRuleset" + "access_level": "Write", + "description": "Grants permission to create a new image pipeline", + "privilege": "CreateImagePipeline", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "imagebuilder:GetContainerRecipe", + "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImageRecipe", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetWorkflow", + "imagebuilder:TagResource" + ], + "resource_type": "imagePipeline*" + } + ] }, { - "arn": "arn:${Partition}:glue:${Region}:${Account}:customEntityType/${CustomEntityTypeId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "customEntityType" - } - ], - "service_name": "AWS Glue" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by actions based on the presence of tag key-value pairs in the request", - "type": "String" + "access_level": "Write", + "description": "Grants permission to create a new Image Recipe", + "privilege": "CreateImageRecipe", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeImages", + "iam:CreateServiceLinkedRole", + "imagebuilder:GetComponent", + "imagebuilder:GetImage", + "imagebuilder:TagResource" + ], + "resource_type": "imageRecipe*" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by actions based on tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to create a new infrastructure configuration", + "privilege": "CreateInfrastructureConfiguration", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "imagebuilder:CreatedResourceTagKeys", + "imagebuilder:CreatedResourceTag/", + "imagebuilder:Ec2MetadataHttpTokens", + "imagebuilder:StatusTopicArn" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "imagebuilder:TagResource", + "sns:Publish" + ], + "resource_type": "infrastructureConfiguration*" + } + ] }, - { - "condition": "aws:TagKeys", - "description": "Filters access by actions based on the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "grafana", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to upgrade a workspace with a license", - "privilege": "AssociateLicense", + "description": "Grants permission to create a new lifecycle policy", + "privilege": "CreateLifecyclePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "imagebuilder:LifecyclePolicyResourceType" + ], "dependent_actions": [ - "aws-marketplace:ViewSubscriptions" + "iam:PassRole", + "imagebuilder:TagResource" ], - "resource_type": "workspace*" + "resource_type": "lifecyclePolicy*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a workspace", - "privilege": "CreateWorkspace", + "description": "Grants permission to create a new workflow", + "privilege": "CreateWorkflow", "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetManagedPrefixListEntries", - "iam:CreateServiceLinkedRole", - "organizations:DescribeOrganization", - "sso:CreateManagedApplicationInstance", - "sso:DescribeRegisteredRegions", - "sso:GetSharedSsoConfiguration" + "imagebuilder:TagResource", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyWithoutPlaintext", + "s3:GetObject", + "s3:ListBucket" ], - "resource_type": "" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to create API keys for a workspace", - "privilege": "CreateWorkspaceApiKey", + "description": "Grants permission to delete a component", + "privilege": "DeleteComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "component*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workspace", - "privilege": "DeleteWorkspace", + "description": "Grants permission to delete a container recipe", + "privilege": "DeleteContainerRecipe", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "workspace*" + "dependent_actions": [], + "resource_type": "containerRecipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete API keys from a workspace", - "privilege": "DeleteWorkspaceApiKey", + "description": "Grants permission to delete a distribution configuration", + "privilege": "DeleteDistributionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "distributionConfiguration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a workspace", - "privilege": "DescribeWorkspace", + "access_level": "Write", + "description": "Grants permission to delete an image", + "privilege": "DeleteImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "image*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe authentication providers on a workspace", - "privilege": "DescribeWorkspaceAuthentication", + "access_level": "Write", + "description": "Grants permission to delete an image pipeline", + "privilege": "DeleteImagePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "imagePipeline*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the current configuration string for the given workspace", - "privilege": "DescribeWorkspaceConfiguration", + "access_level": "Write", + "description": "Grants permission to delete an image recipe", + "privilege": "DeleteImageRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "imageRecipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a license from a workspace", - "privilege": "DisassociateLicense", + "description": "Grants permission to delete an infrastructure configuration", + "privilege": "DeleteInfrastructureConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "infrastructureConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the permissions on a wokspace", - "privilege": "ListPermissions", + "access_level": "Write", + "description": "Grants permission to delete a lifecycle policy", + "privilege": "DeleteLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "lifecyclePolicy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags associated with a workspace", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a workflow", + "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace" + "resource_type": "workflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to list workspaces", - "privilege": "ListWorkspaces", + "description": "Grants permission to view details about a component", + "privilege": "GetComponent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "kms:Decrypt" + ], + "resource_type": "component*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to, or update tag values of, a workspace", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to view the resource policy associated with a component", + "privilege": "GetComponentPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "component*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a workspace", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to view details about a container recipe", + "privilege": "GetContainerRecipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" - }, + "resource_type": "containerRecipe*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the resource policy associated with a container recipe", + "privilege": "GetContainerRecipePolicy", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "containerRecipe*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to modify the permissions on a workspace", - "privilege": "UpdatePermissions", + "access_level": "Read", + "description": "Grants permission to view details about a distribution configuration", + "privilege": "GetDistributionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "distributionConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a workspace", - "privilege": "UpdateWorkspace", + "access_level": "Read", + "description": "Grants permission to view details about an image", + "privilege": "GetImage", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:GetManagedPrefixListEntries", - "iam:CreateServiceLinkedRole" + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "workspace*" + "dependent_actions": [], + "resource_type": "image*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify authentication providers on a workspace", - "privilege": "UpdateWorkspaceAuthentication", + "access_level": "Read", + "description": "Grants permission to view details about an image pipeline", + "privilege": "GetImagePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "imagePipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration string for the given workspace", - "privilege": "UpdateWorkspaceConfiguration", + "access_level": "Read", + "description": "Grants permission to view the resource policy associated with an image", + "privilege": "GetImagePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "image*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:grafana:${Region}:${Account}:/workspaces/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workspace" - } - ], - "service_name": "Amazon Managed Grafana" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by checking tag key/value pairs included in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by checking tag key/value pairs associated with a specific resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by checking tag keys passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "greengrass", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", - "privilege": "AssociateServiceRoleToAccount", + "access_level": "Read", + "description": "Grants permission to view details about an image recipe", + "privilege": "GetImageRecipe", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "imageRecipe*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a list of client devices with a core device", - "privilege": "BatchAssociateClientDeviceWithCoreDevice", + "access_level": "Read", + "description": "Grants permission to view the resource policy associated with an image recipe", + "privilege": "GetImageRecipePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "imageRecipe*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a list of client devices from a core device", - "privilege": "BatchDisassociateClientDeviceFromCoreDevice", + "access_level": "Read", + "description": "Grants permission to view details about an infrastructure configuration", + "privilege": "GetInfrastructureConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "infrastructureConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a deployment", - "privilege": "CancelDeployment", + "access_level": "Read", + "description": "Grants permission to view details about a lifecycle execution", + "privilege": "GetLifecycleExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:CancelJob", - "iot:DeleteThingShadow", - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow", - "iot:UpdateJob", - "iot:UpdateThingShadow" - ], - "resource_type": "deployment*" + "dependent_actions": [], + "resource_type": "lifecycleExecution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a component", - "privilege": "CreateComponentVersion", + "access_level": "Read", + "description": "Grants permission to view details about a lifecycle policy", + "privilege": "GetLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "lifecyclePolicy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a deployment", - "privilege": "CreateDeployment", + "access_level": "Read", + "description": "Grants permission to view details about a workflow", + "privilege": "GetWorkflow", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "iot:CancelJob", - "iot:CreateJob", - "iot:DeleteThingShadow", - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow", - "iot:UpdateJob", - "iot:UpdateThingShadow" + "kms:Decrypt" ], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a component", - "privilege": "DeleteComponent", + "access_level": "Read", + "description": "Grants permission to view details about a workflow execution", + "privilege": "GetWorkflowExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "workflowExecution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a AWS IoT Greengrass core device, which is an AWS IoT thing. This operation removes the core device from the list of core devices. This operation doesn't delete the AWS IoT thing", - "privilege": "DeleteCoreDevice", + "access_level": "Read", + "description": "Grants permission to view details about a workflow step execution", + "privilege": "GetWorkflowStepExecution", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJobExecution" - ], - "resource_type": "coreDevice*" + "dependent_actions": [], + "resource_type": "workflowStepExecution*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a deployment. To delete an active deployment, it needs to be cancelled first", - "privilege": "DeleteDeployment", + "description": "Grants permission to import a new component", + "privilege": "ImportComponent", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [ - "iot:DeleteJob" + "iam:CreateServiceLinkedRole", + "imagebuilder:TagResource", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:GenerateDataKeyWithoutPlaintext" ], - "resource_type": "deployment*" + "resource_type": "component*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metadata for a version of a component", - "privilege": "DescribeComponent", + "access_level": "Write", + "description": "Grants permission to import an image", + "privilege": "ImportVmImage", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeImportImageTasks", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "image*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", - "privilege": "DisassociateServiceRoleFromAccount", + "access_level": "List", + "description": "Grants permission to list the component build versions in your account", + "privilege": "ListComponentBuildVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "componentVersion*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the recipe for a version of a component", - "privilege": "GetComponent", + "access_level": "List", + "description": "Grants permission to list the component versions owned by or shared with your account", + "privilege": "ListComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the pre-signed URL to download a public component artifact", - "privilege": "GetComponentVersionArtifact", + "access_level": "List", + "description": "Grants permission to list the container recipes owned by or shared with your account", + "privilege": "ListContainerRecipes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the connectivity information for a Greengrass core device", - "privilege": "GetConnectivityInfo", + "access_level": "List", + "description": "Grants permission to list the distribution configurations in your account", + "privilege": "ListDistributionConfigurations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:GetThingShadow" - ], - "resource_type": "connectivityInfo*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieves metadata for a AWS IoT Greengrass core device", - "privilege": "GetCoreDevice", + "access_level": "List", + "description": "Grants permission to list the image build versions in your account", + "privilege": "ListImageBuildVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "imageVersion*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a deployment", - "privilege": "GetDeployment", + "access_level": "List", + "description": "Grants permission to return a list of packages installed on the specified image", + "privilege": "ListImagePackages", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" + "condition_keys": [ + "aws:ResourceTag/${TagKey}" ], - "resource_type": "deployment*" + "dependent_actions": [], + "resource_type": "image*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the service role that is attached to an account", - "privilege": "GetServiceRoleForAccount", + "access_level": "List", + "description": "Grants permission to return a list of images created by the specified pipeline", + "privilege": "ListImagePipelineImages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "imagePipeline*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of client devices associated to a AWS IoT Greengrass core device", - "privilege": "ListClientDevicesAssociatedWithCoreDevice", + "description": "Grants permission to list the image pipelines in your account", + "privilege": "ListImagePipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of all versions for a component", - "privilege": "ListComponentVersions", + "description": "Grants permission to list the image recipes owned by or shared with your account", + "privilege": "ListImageRecipes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of component summaries", - "privilege": "ListComponents", + "description": "Grants permission to list aggregations on the image scan findings in your account", + "privilege": "ListImageScanFindingAggregations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "image" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "imagePipeline" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of AWS IoT Greengrass core devices", - "privilege": "ListCoreDevices", + "description": "Grants permission to list the image scan findings for the images in your account", + "privilege": "ListImageScanFindings", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "inspector2:ListFindings" + ], + "resource_type": "image" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "imagePipeline" } ] }, { "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployments", - "privilege": "ListDeployments", + "description": "Grants permission to list the image versions owned by or shared with your account", + "privilege": "ListImages", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieves a paginated list of deployment jobs that AWS IoT Greengrass sends to AWS IoT Greengrass core devices", - "privilege": "ListEffectiveDeployments", + "description": "Grants permission to list the infrastructure configurations in your account", + "privilege": "ListInfrastructureConfigurations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:GetThingShadow" - ], - "resource_type": "coreDevice*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a paginated list of the components that a AWS IoT Greengrass core device runs", - "privilege": "ListInstalledComponents", + "description": "Grants permission to list resources for the specified lifecycle execution", + "privilege": "ListLifecycleExecutionResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDevice*" + "resource_type": "lifecycleExecution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list lifecycle executions for the specified resource", + "privilege": "ListLifecycleExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "componentVersion" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDevice" + "resource_type": "image" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "deployment" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "lifecyclePolicy" } ] }, { "access_level": "List", - "description": "Grants permission to list components that meet the component, version, and platform requirements of a deployment", - "privilege": "ResolveComponentCandidates", + "description": "Grants permission to list the lifecycle policies in your account", + "privilege": "ListLifecyclePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list tags for an Image Builder resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "component" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "componentVersion" + "resource_type": "containerRecipe" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "coreDevice" + "resource_type": "distributionConfiguration" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "deployment" + "resource_type": "image" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component" + "resource_type": "imagePipeline" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "componentVersion" + "resource_type": "imageRecipe" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "coreDevice" + "resource_type": "infrastructureConfiguration" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "deployment" + "resource_type": "lifecyclePolicy" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", - "privilege": "UpdateConnectivityInfo", + "access_level": "List", + "description": "Grants permission to list waiting workflow steps for the caller account", + "privilege": "ListWaitingWorkflowSteps", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:GetThingShadow", - "iot:UpdateThingShadow" - ], - "resource_type": "connectivityInfo*" + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", - "condition_keys": [], - "resource": "connectivityInfo" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "component" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:components:${ComponentName}:versions:${ComponentVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:coreDevices:${CoreDeviceThingName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "coreDevice" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:deployments:${DeploymentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deployment" - } - ], - "service_name": "AWS IoT Greengrass V2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the allowed set of values for each of the mandatory tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag value associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", - "type": "ArrayOfString" - } - ], - "prefix": "greengrass", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a role with a group. The role's permissions must allow Greengrass core Lambda functions and connectors to perform actions in other AWS services", - "privilege": "AssociateRoleToGroup", + "access_level": "List", + "description": "Grants permission to list the workflow build versions in your account", + "privilege": "ListWorkflowBuildVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "workflowVersion*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to associate a role with your account. AWS IoT Greengrass uses this role to access your Lambda functions and AWS IoT resources", - "privilege": "AssociateServiceRoleToAccount", + "access_level": "List", + "description": "Grants permission to list workflow executions for the specified image", + "privilege": "ListWorkflowExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "image*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a connector definition", - "privilege": "CreateConnectorDefinition", + "access_level": "List", + "description": "Grants permission to list workflow step executions for the specified workflow", + "privilege": "ListWorkflowStepExecutions", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflowExecution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a version of an existing connector definition", - "privilege": "CreateConnectorDefinitionVersion", + "access_level": "List", + "description": "Grants permission to list the workflow versions owned by or shared with your account", + "privilege": "ListWorkflows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a core definition", - "privilege": "CreateCoreDefinition", + "access_level": "Permissions management", + "description": "Grants permission to set the resource policy associated with a component", + "privilege": "PutComponentPolicy", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "component*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a version of an existing core definition. Greengrass groups must each contain exactly one Greengrass core", - "privilege": "CreateCoreDefinitionVersion", + "access_level": "Permissions management", + "description": "Grants permission to set the resource policy associated with a container recipe", + "privilege": "PutContainerRecipePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "containerRecipe*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a deployment", - "privilege": "CreateDeployment", + "access_level": "Permissions management", + "description": "Grants permission to set the resource policy associated with an image", + "privilege": "PutImagePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "image*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a device definition", - "privilege": "CreateDeviceDefinition", + "access_level": "Permissions management", + "description": "Grants permission to set the resource policy associated with an image recipe", + "privilege": "PutImageRecipePolicy", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "imageRecipe*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing device definition", - "privilege": "CreateDeviceDefinitionVersion", + "description": "Grants permission to send an action to a workflow step", + "privilege": "SendWorkflowStepAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "image*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflowStepExecution*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Lambda function definition to be used in a group that contains a list of Lambda functions and their configurations", - "privilege": "CreateFunctionDefinition", + "description": "Grants permission to create a new image from a pipeline", + "privilege": "StartImagePipelineExecution", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "imagebuilder:GetImagePipeline" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "imagePipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a version of an existing Lambda function definition", - "privilege": "CreateFunctionDefinitionVersion", + "description": "Grants permission to start a state update for the specified resource", + "privilege": "StartResourceStateUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "image*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a group", - "privilege": "CreateGroup", + "access_level": "Tagging", + "description": "Grants permission to tag an Image Builder resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a CA for the group, or rotate the existing CA", - "privilege": "CreateGroupCertificateAuthority", - "resource_types": [ + "resource_type": "component" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of a group that has already been defined", - "privilege": "CreateGroupVersion", - "resource_types": [ + "resource_type": "containerRecipe" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a logger definition", - "privilege": "CreateLoggerDefinition", - "resource_types": [ + "resource_type": "distributionConfiguration" + }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing logger definition", - "privilege": "CreateLoggerDefinitionVersion", - "resource_types": [ + "resource_type": "image" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "loggerDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a resource definition that contains a list of resources to be used in a group", - "privilege": "CreateResourceDefinition", - "resource_types": [ + "resource_type": "imagePipeline" + }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a version of an existing resource definition", - "privilege": "CreateResourceDefinitionVersion", - "resource_types": [ + "resource_type": "imageRecipe" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "resourceDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS IoT job that will trigger your Greengrass cores to update the software they are running", - "privilege": "CreateSoftwareUpdateJob", - "resource_types": [ + "resource_type": "infrastructureConfiguration" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a subscription definition", - "privilege": "CreateSubscriptionDefinition", - "resource_types": [ + "resource_type": "lifecyclePolicy" + }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a version of an existing subscription definition", - "privilege": "CreateSubscriptionDefinitionVersion", + "access_level": "Tagging", + "description": "Grants permission to untag an Image Builder resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a connector definition", - "privilege": "DeleteConnectorDefinition", - "resource_types": [ + "resource_type": "component" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "connectorDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a core definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteCoreDefinition", - "resource_types": [ + "resource_type": "containerRecipe" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "coreDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a device definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteDeviceDefinition", - "resource_types": [ + "resource_type": "distributionConfiguration" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "deviceDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a Lambda function definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteFunctionDefinition", - "resource_types": [ + "resource_type": "image" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a group that is not currently in use in a deployment", - "privilege": "DeleteGroup", - "resource_types": [ + "resource_type": "imagePipeline" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a logger definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteLoggerDefinition", - "resource_types": [ + "resource_type": "imageRecipe" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "infrastructureConfiguration" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "lifecyclePolicy" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "workflow" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a resource definition", - "privilege": "DeleteResourceDefinition", + "description": "Grants permission to update an existing distribution configuration", + "privilege": "UpdateDistributionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "distributionConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a subscription definition. Deleting a definition that is currently in use in a deployment affects future deployments", - "privilege": "DeleteSubscriptionDefinition", + "description": "Grants permission to update an existing image pipeline", + "privilege": "UpdateImagePipeline", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "imagebuilder:GetContainerRecipe", + "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImageRecipe", + "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetWorkflow" + ], + "resource_type": "imagePipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the role from a group", - "privilege": "DisassociateRoleFromGroup", + "description": "Grants permission to update an existing infrastructure configuration", + "privilege": "UpdateInfrastructureConfiguration", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "imagebuilder:CreatedResourceTagKeys", + "imagebuilder:CreatedResourceTag/", + "imagebuilder:Ec2MetadataHttpTokens", + "imagebuilder:StatusTopicArn" + ], + "dependent_actions": [ + "iam:PassRole", + "sns:Publish" + ], + "resource_type": "infrastructureConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the service role from an account. Without a service role, deployments will not work", - "privilege": "DisassociateServiceRoleFromAccount", + "description": "Grants permission to update an existing lifecycle policy", + "privilege": "UpdateLifecyclePolicy", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "condition_keys": [ + "imagebuilder:LifecyclePolicyResourceType" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "lifecyclePolicy*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/${ComponentBuildVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "component" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information required to connect to a Greengrass core", - "privilege": "Discover", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "componentVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the role associated with a group", - "privilege": "GetAssociatedRole", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:distribution-configuration/${DistributionConfigurationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "distributionConfiguration" }, { - "access_level": "Read", - "description": "Grants permission to return the status of a bulk deployment", - "privilege": "GetBulkDeploymentStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bulkDeployment*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/${ImageBuildVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "image" }, { - "access_level": "Read", - "description": "Grants permission to retrieve the connectivity information for a core", - "privilege": "GetConnectivityInfo", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectivityInfo*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "imageVersion" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a connector definition", - "privilege": "GetConnectorDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image-recipe/${ImageRecipeName}/${ImageRecipeVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "imageRecipe" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a connector definition version", - "privilege": "GetConnectorDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinitionVersion*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:container-recipe/${ContainerRecipeName}/${ContainerRecipeVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "containerRecipe" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a core definition", - "privilege": "GetCoreDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image-pipeline/${ImagePipelineName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "imagePipeline" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a core definition version", - "privilege": "GetCoreDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinitionVersion*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:infrastructure-configuration/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "infrastructureConfiguration" }, { - "access_level": "Read", - "description": "Grants permission to return the status of a deployment", - "privilege": "GetDeploymentStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deployment*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] + "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", + "condition_keys": [], + "resource": "kmsKey" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a device definition", - "privilege": "GetDeviceDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:lifecycle-execution/${LifecycleExecutionId}", + "condition_keys": [], + "resource": "lifecycleExecution" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a device definition version", - "privilege": "GetDeviceDefinitionVersion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinitionVersion*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:lifecycle-policy/${LifecyclePolicyName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "lifecyclePolicy" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a Lambda function definition, such as its creation time and latest version", - "privilege": "GetFunctionDefinition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition*" - } - ] + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}/${WorkflowBuildVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workflow" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a Lambda function definition version, such as which Lambda functions are included in the version and their configurations", - "privilege": "GetFunctionDefinitionVersion", + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workflowVersion" + }, + { + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-execution/${WorkflowExecutionId}", + "condition_keys": [], + "resource": "workflowExecution" + }, + { + "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-step-execution/${WorkflowStepExecutionId}", + "condition_keys": [], + "resource": "workflowStepExecution" + } + ], + "service_name": "Amazon EC2 Image Builder" + }, + { + "conditions": [], + "prefix": "importexport", + "privileges": [ + { + "access_level": "Write", + "description": "This action cancels a specified job. Only the job owner can cancel it. The action fails if the job has already started or is complete.", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinitionVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a group", - "privilege": "GetGroup", + "access_level": "Write", + "description": "This action initiates the process of scheduling an upload or download of your data.", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to return the public key of the CA associated with a group", - "privilege": "GetGroupCertificateAuthority", + "description": "This action generates a pre-paid shipping label that you will use to ship your device to AWS for processing.", + "privilege": "GetShippingLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "certificateAuthority*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the current configuration for the CA used by a group", - "privilege": "GetGroupCertificateConfiguration", + "description": "This action returns information about a job, including where the job is in the processing pipeline, the status of the results, and the signature value associated with the job.", + "privilege": "GetStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a group version", - "privilege": "GetGroupVersion", + "access_level": "List", + "description": "This action returns the jobs associated with the requester.", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "groupVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a logger definition", - "privilege": "GetLoggerDefinition", + "access_level": "Write", + "description": "You use this action to change the parameters specified in the original manifest file by supplying a new manifest file.", + "privilege": "UpdateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Import Export Disk Service" + }, + { + "conditions": [], + "prefix": "inspector", + "privileges": [ { - "access_level": "Read", - "description": "Grants permission to retrieve information about a logger definition version", - "privilege": "GetLoggerDefinitionVersion", + "access_level": "Write", + "description": "Grants permission to assign attributes (key and value pairs) to the findings that are specified by the ARNs of the findings", + "privilege": "AddAttributesToFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinitionVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a resource definition, such as its creation time and latest version", - "privilege": "GetResourceDefinition", + "access_level": "Write", + "description": "Grants permission to create a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup", + "privilege": "CreateAssessmentTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a resource definition version, such as which resources are included in the version", - "privilege": "GetResourceDefinitionVersion", + "access_level": "Write", + "description": "Grants permission to create an assessment template for the assessment target that is specified by the ARN of the assessment target", + "privilege": "CreateAssessmentTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinitionVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the service role that is attached to an account", - "privilege": "GetServiceRoleForAccount", + "access_level": "Write", + "description": "Grants permission to start the generation of an exclusions preview for the specified assessment template", + "privilege": "CreateExclusionsPreview", "resource_types": [ { "condition_keys": [], @@ -117722,62 +142099,57 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a subscription definition", - "privilege": "GetSubscriptionDefinition", + "access_level": "Write", + "description": "Grants permission to create a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target", + "privilege": "CreateResourceGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a subscription definition version", - "privilege": "GetSubscriptionDefinitionVersion", + "access_level": "Write", + "description": "Grants permission to delete the assessment run that is specified by the ARN of the assessment run", + "privilege": "DeleteAssessmentRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinitionVersion*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve runtime configuration of a thing", - "privilege": "GetThingRuntimeConfiguration", + "access_level": "Write", + "description": "Grants permission to delete the assessment target that is specified by the ARN of the assessment target", + "privilege": "DeleteAssessmentTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingRuntimeConfig*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a paginated list of the deployments that have been started in a bulk deployment operation and their current deployment status", - "privilege": "ListBulkDeploymentDetailedReports", + "access_level": "Write", + "description": "Grants permission to delete the assessment template that is specified by the ARN of the assessment template", + "privilege": "DeleteAssessmentTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of bulk deployments", - "privilege": "ListBulkDeployments", + "access_level": "Read", + "description": "Grants permission to describe the assessment runs that are specified by the ARNs of the assessment runs", + "privilege": "DescribeAssessmentRuns", "resource_types": [ { "condition_keys": [], @@ -117787,21 +142159,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a connector definition", - "privilege": "ListConnectorDefinitionVersions", + "access_level": "Read", + "description": "Grants permission to describe the assessment targets that are specified by the ARNs of the assessment targets", + "privilege": "DescribeAssessmentTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of connector definitions", - "privilege": "ListConnectorDefinitions", + "access_level": "Read", + "description": "Grants permission to describe the assessment templates that are specified by the ARNs of the assessment templates", + "privilege": "DescribeAssessmentTemplates", "resource_types": [ { "condition_keys": [], @@ -117811,21 +142183,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a core definition", - "privilege": "ListCoreDefinitionVersions", + "access_level": "Read", + "description": "Grants permission to describe the IAM role that enables Amazon Inspector to access your AWS account", + "privilege": "DescribeCrossAccountAccessRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of core definitions", - "privilege": "ListCoreDefinitions", + "access_level": "Read", + "description": "Grants permission to describe the exclusions that are specified by the exclusions' ARNs", + "privilege": "DescribeExclusions", "resource_types": [ { "condition_keys": [], @@ -117835,33 +142207,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of all deployments for a group", - "privilege": "ListDeployments", + "access_level": "Read", + "description": "Grants permission to describe the findings that are specified by the ARNs of the findings", + "privilege": "DescribeFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a device definition", - "privilege": "ListDeviceDefinitionVersions", + "access_level": "Read", + "description": "Grants permission to describe the resource groups that are specified by the ARNs of the resource groups", + "privilege": "DescribeResourceGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of device definitions", - "privilege": "ListDeviceDefinitions", + "access_level": "Read", + "description": "Grants permission to describe the rules packages that are specified by the ARNs of the rules packages", + "privilege": "DescribeRulesPackages", "resource_types": [ { "condition_keys": [], @@ -117871,21 +142243,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of a Lambda function definition", - "privilege": "ListFunctionDefinitionVersions", + "access_level": "Read", + "description": "Grants permission to produce an assessment report that includes detailed and comprehensive results of a specified assessment run", + "privilege": "GetAssessmentReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of Lambda function definitions", - "privilege": "ListFunctionDefinitions", + "access_level": "Read", + "description": "Grants permission to retrieve the exclusions preview (a list of ExclusionPreview objects) specified by the preview token", + "privilege": "GetExclusionsPreview", "resource_types": [ { "condition_keys": [], @@ -117895,33 +142267,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of current CAs for a group", - "privilege": "ListGroupCertificateAuthorities", + "access_level": "Read", + "description": "Grants permission to get information about the data that is collected for the specified assessment run", + "privilege": "GetTelemetryMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the versions of a group", - "privilege": "ListGroupVersions", + "description": "Grants permission to list the agents of the assessment runs that are specified by the ARNs of the assessment runs", + "privilege": "ListAssessmentRunAgents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of groups", - "privilege": "ListGroups", + "description": "Grants permission to list the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates", + "privilege": "ListAssessmentRuns", "resource_types": [ { "condition_keys": [], @@ -117932,20 +142304,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the versions of a logger definition", - "privilege": "ListLoggerDefinitionVersions", + "description": "Grants permission to list the ARNs of the assessment targets within this AWS account", + "privilege": "ListAssessmentTargets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of logger definitions", - "privilege": "ListLoggerDefinitions", + "description": "Grants permission to list the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets", + "privilege": "ListAssessmentTemplates", "resource_types": [ { "condition_keys": [], @@ -117956,20 +142328,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the versions of a resource definition", - "privilege": "ListResourceDefinitionVersions", + "description": "Grants permission to list all the event subscriptions for the assessment template that is specified by the ARN of the assessment template", + "privilege": "ListEventSubscriptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of resource definitions", - "privilege": "ListResourceDefinitions", + "description": "Grants permission to list exclusions that are generated by the assessment run", + "privilege": "ListExclusions", "resource_types": [ { "condition_keys": [], @@ -117980,20 +142352,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the versions of a subscription definition", - "privilege": "ListSubscriptionDefinitionVersions", + "description": "Grants permission to list findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of subscription definitions", - "privilege": "ListSubscriptionDefinitions", + "description": "Grants permission to list all available Amazon Inspector rules packages", + "privilege": "ListRulesPackages", "resource_types": [ { "condition_keys": [], @@ -118004,86 +142376,35 @@ }, { "access_level": "Read", - "description": "Grants permission to list the tags for a resource", + "description": "Grants permission to list all tags associated with an assessment template", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset a group's deployments", - "privilege": "ResetDeployments", + "access_level": "Read", + "description": "Grants permission to preview the agents installed on the EC2 instances that are part of the specified assessment target", + "privilege": "PreviewAgents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deploy multiple groups in one operation", - "privilege": "StartBulkDeployment", + "description": "Grants permission to register the IAM role that Amazon Inspector uses to list your EC2 instances at the start of the assessment run or when you call the PreviewAgents action", + "privilege": "RegisterCrossAccountAccessRole", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -118091,487 +142412,223 @@ }, { "access_level": "Write", - "description": "Grants permission to stop the execution of a bulk deployment", - "privilege": "StopBulkDeployment", + "description": "Grants permission to remove entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists", + "privilege": "RemoveAttributesFromFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "description": "Grants permission to set tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template", + "privilege": "SetTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to start the assessment run specified by the ARN of the assessment template", + "privilege": "StartAssessmentRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bulkDeployment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connectorDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "coreDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "deviceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "functionDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "loggerDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "resourceDefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subscriptionDefinition" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the connectivity information for a Greengrass core. Any devices that belong to the group that has this core will receive this information in order to find the location of the core and connect to it", - "privilege": "UpdateConnectivityInfo", + "description": "Grants permission to stop the assessment run that is specified by the ARN of the assessment run", + "privilege": "StopAssessmentRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectivityInfo*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a connector definition", - "privilege": "UpdateConnectorDefinition", + "description": "Grants permission to enable the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic", + "privilege": "SubscribeToEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connectorDefinition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a core definition", - "privilege": "UpdateCoreDefinition", + "description": "Grants permission to disable the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic", + "privilege": "UnsubscribeFromEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "coreDefinition*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a device definition", - "privilege": "UpdateDeviceDefinition", + "description": "Grants permission to update the assessment target that is specified by the ARN of the assessment target", + "privilege": "UpdateAssessmentTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "deviceDefinition*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "Amazon Inspector" + }, + { + "conditions": [], + "prefix": "inspector-scan", + "privileges": [ { - "access_level": "Write", - "description": "Grants permission to update a Lambda function definition", - "privilege": "UpdateFunctionDefinition", + "access_level": "Read", + "description": "Grants permission to scan the customer provided SBOM and return vulnerabilities detected within", + "privilege": "ScanSbom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "functionDefinition*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "Amazon InspectorScan" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "inspector2", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to update a group", - "privilege": "UpdateGroup", + "description": "Grants permission to associate an account with an Amazon Inspector administrator account", + "privilege": "AssociateMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the certificate expiry time for a group", - "privilege": "UpdateGroupCertificateConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve information about Amazon Inspector accounts for an account", + "privilege": "BatchGetAccountStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a logger definition", - "privilege": "UpdateLoggerDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve code snippet information about one or more code vulnerability findings", + "privilege": "BatchGetCodeSnippet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "loggerDefinition*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a resource definition", - "privilege": "UpdateResourceDefinition", + "access_level": "Read", + "description": "Grants permission to let a customer get enhanced vulnerability intelligence details for findings", + "privilege": "BatchGetFindingDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourceDefinition*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a subscription definition", - "privilege": "UpdateSubscriptionDefinition", + "access_level": "Read", + "description": "Grants permission to retrieve free trial period eligibility about Amazon Inspector accounts for an account", + "privilege": "BatchGetFreeTrialInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subscriptionDefinition*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update runtime configuration of a thing", - "privilege": "UpdateThingRuntimeConfiguration", + "access_level": "Read", + "description": "Grants permission to delegated administrator to retrieve ec2 deep inspection status of member accounts", + "privilege": "BatchGetMemberEc2DeepInspectionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingRuntimeConfig*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/connectivityInfo", - "condition_keys": [], - "resource": "connectivityInfo" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/certificateauthorities/${CertificateAuthorityId}", - "condition_keys": [], - "resource": "certificateAuthority" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/deployments/${DeploymentId}", - "condition_keys": [], - "resource": "deployment" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/bulk/deployments/${BulkDeploymentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "bulkDeployment" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "group" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}/versions/${VersionId}", - "condition_keys": [], - "resource": "groupVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "coreDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "coreDefinitionVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "deviceDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "deviceDefinitionVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "functionDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "functionDefinitionVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "subscriptionDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "subscriptionDefinitionVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "loggerDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "loggerDefinitionVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "resourceDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "resourceDefinitionVersion" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connectorDefinition" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/connectors/${ConnectorDefinitionId}/versions/${VersionId}", - "condition_keys": [], - "resource": "connectorDefinitionVersion" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", - "condition_keys": [], - "resource": "thing" - }, - { - "arn": "arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/things/${ThingName}/runtimeconfig", - "condition_keys": [], - "resource": "thingRuntimeConfig" - } - ], - "service_name": "AWS IoT Greengrass" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "groundstation:AgentId", - "description": "Filters access by the ID of an agent", - "type": "String" - }, - { - "condition": "groundstation:ConfigId", - "description": "Filters access by the ID of a config", - "type": "String" - }, - { - "condition": "groundstation:ConfigType", - "description": "Filters access by the type of a config", - "type": "String" - }, - { - "condition": "groundstation:ContactId", - "description": "Filters access by the ID of a contact", - "type": "String" - }, - { - "condition": "groundstation:DataflowEndpointGroupId", - "description": "Filters access by the ID of a dataflow endpoint group", - "type": "String" - }, - { - "condition": "groundstation:EphemerisId", - "description": "Filters access by the ID of an ephemeris", - "type": "String" - }, - { - "condition": "groundstation:GroundStationId", - "description": "Filters access by the ID of a ground station", - "type": "String" - }, - { - "condition": "groundstation:MissionProfileId", - "description": "Filters access by the ID of a mission profile", - "type": "String" - }, - { - "condition": "groundstation:SatelliteId", - "description": "Filters access by the ID of a satellite", - "type": "String" - } - ], - "prefix": "groundstation", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to cancel a contact", - "privilege": "CancelContact", + "description": "Grants permission to update ec2 deep inspection status by delegated administrator for its associated member accounts", + "privilege": "BatchUpdateMemberEc2DeepInspectionStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Contact*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a configuration", - "privilege": "CreateConfig", + "description": "Grants permission to cancel the generation of a findings report", + "privilege": "CancelFindingsReport", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -118579,14 +142636,11 @@ }, { "access_level": "Write", - "description": "Grants permission to create a data flow endpoint group", - "privilege": "CreateDataflowEndpointGroup", + "description": "Grants permission to cancel the generation of an SBOM report", + "privilege": "CancelSbomExport", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -118594,11 +142648,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create an ephemeris item", - "privilege": "CreateEphemeris", + "description": "Grants permission to create and define the settings for a CIS scan configuration", + "privilege": "CreateCisScanConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CIS Scan Configuration*" + }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -118609,9 +142669,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a mission profile", - "privilege": "CreateMissionProfile", + "description": "Grants permission to create and define the settings for a findings filter", + "privilege": "CreateFilter", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Filter*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -118624,116 +142689,123 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a config", - "privilege": "DeleteConfig", + "description": "Grants permission to request the generation of a findings report", + "privilege": "CreateFindingsReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a data flow endpoint group", - "privilege": "DeleteDataflowEndpointGroup", + "description": "Grants permission to request the generation of an SBOM report", + "privilege": "CreateSbomExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataflowEndpointGroup*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an ephemeris item", - "privilege": "DeleteEphemeris", + "description": "Grants permission to delete a CIS scan configuration", + "privilege": "DeleteCisScanConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EphemerisItem*" + "resource_type": "CIS Scan Configuration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a mission profile", - "privilege": "DeleteMissionProfile", + "description": "Grants permission to delete a findings filter", + "privilege": "DeleteFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile*" + "resource_type": "Filter*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a contact", - "privilege": "DescribeContact", + "description": "Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS organization", + "privilege": "DescribeOrganizationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Contact*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an ephemeris item", - "privilege": "DescribeEphemeris", + "access_level": "Write", + "description": "Grants permission to disable an Amazon Inspector account", + "privilege": "Disable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EphemerisItem*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the configuration of an agent", - "privilege": "GetAgentConfiguration", + "access_level": "Write", + "description": "Grants permission to disable an account as the delegated Amazon Inspector administrator account for an AWS organization", + "privilege": "DisableDelegatedAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Agent*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a configuration", - "privilege": "GetConfig", + "access_level": "Write", + "description": "Grants permission to an Amazon Inspector administrator account to disassociate from an Inspector member account", + "privilege": "DisassociateMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a data flow endpoint group", - "privilege": "GetDataflowEndpointGroup", + "access_level": "Write", + "description": "Grants permission to enable and specify the configuration settings for a new Amazon Inspector account", + "privilege": "Enable", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DataflowEndpointGroup*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return minutes usage", - "privilege": "GetMinuteUsage", + "access_level": "Write", + "description": "Grants permission to enable an account as the delegated Amazon Inspector administrator account for an AWS organization", + "privilege": "EnableDelegatedAdminAccount", "resource_types": [ { "condition_keys": [], @@ -118744,32 +142816,32 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a mission profile", - "privilege": "GetMissionProfile", + "description": "Grants permission to retrieve a report containing information about completed CIS scans", + "privilege": "GetCisScanReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about a satellite", - "privilege": "GetSatellite", + "access_level": "List", + "description": "Grants permission to retrieve information about all details pertaining to one CIS scan and one targeted resource", + "privilege": "GetCisScanResultDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Satellite*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of past configurations", - "privilege": "ListConfigs", + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS account", + "privilege": "GetConfiguration", "resource_types": [ { "condition_keys": [], @@ -118779,9 +142851,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of contacts", - "privilege": "ListContacts", + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Inspector administrator account for an account", + "privilege": "GetDelegatedAdminAccount", "resource_types": [ { "condition_keys": [], @@ -118791,9 +142863,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list data flow endpoint groups", - "privilege": "ListDataflowEndpointGroups", + "access_level": "Read", + "description": "Grants permission to retrieve ec2 deep inspection configuration for standalone accounts, delegated administrator and member account", + "privilege": "GetEc2DeepInspectionConfiguration", "resource_types": [ { "condition_keys": [], @@ -118803,9 +142875,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list ephemerides", - "privilege": "ListEphemerides", + "access_level": "Read", + "description": "Grants permission to retrieve information about the KMS key used to encrypt code snippets with", + "privilege": "GetEncryptionKey", "resource_types": [ { "condition_keys": [], @@ -118815,9 +142887,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list ground stations", - "privilege": "ListGroundStations", + "access_level": "Read", + "description": "Grants permission to retrieve status for a requested findings report", + "privilege": "GetFindingsReportStatus", "resource_types": [ { "condition_keys": [], @@ -118827,9 +142899,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return a list of mission profiles", - "privilege": "ListMissionProfiles", + "access_level": "Read", + "description": "Grants permission to retrieve information about an account that's associated with an Amazon Inspector administrator account", + "privilege": "GetMember", "resource_types": [ { "condition_keys": [], @@ -118839,9 +142911,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list satellites", - "privilege": "ListSatellites", + "access_level": "Read", + "description": "Grants permission to retrieve a requested SBOM report", + "privilege": "GetSbomExport", "resource_types": [ { "condition_keys": [], @@ -118851,36 +142923,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to retrieve feature configuration permissions associated with an Amazon Inspector account within an organization", + "privilege": "ListAccountPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataflowEndpointGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MissionProfile" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an agent", - "privilege": "RegisterAgent", + "access_level": "List", + "description": "Grants permission to retrieve information about all CIS scan configurations", + "privilege": "ListCisScanConfigurations", "resource_types": [ { "condition_keys": [], @@ -118890,222 +142947,117 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reserve a contact", - "privilege": "ReserveContact", + "access_level": "List", + "description": "Grants permission to retrieve information about all checks pertaining to one CIS scan", + "privilege": "ListCisScanResultsAggregatedByChecks", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign a resource tag", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to retrieve information about all resources pertaining to one CIS scan", + "privilege": "ListCisScanResultsAggregatedByTargetResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataflowEndpointGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "EphemerisItem" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MissionProfile" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to unassign a resource tag", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to retrieve information about completed CIS scans", + "privilege": "ListCisScans", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Contact" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DataflowEndpointGroup" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors", + "privilege": "ListCoverage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EphemerisItem" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve statistical data and other information about the resources Amazon Inspector monitors", + "privilege": "ListCoverageStatistics", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status of an agent", - "privilege": "UpdateAgentStatus", + "access_level": "List", + "description": "Grants permission to retrieve information about the delegated Amazon Inspector administrator account for an AWS organization", + "privilege": "ListDelegatedAdminAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Agent*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a configuration", - "privilege": "UpdateConfig", + "access_level": "List", + "description": "Grants permission to retrieve information about all findings filters", + "privilege": "ListFilters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Config*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an ephemeris item", - "privilege": "UpdateEphemeris", + "access_level": "List", + "description": "Grants permission to retrieve statistical data and other information about Amazon Inspector findings", + "privilege": "ListFindingAggregations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EphemerisItem*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a mission profile", - "privilege": "UpdateMissionProfile", + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about one or more findings", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MissionProfile*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:config/${ConfigType}/${ConfigId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:ConfigId", - "groundstation:ConfigType" - ], - "resource": "Config" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:contact/${ContactId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:ContactId" - ], - "resource": "Contact" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:dataflow-endpoint-group/${DataflowEndpointGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:DataflowEndpointGroupId" - ], - "resource": "DataflowEndpointGroup" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:ephemeris/${EphemerisId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:EphemerisId" - ], - "resource": "EphemerisItem" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:groundstation:${GroundStationId}", - "condition_keys": [ - "groundstation:GroundStationId" - ], - "resource": "GroundStationResource" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:mission-profile/${MissionProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "groundstation:MissionProfileId" - ], - "resource": "MissionProfile" - }, - { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:satellite/${SatelliteId}", - "condition_keys": [ - "groundstation:SatelliteId" - ], - "resource": "Satellite" }, { - "arn": "arn:${Partition}:groundstation:${Region}:${Account}:agent/${AgentId}", - "condition_keys": [ - "groundstation:AgentId" - ], - "resource": "Agent" - } - ], - "service_name": "AWS Ground Station" - }, - { - "conditions": [], - "prefix": "groundtruthlabeling", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate a patch file with the manifest file to update the manifest file", - "privilege": "AssociatePatchToManifestJob", + "access_level": "List", + "description": "Grants permission to retrieve information about the Amazon Inspector member accounts that are associated with an Inspector administrator account", + "privilege": "ListMembers", "resource_types": [ { "condition_keys": [], @@ -119116,8 +143068,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get status of GroundTruthLabeling Jobs", - "privilege": "DescribeConsoleJob", + "description": "Grants permission to retrieve the tags for an Amazon Inspector resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -119127,9 +143079,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list dataset objects in a manifest file", - "privilege": "ListDatasetObjects", + "access_level": "List", + "description": "Grants permission to retrieve aggregated usage data for an account", + "privilege": "ListUsageTotals", "resource_types": [ { "condition_keys": [], @@ -119140,8 +143092,8 @@ }, { "access_level": "Write", - "description": "Grants permission to filter records from a manifest file using S3 select. Get sample entries based on random sampling", - "privilege": "RunFilterOrSampleDatasetJob", + "description": "Grants permission to let a customer reset to use an Amazon-owned KMS key to encrypt code snippets with", + "privilege": "ResetEncryptionKey", "resource_types": [ { "condition_keys": [], @@ -119151,9 +143103,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to list a S3 prefix and create manifest files from objects in that location", - "privilege": "RunGenerateManifestByCrawlingJob", + "access_level": "Read", + "description": "Grants permission to list Amazon Inspector coverage details for a specific vulnerability", + "privilege": "SearchVulnerabilities", "resource_types": [ { "condition_keys": [], @@ -119161,35 +143113,23 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon GroundTruth Labeling" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key-value pairs in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to send CIS health for a CIS scan", + "privilege": "SendCisSessionHealth", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "guardduty", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept invitations to become a GuardDuty member account", - "privilege": "AcceptAdministratorInvitation", + "description": "Grants permission to send CIS telemetry for a CIS scan", + "privilege": "SendCisSessionTelemetry", "resource_types": [ { "condition_keys": [], @@ -119200,8 +143140,8 @@ }, { "access_level": "Write", - "description": "Grants permission to accept invitations to become a GuardDuty member account", - "privilege": "AcceptInvitation", + "description": "Grants permission to start a CIS scan session", + "privilege": "StartCisSession", "resource_types": [ { "condition_keys": [], @@ -119212,8 +143152,8 @@ }, { "access_level": "Write", - "description": "Grants permission to archive GuardDuty findings", - "privilege": "ArchiveFindings", + "description": "Grants permission to stop a CIS scan session", + "privilege": "StopCisSession", "resource_types": [ { "condition_keys": [], @@ -119223,14 +143163,29 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a detector", - "privilege": "CreateDetector", + "access_level": "Tagging", + "description": "Grants permission to add or update the tags for an Amazon Inspector resource", + "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [ + "inspector2:Cis Scan Configuration" + ], + "dependent_actions": [], + "resource_type": "CIS Scan Configuration" + }, + { + "condition_keys": [ + "inspector2:Filter" + ], + "dependent_actions": [], + "resource_type": "Filter" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -119238,18 +143193,27 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create GuardDuty filters. A filters defines finding attributes and conditions used to filter findings", - "privilege": "CreateFilter", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon Inspector resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "inspector2:Cis Scan Configuration" + ], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "CIS Scan Configuration" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", + "inspector2:Filter" + ], + "dependent_actions": [], + "resource_type": "Filter" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -119259,26 +143223,27 @@ }, { "access_level": "Write", - "description": "Grants permission to create an IPSet", - "privilege": "CreateIPSet", + "description": "Grants permission to update the settings for a CIS scan configuration", + "privilege": "UpdateCisScanConfiguration", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CIS Scan Configuration*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:DeleteRolePolicy", - "iam:PutRolePolicy" + "aws:ResourceTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create GuardDuty member accounts, where the account used to create a member becomes the GuardDuty administrator account", - "privilege": "CreateMembers", + "description": "Grants permission to update information about the Amazon Inspector configuration settings for an AWS account", + "privilege": "UpdateConfiguration", "resource_types": [ { "condition_keys": [], @@ -119289,23 +143254,20 @@ }, { "access_level": "Write", - "description": "Grants permission to create a publishing destination", - "privilege": "CreatePublishingDestination", + "description": "Grants permission to update ec2 deep inspection configuration by delegated administrator, member and standalone account", + "privilege": "UpdateEc2DeepInspectionConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject", - "s3:ListBucket" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create sample findings", - "privilege": "CreateSampleFindings", + "description": "Grants permission to let a customer use a KMS key to encrypt code snippets with", + "privilege": "UpdateEncryptionKey", "resource_types": [ { "condition_keys": [], @@ -119316,9 +143278,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create GuardDuty ThreatIntelSets, where a ThreatIntelSet consists of known malicious IP addresses used by GuardDuty to generate findings", - "privilege": "CreateThreatIntelSet", + "description": "Grants permission to update the settings for a findings filter", + "privilege": "UpdateFilter", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Filter*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -119331,8 +143298,8 @@ }, { "access_level": "Write", - "description": "Grants permission to decline invitations to become a GuardDuty member account", - "privilege": "DeclineInvitations", + "description": "Grants permission to update ec2 deep inspection configuration by delegated administrator for its associated member accounts", + "privilege": "UpdateOrgEc2DeepInspectionConfiguration", "resource_types": [ { "condition_keys": [], @@ -119343,56 +143310,156 @@ }, { "access_level": "Write", - "description": "Grants permission to delete GuardDuty detectors", - "privilege": "DeleteDetector", + "description": "Grants permission to update Amazon Inspector configuration settings for an AWS organization", + "privilege": "UpdateOrganizationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/filter/${FilterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Filter" + }, + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:finding/${FindingId}", + "condition_keys": [], + "resource": "Finding" + }, + { + "arn": "arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/cis-configuration/${CISScanConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "CIS Scan Configuration" + } + ], + "service_name": "Amazon Inspector2" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "internetmonitor", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete GuardDuty filters", - "privilege": "DeleteFilter", + "description": "Grants permission to create a monitor", + "privilege": "CreateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "Monitor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete GuardDuty IPSets", - "privilege": "DeleteIPSet", + "description": "Grants permission to delete a monitor", + "privilege": "DeleteMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset*" + "resource_type": "Monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete invitations to become a GuardDuty member account", - "privilege": "DeleteInvitations", + "access_level": "Read", + "description": "Grants permission to get information about a health event for a specified monitor", + "privilege": "GetHealthEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "HealthEvent*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a specified internet event", + "privilege": "GetInternetEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InternetEvent*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a monitor", + "privilege": "GetMonitor", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Monitor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get results for a data query for a monitor", + "privilege": "GetQueryResults", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Monitor*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get status for a data query for a monitor", + "privilege": "GetQueryStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Monitor*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete GuardDuty member accounts", - "privilege": "DeleteMembers", + "description": "Grants permission to share Internet Monitor resources with a monitoring account", + "privilege": "Link", "resource_types": [ { "condition_keys": [], @@ -119402,33 +143469,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a publishing destination", - "privilege": "DeletePublishingDestination", + "access_level": "List", + "description": "Grants permission to list all health events for a monitor", + "privilege": "ListHealthEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishingDestination*" + "resource_type": "Monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete GuardDuty ThreatIntelSets", - "privilege": "DeleteThreatIntelSet", + "access_level": "List", + "description": "Grants permission to list all internet events", + "privilege": "ListInternetEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details about malware scans", - "privilege": "DescribeMalwareScans", + "access_level": "List", + "description": "Grants permission to list all monitors in an account and their statuses", + "privilege": "ListMonitors", "resource_types": [ { "condition_keys": [], @@ -119439,80 +143506,121 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve details about the delegated administrator associated with a GuardDuty detector", - "privilege": "DescribeOrganizationConfiguration", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Monitor*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about a publishing destination", - "privilege": "DescribePublishingDestination", + "description": "Grants permission to start a data query for a monitor", + "privilege": "StartQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "publishingDestination*" + "resource_type": "Monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable the organization delegated administrator for GuardDuty", - "privilege": "DisableOrganizationAdminAccount", + "access_level": "Read", + "description": "Grants permission to stop a data query for a monitor", + "privilege": "StopQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", - "privilege": "DisassociateFromAdministratorAccount", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Monitor*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a GuardDuty member account from its GuardDuty administrator account", - "privilege": "DisassociateFromMasterAccount", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Monitor*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate GuardDuty member accounts from their administrator GuardDuty account", - "privilege": "DisassociateMembers", + "description": "Grants permission to update a monitor", + "privilege": "UpdateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Monitor*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:internetmonitor:${Region}:${Account}:monitor/${MonitorName}/health-event/${EventId}", + "condition_keys": [], + "resource": "HealthEvent" }, { - "access_level": "Write", - "description": "Grants permission to enable an organization delegated administrator for GuardDuty", - "privilege": "EnableOrganizationAdminAccount", + "arn": "arn:${Partition}:internetmonitor:${Region}:${Account}:monitor/${MonitorName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Monitor" + }, + { + "arn": "arn:${Partition}:internetmonitor::${Account}:internet-event/${InternetEventId}", + "condition_keys": [], + "resource": "InternetEvent" + } + ], + "service_name": "Amazon CloudWatch Internet Monitor" + }, + { + "conditions": [], + "prefix": "invoicing", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get Invoice Email Delivery Preferences", + "privilege": "GetInvoiceEmailDeliveryPreferences", "resource_types": [ { "condition_keys": [], @@ -119523,8 +143631,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", - "privilege": "GetAdministratorAccount", + "description": "Grants permission to get Invoice PDF", + "privilege": "GetInvoicePDF", "resource_types": [ { "condition_keys": [], @@ -119535,116 +143643,205 @@ }, { "access_level": "Read", - "description": "Grants permission to list Amazon GuardDuty coverage statistics for the specified GuardDuty account in a Region", - "privilege": "GetCoverageStatistics", + "description": "Grants permission to get Invoice summary information for your account or linked account", + "privilege": "ListInvoiceSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty detectors", - "privilege": "GetDetector", + "access_level": "Write", + "description": "Grants permission to put Invoice Email Delivery Preferences", + "privilege": "PutInvoiceEmailDeliveryPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Invoicing Service" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key that is present in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty filters", - "privilege": "GetFilter", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key component of a tag associated to the IoT resource in the request", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys associated to the IoT resource in the request", + "type": "ArrayOfString" + }, + { + "condition": "iot:ClientMode", + "description": "Filters access by the mode of the client for IoT Tunnel", + "type": "String" + }, + { + "condition": "iot:Delete", + "description": "Filters access by a flag indicating whether or not to also delete an IoT Tunnel immediately when making iot:CloseTunnel request", + "type": "Bool" + }, + { + "condition": "iot:DomainName", + "description": "Filters access by based on the domain name of an IoT DomainConfiguration", + "type": "String" + }, + { + "condition": "iot:ThingGroupArn", + "description": "Filters access by a list of IoT Thing Group ARNs that the destination IoT Thing belongs to for an IoT Tunnel", + "type": "ArrayOfARN" + }, + { + "condition": "iot:TunnelDestinationService", + "description": "Filters access by a list of destination services for an IoT Tunnel", + "type": "ArrayOfString" + } + ], + "prefix": "iot", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept a pending certificate transfer", + "privilege": "AcceptCertificateTransfer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "cert*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty findings", - "privilege": "GetFindings", + "access_level": "Write", + "description": "Grants permission to add a thing to the specified billing group", + "privilege": "AddThingToBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "billinggroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thing*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of GuardDuty finding statistics", - "privilege": "GetFindingsStatistics", + "access_level": "Write", + "description": "Grants permission to add a thing to the specified thing group", + "privilege": "AddThingToThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty IPSets", - "privilege": "GetIPSet", + "access_level": "Write", + "description": "Grants permission to associate a group with a continuous job", + "privilege": "AssociateTargetsWithJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset*" + "resource_type": "job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thing*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the count of all GuardDuty invitations sent to a specified account, which does not include the accepted invitation", - "privilege": "GetInvitationsCount", + "access_level": "Permissions management", + "description": "Grants permission to attach a policy to the specified target", + "privilege": "AttachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cert" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the malware scan settings", - "privilege": "GetMalwareScanSettings", + "access_level": "Permissions management", + "description": "Grants permission to attach the specified policy to the specified principal (certificate or other credential)", + "privilege": "AttachPrincipalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cert" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details of the GuardDuty administrator account associated with a member account", - "privilege": "GetMasterAccount", + "access_level": "Write", + "description": "Grants permission to associate a Device Defender security profile with a thing group or with this account", + "privilege": "AttachSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "securityprofile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custommetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dimension" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe which data sources are enabled for member accounts detectors", - "privilege": "GetMemberDetectors", + "access_level": "Write", + "description": "Grants permission to attach the specified principal to the specified thing", + "privilege": "AttachThingPrincipal", "resource_types": [ { "condition_keys": [], @@ -119654,9 +143851,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the member accounts associated with an administrator account", - "privilege": "GetMembers", + "access_level": "Write", + "description": "Grants permission to cancel a mitigation action task that is in progress", + "privilege": "CancelAuditMitigationActionsTask", "resource_types": [ { "condition_keys": [], @@ -119666,9 +143863,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to provide the number of days left for each data source used in the free trial period", - "privilege": "GetRemainingFreeTrialDays", + "access_level": "Write", + "description": "Grants permission to cancel an audit that is in progress. The audit can be either scheduled or on-demand", + "privilege": "CancelAuditTask", "resource_types": [ { "condition_keys": [], @@ -119678,21 +143875,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve GuardDuty ThreatIntelSets", - "privilege": "GetThreatIntelSet", + "access_level": "Write", + "description": "Grants permission to cancel a pending transfer for the specified certificate", + "privilege": "CancelCertificateTransfer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset*" + "resource_type": "cert*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID", - "privilege": "GetUsageStatistics", + "access_level": "Write", + "description": "Grants permission to cancel a Device Defender ML Detect mitigation action", + "privilege": "CancelDetectMitigationActionsTask", "resource_types": [ { "condition_keys": [], @@ -119703,32 +143900,37 @@ }, { "access_level": "Write", - "description": "Grants permission to invite other AWS accounts to enable GuardDuty and become GuardDuty member accounts", - "privilege": "InviteMembers", + "description": "Grants permission to cancel a job", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the resource details for a given account in a Region", - "privilege": "ListCoverage", + "access_level": "Write", + "description": "Grants permission to cancel a job execution on a particular device", + "privilege": "CancelJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thing*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty detectors", - "privilege": "ListDetectors", + "access_level": "Write", + "description": "Grants permission to clear the default authorizer", + "privilege": "ClearDefaultAuthorizer", "resource_types": [ { "condition_keys": [], @@ -119738,45 +143940,52 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty filters", - "privilege": "ListFilters", + "access_level": "Write", + "description": "Grants permission to close a tunnel", + "privilege": "CloseTunnel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "tunnel*" + }, + { + "condition_keys": [ + "iot:Delete" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty findings", - "privilege": "ListFindings", + "access_level": "Write", + "description": "Grants permission to confirm a http url TopicRuleDestinationDestination", + "privilege": "ConfirmTopicRuleDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "destination*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty IPSets", - "privilege": "ListIPSets", + "access_level": "Write", + "description": "Grants permission to connect as the specified client", + "privilege": "Connect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "client*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of all of the GuardDuty membership invitations that were sent to an AWS account", - "privilege": "ListInvitations", + "access_level": "Write", + "description": "Grants permission to create a Device Defender audit suppression", + "privilege": "CreateAuditSuppression", "resource_types": [ { "condition_keys": [], @@ -119786,33 +143995,49 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty member accounts associated with an administrator account", - "privilege": "ListMembers", + "access_level": "Write", + "description": "Grants permission to create an authorizer", + "privilege": "CreateAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "authorizer*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list details about the organization delegated administrator for GuardDuty", - "privilege": "ListOrganizationAdminAccounts", + "access_level": "Write", + "description": "Grants permission to create a billing group", + "privilege": "CreateBillingGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "billinggroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of publishing destinations", - "privilege": "ListPublishingDestinations", + "access_level": "Write", + "description": "Grants permission to create an X.509 certificate using the specified certificate signing request", + "privilege": "CreateCertificateFromCsr", "resource_types": [ { "condition_keys": [], @@ -119822,116 +144047,165 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of tags associated with a GuardDuty resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a certificate provider", + "privilege": "CreateCertificateProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "filter" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ipset" + "resource_type": "certificateprovider*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "threatintelset" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of GuardDuty ThreatIntelSets", - "privilege": "ListThreatIntelSets", + "access_level": "Write", + "description": "Grants permission to create a custom metric for device side metric reporting and monitoring", + "privilege": "CreateCustomMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "custommetric*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send security telemetry for a specific GuardDuty account in a Region", - "privilege": "SendSecurityTelemetry", + "description": "Grants permission to define a dimension that can be used to to limit the scope of a metric used in a security profile", + "privilege": "CreateDimension", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "dimension*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate a new malware scan", - "privilege": "StartMalwareScan", + "description": "Grants permission to create a domain configuration", + "privilege": "CreateDomainConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "domainconfiguration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iot:DomainName" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to a GuardDuty administrator account to monitor findings from GuardDuty member accounts", - "privilege": "StartMonitoringMembers", + "description": "Grants permission to create a Dynamic Thing Group", + "privilege": "CreateDynamicThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "dynamicthinggroup*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable monitoring findings from member accounts", - "privilege": "StopMonitoringMembers", + "description": "Grants permission to create a fleet metric", + "privilege": "CreateFleetMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "fleetmetric*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a GuardDuty resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a job", + "privilege": "CreateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "job*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter" + "resource_type": "thing*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset" + "resource_type": "thinggroup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset" + "resource_type": "jobtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packageversion" }, { "condition_keys": [ @@ -119945,43 +144219,32 @@ }, { "access_level": "Write", - "description": "Grants permission to unarchive GuardDuty findings", - "privilege": "UnarchiveFindings", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a GuardDuty resource", - "privilege": "UntagResource", + "description": "Grants permission to create a job template", + "privilege": "CreateJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector" + "resource_type": "jobtemplate*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter" + "resource_type": "job" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ipset" + "resource_type": "package" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "threatintelset" + "resource_type": "packageversion" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -119991,62 +144254,100 @@ }, { "access_level": "Write", - "description": "Grants permission to update GuardDuty detectors", - "privilege": "UpdateDetector", + "description": "Grants permission to create a 2048 bit RSA key pair and issues an X.509 certificate using the issued public key", + "privilege": "CreateKeysAndCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to updates GuardDuty filters", - "privilege": "UpdateFilter", + "description": "Grants permission to define an action that can be applied to audit findings by using StartAuditMitigationActionsTask", + "privilege": "CreateMitigationAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "mitigationaction*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update findings feedback to mark GuardDuty findings as useful or not useful", - "privilege": "UpdateFindingsFeedback", + "description": "Grants permission to create an OTA update job", + "privilege": "CreateOTAUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "otaupdate*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update GuardDuty IPSets", - "privilege": "UpdateIPSet", + "description": "Grants permission to create a software package that you can deploy to your devices", + "privilege": "CreatePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:DeleteRolePolicy", - "iam:PutRolePolicy" + "iot:GetIndexingConfiguration" ], - "resource_type": "ipset*" + "resource_type": "package*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the malware scan settings", - "privilege": "UpdateMalwareScanSettings", + "description": "Grants permission to create a version under the specified package", + "privilege": "CreatePackageVersion", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iot:GetIndexingConfiguration" + ], + "resource_type": "package*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packageversion*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -120054,139 +144355,98 @@ }, { "access_level": "Write", - "description": "Grants permission to update which data sources are enabled for member accounts detectors", - "privilege": "UpdateMemberDetectors", + "description": "Grants permission to create an AWS IoT policy", + "privilege": "CreatePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "policy*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the delegated administrator configuration associated with a GuardDuty detector", - "privilege": "UpdateOrganizationConfiguration", + "description": "Grants permission to create a new version of the specified AWS IoT policy", + "privilege": "CreatePolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a publishing destination", - "privilege": "UpdatePublishingDestination", + "description": "Grants permission to create a provisioning claim", + "privilege": "CreateProvisioningClaim", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject", - "s3:ListBucket" - ], - "resource_type": "publishingDestination*" + "dependent_actions": [], + "resource_type": "provisioningtemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to updates the GuardDuty ThreatIntelSets", - "privilege": "UpdateThreatIntelSet", + "description": "Grants permission to create a fleet provisioning template", + "privilege": "CreateProvisioningTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:DeleteRolePolicy", - "iam:PutRolePolicy" + "iam:PassRole" ], - "resource_type": "threatintelset*" + "resource_type": "provisioningtemplate*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "detector" - }, - { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/filter/${FilterName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "filter" - }, - { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/ipset/${IPSetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ipset" - }, - { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/threatintelset/${ThreatIntelSetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "threatintelset" - }, - { - "arn": "arn:${Partition}:guardduty:${Region}:${Account}:detector/${DetectorId}/publishingDestination/${PublishingDestinationId}", - "condition_keys": [], - "resource": "publishingDestination" - } - ], - "service_name": "Amazon GuardDuty" - }, - { - "conditions": [ - { - "condition": "health:eventTypeCode", - "description": "Filters access by event type", - "type": "String" }, { - "condition": "health:service", - "description": "Filters access by impacted service", - "type": "String" - } - ], - "prefix": "health", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of accounts that have been affected by the specified events in organization", - "privilege": "DescribeAffectedAccountsForOrganization", + "access_level": "Write", + "description": "Grants permission to create a new version of a fleet provisioning template", + "privilege": "CreateProvisioningTemplateVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "provisioningtemplate*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of entities that have been affected by the specified events", - "privilege": "DescribeAffectedEntities", + "access_level": "Write", + "description": "Grants permission to create a role alias", + "privilege": "CreateRoleAlias", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "event*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "rolealias*" }, { "condition_keys": [ - "health:eventTypeCode", - "health:service" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -120194,57 +144454,49 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of entities that have been affected by the specified events and accounts in organization", - "privilege": "DescribeAffectedEntitiesForOrganization", + "access_level": "Write", + "description": "Grants permission to create a scheduled audit that is run at a specified time interval", + "privilege": "CreateScheduledAudit", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" + "dependent_actions": [], + "resource_type": "scheduledaudit*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the number of entities that are affected by each of the specified events", - "privilege": "DescribeEntityAggregates", + "access_level": "Write", + "description": "Grants permission to create a Device Defender security profile", + "privilege": "CreateSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the number of events of each event type (issue, scheduled change, and account notification)", - "privilege": "DescribeEventAggregates", - "resource_types": [ + "resource_type": "securityprofile*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve detailed information about one or more specified events", - "privilege": "DescribeEventDetails", - "resource_types": [ + "resource_type": "custommetric" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event*" + "resource_type": "dimension" }, { "condition_keys": [ - "health:eventTypeCode", - "health:service" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -120252,137 +144504,92 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve detailed information about one or more specified events for provided accounts in organization", - "privilege": "DescribeEventDetailsForOrganization", + "access_level": "Write", + "description": "Grants permission to create a new AWS IoT stream", + "privilege": "CreateStream", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" + "dependent_actions": [], + "resource_type": "stream*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the event types that meet the specified filter criteria", - "privilege": "DescribeEventTypes", + "access_level": "Write", + "description": "Grants permission to create a thing in the thing registry", + "privilege": "CreateThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about events that meet the specified filter criteria", - "privilege": "DescribeEvents", - "resource_types": [ + "resource_type": "thing*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "billinggroup" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about events that meet the specified filter criteria in organization", - "privilege": "DescribeEventsForOrganization", + "access_level": "Write", + "description": "Grants permission to create a thing group", + "privilege": "CreateThingGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the status of enabling or disabling the Organizational View feature", - "privilege": "DescribeHealthServiceStatusForOrganization", - "resource_types": [ + "dependent_actions": [], + "resource_type": "thinggroup*" + }, { - "condition_keys": [], - "dependent_actions": [ - "organizations:ListAccounts" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disable the Organizational View feature", - "privilege": "DisableHealthServiceAccessForOrganization", + "access_level": "Write", + "description": "Grants permission to create a new thing type", + "privilege": "CreateThingType", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DisableAWSServiceAccess", - "organizations:ListAccounts" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to enable the Organizational View feature", - "privilege": "EnableHealthServiceAccessForOrganization", - "resource_types": [ + "dependent_actions": [], + "resource_type": "thingtype*" + }, { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "organizations:EnableAWSServiceAccess", - "organizations:ListAccounts" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:health:*::event/${Service}/${EventTypeCode}/*", - "condition_keys": [], - "resource": "event" - } - ], - "service_name": "AWS Health APIs and Notifications" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "healthlake", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a datastore that can ingest and export FHIR data", - "privilege": "CreateFHIRDatastore", + "description": "Grants permission to create a rule", + "privilege": "CreateTopicRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -120395,328 +144602,306 @@ }, { "access_level": "Write", - "description": "Grants permission to create resource", - "privilege": "CreateResource", + "description": "Grants permission to create a TopicRuleDestination", + "privilege": "CreateTopicRuleDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a datastore", - "privilege": "DeleteFHIRDatastore", + "description": "Grants permission to delete the audit configuration associated with the account", + "privilege": "DeleteAccountAuditConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete resource", - "privilege": "DeleteResource", + "description": "Grants permission to delete a Device Defender audit suppression", + "privilege": "DeleteAuditSuppression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the properties associated with the FHIR datastore, including the datastore ID, datastore ARN, datastore name, datastore status, created at, datastore type version, and datastore endpoint", - "privilege": "DescribeFHIRDatastore", + "access_level": "Write", + "description": "Grants permission to delete the specified authorizer", + "privilege": "DeleteAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "authorizer*" } ] }, { - "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR export job, including the ID, ARN, name, and the status of the datastore", - "privilege": "DescribeFHIRExportJob", + "access_level": "Write", + "description": "Grants permission to delete the specified billing group", + "privilege": "DeleteBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "billinggroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to display the properties of a FHIR import job, including the ID, ARN, name, and the status of the datastore", - "privilege": "DescribeFHIRImportJob", + "access_level": "Write", + "description": "Grants permission to delete a registered CA certificate", + "privilege": "DeleteCACertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "cacert*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the capabilities of a FHIR datastore", - "privilege": "GetCapabilities", + "access_level": "Write", + "description": "Grants permission to delete the specified certificate", + "privilege": "DeleteCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "cert*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all FHIR datastores that are in the user\u2019s account, regardless of datastore status", - "privilege": "ListFHIRDatastores", + "access_level": "Write", + "description": "Grants permission to delete a certificate provider", + "privilege": "DeleteCertificateProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "certificateprovider*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of export jobs for the specified datastore", - "privilege": "ListFHIRExportJobs", + "access_level": "Write", + "description": "Grants permission to deletes the specified custom metric from your AWS account", + "privilege": "DeleteCustomMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "custommetric*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of import jobs for the specified datastore", - "privilege": "ListFHIRImportJobs", + "access_level": "Write", + "description": "Grants permission to remove the specified dimension from your AWS account", + "privilege": "DeleteDimension", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "dimension*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of tags for the specified datastore", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a domain configuration", + "privilege": "DeleteDomainConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore" + "resource_type": "domainconfiguration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to read resource", - "privilege": "ReadResource", + "access_level": "Write", + "description": "Grants permission to delete the specified Dynamic Thing Group", + "privilege": "DeleteDynamicThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "dynamicthinggroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search resources with GET method", - "privilege": "SearchWithGet", + "access_level": "Write", + "description": "Grants permission to delete the specified fleet metric", + "privilege": "DeleteFleetMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "fleetmetric*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search resources with POST method", - "privilege": "SearchWithPost", + "access_level": "Write", + "description": "Grants permission to delete a job and its related job executions", + "privilege": "DeleteJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to begin a FHIR Export job", - "privilege": "StartFHIRExportJob", + "description": "Grants permission to delete a job execution", + "privilege": "DeleteJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "job*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thing*" } ] }, { "access_level": "Write", - "description": "Grants permission to begin a FHIR Import job", - "privilege": "StartFHIRImportJob", + "description": "Grants permission to delete a job template", + "privilege": "DeleteJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "jobtemplate*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a datastore", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a defined mitigation action from your AWS account", + "privilege": "DeleteMitigationAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "mitigationaction*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags associated with a datastore", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete an OTA update job", + "privilege": "DeleteOTAUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "otaupdate*" } ] }, { "access_level": "Write", - "description": "Grants permission to update resource", - "privilege": "UpdateResource", + "description": "Grants permission to delete a package", + "privilege": "DeletePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "package*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:healthlake:${Region}:${AccountId}:datastore/fhir/${DatastoreId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "datastore" - } - ], - "service_name": "Amazon HealthLake" - }, - { - "conditions": [], - "prefix": "honeycode", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to approve a team association request for your AWS Account", - "privilege": "ApproveTeamAssociation", + "description": "Grants permission to delete a version of the specified package", + "privilege": "DeletePackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packageversion*" } ] }, { "access_level": "Write", - "description": "Grants permission to create new rows in a table", - "privilege": "BatchCreateTableRows", + "description": "Grants permission to delete the specified policy", + "privilege": "DeletePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete rows from a table", - "privilege": "BatchDeleteTableRows", + "description": "Grants permission to Delete the specified version of the specified policy", + "privilege": "DeletePolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to update rows in a table", - "privilege": "BatchUpdateTableRows", + "description": "Grants permission to delete a fleet provisioning template", + "privilege": "DeleteProvisioningTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "provisioningtemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to upsert rows in a table", - "privilege": "BatchUpsertTableRows", + "description": "Grants permission to delete a fleet provisioning template version", + "privilege": "DeleteProvisioningTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "provisioningtemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon Honeycode team for your AWS Account", - "privilege": "CreateTeam", + "description": "Grants permission to delete a CA certificate registration code", + "privilege": "DeleteRegistrationCode", "resource_types": [ { "condition_keys": [], @@ -120727,164 +144912,162 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new tenant within Amazon Honeycode for your AWS Account", - "privilege": "CreateTenant", + "description": "Grants permission to delete the specified role alias", + "privilege": "DeleteRoleAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "rolealias*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete Amazon Honeycode domains for your AWS Account", - "privilege": "DeleteDomains", + "description": "Grants permission to delete a scheduled audit", + "privilege": "DeleteScheduledAudit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "scheduledaudit*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove groups from an Amazon Honeycode team for your AWS Account", - "privilege": "DeregisterGroups", + "description": "Grants permission to delete a Device Defender security profile", + "privilege": "DeleteSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get details about a table data import job", - "privilege": "DescribeTableDataImportJob", - "resource_types": [ + "resource_type": "securityprofile*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "custommetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dimension" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about Amazon Honeycode teams for your AWS Account", - "privilege": "DescribeTeam", + "access_level": "Write", + "description": "Grants permission to delete a specified stream", + "privilege": "DeleteStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to load the data from a screen", - "privilege": "GetScreenData", + "access_level": "Write", + "description": "Grants permission to delete the specified thing", + "privilege": "DeleteThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "screen*" + "resource_type": "thing*" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke a screen automation", - "privilege": "InvokeScreenAutomation", + "description": "Grants permission to delete the specified thing group", + "privilege": "DeleteThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "screen-automation*" + "resource_type": "thinggroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Amazon Honeycode domains and their verification status for your AWS Account", - "privilege": "ListDomains", + "access_level": "Write", + "description": "Grants permission to delete the specified thing shadow", + "privilege": "DeleteThingShadow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all groups in an Amazon Honeycode team for your AWS Account", - "privilege": "ListGroups", + "access_level": "Write", + "description": "Grants permission to delete the specified thing type", + "privilege": "DeleteThingType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thingtype*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the columns in a table", - "privilege": "ListTableColumns", + "access_level": "Write", + "description": "Grants permission to delete the specified rule", + "privilege": "DeleteTopicRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "rule*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the rows in a table", - "privilege": "ListTableRows", + "access_level": "Write", + "description": "Grants permission to delete a TopicRuleDestination", + "privilege": "DeleteTopicRuleDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "destination*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tables in a workbook", - "privilege": "ListTables", + "access_level": "Write", + "description": "Grants permission to delete the specified v2 logging level", + "privilege": "DeleteV2LoggingLevel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workbook*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to list all tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to deprecate the specified thing type", + "privilege": "DeprecateThingType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thingtype*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all pending and approved team associations with your AWS Account", - "privilege": "ListTeamAssociations", + "access_level": "Read", + "description": "Grants permission to get information about audit configurations for the account", + "privilege": "DescribeAccountAuditConfiguration", "resource_types": [ { "condition_keys": [], @@ -120894,9 +145077,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all tenants of Amazon Honeycode for your AWS Account", - "privilege": "ListTenants", + "access_level": "Read", + "description": "Grants permission to get information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started", + "privilege": "DescribeAuditFinding", "resource_types": [ { "condition_keys": [], @@ -120907,20 +145090,20 @@ }, { "access_level": "Read", - "description": "Grants permission to query the rows of a table using a filter", - "privilege": "QueryTableRows", + "description": "Grants permission to get information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings", + "privilege": "DescribeAuditMitigationActionsTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to request verification of the Amazon Honeycode domains for your AWS Account", - "privilege": "RegisterDomainForVerification", + "access_level": "Read", + "description": "Grants permission to get information about a Device Defender audit suppression", + "privilege": "DescribeAuditSuppression", "resource_types": [ { "condition_keys": [], @@ -120930,9 +145113,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add groups to an Amazon Honeycode team for your AWS Account", - "privilege": "RegisterGroups", + "access_level": "Read", + "description": "Grants permission to get information about a Device Defender audit", + "privilege": "DescribeAuditTask", "resource_types": [ { "condition_keys": [], @@ -120942,937 +145125,788 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reject a team association request for your AWS Account", - "privilege": "RejectTeamAssociation", + "access_level": "Read", + "description": "Grants permission to describe an authorizer", + "privilege": "DescribeAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "authorizer*" } ] }, { - "access_level": "Write", - "description": "Grants permission to restart verification of the Amazon Honeycode domains for your AWS Account", - "privilege": "RestartDomainVerification", + "access_level": "Read", + "description": "Grants permission to get information about the specified billing group", + "privilege": "DescribeBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "billinggroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a table data import job", - "privilege": "StartTableDataImportJob", + "access_level": "Read", + "description": "Grants permission to describe a registered CA certificate", + "privilege": "DescribeCACertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "table*" + "resource_type": "cacert*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get information about the specified certificate", + "privilege": "DescribeCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cert*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to describe a certificate provider", + "privilege": "DescribeCertificateProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "certificateprovider*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an Amazon Honeycode team for your AWS Account", - "privilege": "UpdateTeam", + "access_level": "Read", + "description": "Grants permission to describe a custom metric that is defined in your AWS account", + "privilege": "DescribeCustomMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "custommetric*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:workbook:workbook/${WorkbookId}", - "condition_keys": [], - "resource": "workbook" - }, - { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:table:workbook/${WorkbookId}/table/${TableId}", - "condition_keys": [], - "resource": "table" - }, - { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}", - "condition_keys": [], - "resource": "screen" - }, - { - "arn": "arn:${Partition}:honeycode:${Region}:${Account}:screen-automation:workbook/${WorkbookId}/app/${AppId}/screen/${ScreenId}/automation/${AutomationId}", - "condition_keys": [], - "resource": "screen-automation" - } - ], - "service_name": "Amazon Honeycode" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "iam:AWSServiceName", - "description": "Filters access by the AWS service to which this role is attached", - "type": "String" - }, - { - "condition": "iam:AssociatedResourceArn", - "description": "Filters access by the resource that the role will be used on behalf of", - "type": "ARN" - }, - { - "condition": "iam:FIDO-FIPS-140-2-certification", - "description": "Filters access by the MFA device FIPS-140-2 validation certification level at the time of registration of a FIDO security key", - "type": "String" - }, - { - "condition": "iam:FIDO-FIPS-140-3-certification", - "description": "Filters access by the MFA device FIPS-140-3 validation certification level at the time of registration of a FIDO security key", - "type": "String" - }, - { - "condition": "iam:FIDO-certification", - "description": "Filters access by the MFA device FIDO certification level at the time of registration of a FIDO security key", - "type": "String" - }, - { - "condition": "iam:OrganizationsPolicyId", - "description": "Filters access by the ID of an AWS Organizations policy", - "type": "String" }, { - "condition": "iam:PassedToService", - "description": "Filters access by the AWS service to which this role is passed", - "type": "String" - }, - { - "condition": "iam:PermissionsBoundary", - "description": "Filters access if the specified policy is set as the permissions boundary on the IAM entity (user or role)", - "type": "String" - }, - { - "condition": "iam:PolicyARN", - "description": "Filters access by the ARN of an IAM policy", - "type": "ARN" - }, - { - "condition": "iam:RegisterSecurityKey", - "description": "Filters access by the current state of MFA device enablement", - "type": "String" - }, - { - "condition": "iam:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to an IAM entity (user or role)", - "type": "String" - } - ], - "prefix": "iam", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add a new client ID (audience) to the list of registered IDs for the specified IAM OpenID Connect (OIDC) provider resource", - "privilege": "AddClientIDToOpenIDConnectProvider", + "access_level": "Read", + "description": "Grants permission to describe the default authorizer", + "privilege": "DescribeDefaultAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add an IAM role to the specified instance profile", - "privilege": "AddRoleToInstanceProfile", + "access_level": "Read", + "description": "Grants permission to describe a Device Defender ML Detect mitigation action", + "privilege": "DescribeDetectMitigationActionsTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "instance-profile*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add an IAM user to the specified IAM group", - "privilege": "AddUserToGroup", + "access_level": "Read", + "description": "Grants permission to get details about a dimension that is defined in your AWS account", + "privilege": "DescribeDimension", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "dimension*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a managed policy to the specified IAM group", - "privilege": "AttachGroupPolicy", + "access_level": "Read", + "description": "Grants permission to get information about the domain configuration", + "privilege": "DescribeDomainConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, + "resource_type": "domainconfiguration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a unique endpoint specific to the AWS account making the call", + "privilege": "DescribeEndpoint", + "resource_types": [ { - "condition_keys": [ - "iam:PolicyARN" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a managed policy to the specified IAM role", - "privilege": "AttachRolePolicy", + "access_level": "Read", + "description": "Grants permission to get account event configurations", + "privilege": "DescribeEventConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a managed policy to the specified IAM user", - "privilege": "AttachUserPolicy", + "access_level": "Read", + "description": "Grants permission to get information about the specified fleet metric", + "privilege": "DescribeFleetMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "fleetmetric*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the specified index", + "privilege": "DescribeIndex", + "resource_types": [ { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to an IAM user to change their own password", - "privilege": "ChangePassword", + "access_level": "Read", + "description": "Grants permission to describe a job", + "privilege": "DescribeJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create access key and secret access key for the specified IAM user", - "privilege": "CreateAccessKey", + "access_level": "Read", + "description": "Grants permission to describe a job execution", + "privilege": "DescribeJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thing" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an alias for your AWS account", - "privilege": "CreateAccountAlias", + "access_level": "Read", + "description": "Grants permission to describe a job template", + "privilege": "DescribeJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "jobtemplate*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new group", - "privilege": "CreateGroup", + "access_level": "Read", + "description": "Grants permission to describe a managed job template", + "privilege": "DescribeManagedJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "jobtemplate*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new instance profile", - "privilege": "CreateInstanceProfile", + "access_level": "Read", + "description": "Grants permission to get information about a mitigation action", + "privilege": "DescribeMitigationAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" - }, + "resource_type": "mitigationaction*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a fleet provisioning template", + "privilege": "DescribeProvisioningTemplate", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "provisioningtemplate*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a password for the specified IAM user", - "privilege": "CreateLoginProfile", + "access_level": "Read", + "description": "Grants permission to get information about a fleet provisioning template version", + "privilege": "DescribeProvisioningTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "provisioningtemplate*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports OpenID Connect (OIDC)", - "privilege": "CreateOpenIDConnectProvider", + "access_level": "Read", + "description": "Grants permission to describe a role alias", + "privilege": "DescribeRoleAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" - }, + "resource_type": "rolealias*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a scheduled audit", + "privilege": "DescribeScheduledAudit", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "scheduledaudit*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a new managed policy", - "privilege": "CreatePolicy", + "access_level": "Read", + "description": "Grants permission to get information about a Device Defender security profile", + "privilege": "DescribeSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, + "resource_type": "securityprofile*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the specified stream", + "privilege": "DescribeStream", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create a new version of the specified managed policy", - "privilege": "CreatePolicyVersion", + "access_level": "Read", + "description": "Grants permission to get information about the specified thing", + "privilege": "DescribeThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "thing*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new role", - "privilege": "CreateRole", + "access_level": "Read", + "description": "Grants permission to get information about the specified thing group", + "privilege": "DescribeThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, + "resource_type": "thinggroup*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about the bulk thing registration task", + "privilege": "DescribeThingRegistrationTask", + "resource_types": [ { - "condition_keys": [ - "iam:PermissionsBoundary", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an IAM resource that describes an identity provider (IdP) that supports SAML 2.0", - "privilege": "CreateSAMLProvider", + "access_level": "Read", + "description": "Grants permission to get information about the specified thing type", + "privilege": "DescribeThingType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" - }, + "resource_type": "thingtype*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a tunnel", + "privilege": "DescribeTunnel", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "tunnel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an IAM role that allows an AWS service to perform actions on your behalf", - "privilege": "CreateServiceLinkedRole", + "access_level": "Permissions management", + "description": "Grants permission to detach a policy from the specified target", + "privilege": "DetachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "cert" }, { - "condition_keys": [ - "iam:AWSServiceName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thinggroup" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new service-specific credential for an IAM user", - "privilege": "CreateServiceSpecificCredential", + "access_level": "Permissions management", + "description": "Grants permission to remove the specified policy from the specified certificate", + "privilege": "DetachPrincipalPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "cert" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new IAM user", - "privilege": "CreateUser", + "description": "Grants permission to disassociate a Device Defender security profile from a thing group or from this account", + "privilege": "DetachSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "securityprofile*" }, { - "condition_keys": [ - "iam:PermissionsBoundary", - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new virtual MFA device", - "privilege": "CreateVirtualMFADevice", - "resource_types": [ + "resource_type": "custommetric" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" + "resource_type": "dimension" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thinggroup" } ] }, { "access_level": "Write", - "description": "Grants permission to deactivate the specified MFA device and remove its association with the IAM user for which it was originally enabled", - "privilege": "DeactivateMFADevice", + "description": "Grants permission to detach the specified principal from the specified thing", + "privilege": "DetachThingPrincipal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the access key pair that is associated with the specified IAM user", - "privilege": "DeleteAccessKey", + "description": "Grants permission to disable the specified rule", + "privilege": "DisableTopicRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "rule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified AWS account alias", - "privilege": "DeleteAccountAlias", + "description": "Grants permission to enable the specified rule", + "privilege": "EnableTopicRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "rule*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the password policy for the AWS account", - "privilege": "DeleteAccountPasswordPolicy", + "access_level": "List", + "description": "Grants permission to fetch a Device Defender's ML Detect Security Profile training model's status", + "privilege": "GetBehaviorModelTrainingSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "securityprofile" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing CloudFront public key", - "privilege": "DeleteCloudFrontPublicKey", + "access_level": "Read", + "description": "Grants permission to get buckets aggregation for IoT fleet index", + "privilege": "GetBucketsAggregation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified IAM group", - "privilege": "DeleteGroup", + "access_level": "Read", + "description": "Grants permission to get cardinality for IoT fleet index", + "privilege": "GetCardinality", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "index*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified inline policy from its group", - "privilege": "DeleteGroupPolicy", + "access_level": "Read", + "description": "Grants permission to get effective policies", + "privilege": "GetEffectivePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "cert" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified instance profile", - "privilege": "DeleteInstanceProfile", + "access_level": "Read", + "description": "Grants permission to get current fleet indexing configuration", + "privilege": "GetIndexingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the password for the specified IAM user", - "privilege": "DeleteLoginProfile", + "access_level": "Read", + "description": "Grants permission to get a job document", + "privilege": "GetJobDocument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "job*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an OpenID Connect identity provider (IdP) resource object in IAM", - "privilege": "DeleteOpenIDConnectProvider", + "access_level": "Read", + "description": "Grants permission to get the logging options", + "privilege": "GetLoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified managed policy and remove it from any IAM entities (users, groups, or roles) to which it is attached", - "privilege": "DeletePolicy", + "access_level": "Read", + "description": "Grants permission to get the information about the OTA update job", + "privilege": "GetOTAUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "otaupdate*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a version from the specified managed policy", - "privilege": "DeletePolicyVersion", + "access_level": "Read", + "description": "Grants permission to get the information about the package", + "privilege": "GetPackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified role", - "privilege": "DeleteRole", + "access_level": "Read", + "description": "Grants permission to get the package configuration of the account", + "privilege": "GetPackageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the permissions boundary from a role", - "privilege": "DeleteRolePermissionsBoundary", + "access_level": "Read", + "description": "Grants permission to get the version of the package", + "privilege": "GetPackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "package*" }, { - "condition_keys": [ - "iam:PermissionsBoundary" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "packageversion*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified inline policy from the specified role", - "privilege": "DeleteRolePolicy", + "access_level": "Read", + "description": "Grants permission to get percentiles for IoT fleet index", + "privilege": "GetPercentiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a SAML provider resource in IAM", - "privilege": "DeleteSAMLProvider", + "access_level": "Read", + "description": "Grants permission to get information about the specified policy with the policy document of the default version", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified SSH public key", - "privilege": "DeleteSSHPublicKey", + "access_level": "Read", + "description": "Grants permission to get information about the specified policy version", + "privilege": "GetPolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified server certificate", - "privilege": "DeleteServerCertificate", + "access_level": "Read", + "description": "Grants permission to get a registration code used to register a CA certificate with AWS IoT", + "privilege": "GetRegistrationCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an IAM role that is linked to a specific AWS service, if the service is no longer using it", - "privilege": "DeleteServiceLinkedRole", + "access_level": "Read", + "description": "Grants permission to get the retained message on the specified topic", + "privilege": "GetRetainedMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "topic*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified service-specific credential for an IAM user", - "privilege": "DeleteServiceSpecificCredential", + "access_level": "Read", + "description": "Grants permission to get statistics for IoT fleet index", + "privilege": "GetStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a signing certificate that is associated with the specified IAM user", - "privilege": "DeleteSigningCertificate", + "access_level": "Read", + "description": "Grants permission to get the thing shadow", + "privilege": "GetThingShadow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified IAM user", - "privilege": "DeleteUser", + "access_level": "Read", + "description": "Grants permission to get information about the specified rule", + "privilege": "GetTopicRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "rule*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the permissions boundary from the specified IAM user", - "privilege": "DeleteUserPermissionsBoundary", + "access_level": "Read", + "description": "Grants permission to get a TopicRuleDestination", + "privilege": "GetTopicRuleDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "destination*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the specified inline policy from an IAM user", - "privilege": "DeleteUserPolicy", + "access_level": "Read", + "description": "Grants permission to get v2 logging options", + "privilege": "GetV2LoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a virtual MFA device", - "privilege": "DeleteVirtualMFADevice", + "access_level": "List", + "description": "Grants permission to list the active violations for a given Device Defender security profile or Thing", + "privilege": "ListActiveViolations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa" + "resource_type": "securityprofile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sms-mfa" + "resource_type": "thing" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a managed policy from the specified IAM group", - "privilege": "DetachGroupPolicy", + "access_level": "List", + "description": "Grants permission to list the policies attached to the specified thing group", + "privilege": "ListAttachedPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [ - "iam:PolicyARN" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a managed policy from the specified role", - "privilege": "DetachRolePolicy", + "access_level": "List", + "description": "Grants permission to list the findings (results) of a Device Defender audit or of the audits performed during a specified time period", + "privilege": "ListAuditFindings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a managed policy from the specified IAM user", - "privilege": "DetachUserPolicy", + "access_level": "List", + "description": "Grants permission to get the status of audit mitigation action tasks that were executed", + "privilege": "ListAuditMitigationActionsExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PolicyARN", - "iam:PermissionsBoundary" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable an MFA device and associate it with the specified IAM user", - "privilege": "EnableMFADevice", + "access_level": "List", + "description": "Grants permission to get a list of audit mitigation action tasks that match the specified filters", + "privilege": "ListAuditMitigationActionsTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:RegisterSecurityKey", - "iam:FIDO-FIPS-140-2-certification", - "iam:FIDO-FIPS-140-3-certification", - "iam:FIDO-certification" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate a credential report for the AWS account", - "privilege": "GenerateCredentialReport", + "access_level": "List", + "description": "Grants permission to list your Device Defender audit suppressions", + "privilege": "ListAuditSuppressions", "resource_types": [ { "condition_keys": [], @@ -121882,74 +145916,69 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to generate an access report for an AWS Organizations entity", - "privilege": "GenerateOrganizationsAccessReport", + "access_level": "List", + "description": "Grants permission to list the Device Defender audits that have been performed during a given time period", + "privilege": "ListAuditTasks", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "organizations:DescribePolicy", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "organizations:ListRoots", - "organizations:ListTargetsForPolicy" - ], - "resource_type": "access-report*" - }, - { - "condition_keys": [ - "iam:OrganizationsPolicyId" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate a service last accessed data report for an IAM resource", - "privilege": "GenerateServiceLastAccessedDetails", + "access_level": "List", + "description": "Grants permission to list the authorizers registered in your account", + "privilege": "ListAuthorizers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all billing groups", + "privilege": "ListBillingGroups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the CA certificates registered for your AWS account", + "privilege": "ListCACertificates", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about when the specified access key was last used", - "privilege": "GetAccessKeyLastUsed", + "access_level": "List", + "description": "Grants permission to list certificate providers in the account", + "privilege": "ListCertificateProviders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another", - "privilege": "GetAccountAuthorizationDetails", + "access_level": "List", + "description": "Grants permission to list your certificates", + "privilege": "ListCertificates", "resource_types": [ { "condition_keys": [], @@ -121959,9 +145988,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the email address that is associated with the account", - "privilege": "GetAccountEmailAddress", + "access_level": "List", + "description": "Grants permission to list the device certificates signed by the specified CA certificate", + "privilege": "ListCertificatesByCA", "resource_types": [ { "condition_keys": [], @@ -121971,9 +146000,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the account name that is associated with the account", - "privilege": "GetAccountName", + "access_level": "List", + "description": "Grants permission to list the custom metrics in your AWS account", + "privilege": "ListCustomMetrics", "resource_types": [ { "condition_keys": [], @@ -121983,21 +146012,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the password policy for the AWS account", - "privilege": "GetAccountPasswordPolicy", + "access_level": "List", + "description": "Grants permission to lists mitigation actions executions for a Device Defender ML Detect Security Profile", + "privilege": "ListDetectMitigationActionsExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve information about IAM entity usage and IAM quotas in the AWS account", - "privilege": "GetAccountSummary", + "description": "Grants permission to list Device Defender ML Detect mitigation actions tasks", + "privilege": "ListDetectMitigationActionsTasks", "resource_types": [ { "condition_keys": [], @@ -122007,9 +146036,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified CloudFront public key", - "privilege": "GetCloudFrontPublicKey", + "access_level": "List", + "description": "Grants permission to list the dimensions that are defined for your AWS account", + "privilege": "ListDimensions", "resource_types": [ { "condition_keys": [], @@ -122019,9 +146048,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of all of the context keys that are referenced in the specified policy", - "privilege": "GetContextKeysForCustomPolicy", + "access_level": "List", + "description": "Grants permission to list the domain configuration created by your AWS account", + "privilege": "ListDomainConfigurations", "resource_types": [ { "condition_keys": [], @@ -122031,115 +146060,129 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of all context keys that are referenced in all IAM policies that are attached to the specified IAM identity (user, group, or role)", - "privilege": "GetContextKeysForPrincipalPolicy", + "access_level": "List", + "description": "Grants permission to list the fleet metrics in your account", + "privilege": "ListFleetMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all indices for fleet index", + "privilege": "ListIndices", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the job executions for a job", + "privilege": "ListJobExecutionsForJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "job*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a credential report for the AWS account", - "privilege": "GetCredentialReport", + "access_level": "List", + "description": "Grants permission to list the job executions for the specified thing", + "privilege": "ListJobExecutionsForThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of IAM users in the specified IAM group", - "privilege": "GetGroup", + "access_level": "List", + "description": "Grants permission to list job templates", + "privilege": "ListJobTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM group", - "privilege": "GetGroupPolicy", + "access_level": "List", + "description": "Grants permission to list jobs", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified instance profile, including the instance profile's path, GUID, ARN, and role", - "privilege": "GetInstanceProfile", + "access_level": "List", + "description": "Grants permission to list managed job templates", + "privilege": "ListManagedJobTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve the user name and password creation date for the specified IAM user", - "privilege": "GetLoginProfile", + "description": "Grants permissions to list the metric values for a thing based on the metricName, and dimension if specified", + "privilege": "ListMetricValues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an MFA device for the specified user", - "privilege": "GetMFADevice", + "access_level": "List", + "description": "Grants permission to get a list of all mitigation actions that match the specified filter criteria", + "privilege": "ListMitigationActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified OpenID Connect (OIDC) provider resource in IAM", - "privilege": "GetOpenIDConnectProvider", + "access_level": "List", + "description": "Grants permission to list all named shadows for a given thing", + "privilege": "ListNamedShadowsForThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "thing*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an AWS Organizations access report", - "privilege": "GetOrganizationsAccessReport", + "access_level": "List", + "description": "Grants permission to list OTA update jobs in the account", + "privilege": "ListOTAUpdates", "resource_types": [ { "condition_keys": [], @@ -122149,93 +146192,93 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified managed policy, including the policy's default version and the total number of identities to which the policy is attached", - "privilege": "GetPolicy", + "access_level": "List", + "description": "Grants permission to list certificates that are being transfered but not yet accepted", + "privilege": "ListOutgoingCertificates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a version of the specified managed policy, including the policy document", - "privilege": "GetPolicyVersion", + "access_level": "List", + "description": "Grants permission to list versions for a package in the account", + "privilege": "ListPackageVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified role, including the role's path, GUID, ARN, and the role's trust policy", - "privilege": "GetRole", + "access_level": "List", + "description": "Grants permission to list packages in the account", + "privilege": "ListPackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an inline policy document that is embedded with the specified IAM role", - "privilege": "GetRolePolicy", + "access_level": "List", + "description": "Grants permission to list your policies", + "privilege": "ListPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the SAML provider metadocument that was uploaded when the IAM SAML provider resource was created or updated", - "privilege": "GetSAMLProvider", + "access_level": "List", + "description": "Grants permission to list the principals associated with the specified policy", + "privilege": "ListPolicyPrincipals", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the specified SSH public key, including metadata about the key", - "privilege": "GetSSHPublicKey", + "access_level": "List", + "description": "Grants permission to list the versions of the specified policy, and identifies the default version", + "privilege": "ListPolicyVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified server certificate stored in IAM", - "privilege": "GetServerCertificate", + "access_level": "List", + "description": "Grants permission to list the policies attached to the specified principal. If you use an Amazon Cognito identity, the ID needs to be in Amazon Cognito Identity format", + "privilege": "ListPrincipalPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the service last accessed data report", - "privilege": "GetServiceLastAccessedDetails", + "access_level": "List", + "description": "Grants permission to list the things associated with the specified principal", + "privilege": "ListPrincipalThings", "resource_types": [ { "condition_keys": [], @@ -122245,69 +146288,69 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the entities from the service last accessed data report", - "privilege": "GetServiceLastAccessedDetailsWithEntities", + "access_level": "List", + "description": "Grants permission to get a list of fleet provisioning template versions", + "privilege": "ListProvisioningTemplateVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "provisioningtemplate*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an IAM service-linked role deletion status", - "privilege": "GetServiceLinkedRoleDeletionStatus", + "access_level": "List", + "description": "Grants permission to list the fleet provisioning templates in your AWS account", + "privilege": "ListProvisioningTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the specified IAM user, including the user's creation date, path, unique ID, and ARN", - "privilege": "GetUser", + "access_level": "List", + "description": "Grants permission to list related resources for a single audit finding", + "privilege": "ListRelatedResourcesForAuditFinding", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an inline policy document that is embedded in the specified IAM user", - "privilege": "GetUserPolicy", + "access_level": "List", + "description": "Grants permission to list the retained messages for your account", + "privilege": "ListRetainedMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list information about the access key IDs that are associated with the specified IAM user", - "privilege": "ListAccessKeys", + "description": "Grants permission to list role aliases", + "privilege": "ListRoleAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the account alias that is associated with the AWS account", - "privilege": "ListAccountAliases", + "description": "Grants permission to list all of your scheduled audits", + "privilege": "ListScheduledAudits", "resource_types": [ { "condition_keys": [], @@ -122318,56 +146361,166 @@ }, { "access_level": "List", - "description": "Grants permission to list all managed policies that are attached to the specified IAM group", - "privilege": "ListAttachedGroupPolicies", + "description": "Grants permission to list the Device Defender security profiles you have created", + "privilege": "ListSecurityProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "custommetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dimension" } ] }, { "access_level": "List", - "description": "Grants permission to list all managed policies that are attached to the specified IAM role", - "privilege": "ListAttachedRolePolicies", + "description": "Grants permission to list the Device Defender security profiles attached to a target", + "privilege": "ListSecurityProfilesForTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "thinggroup" } ] }, { "access_level": "List", - "description": "Grants permission to list all managed policies that are attached to the specified IAM user", - "privilege": "ListAttachedUserPolicies", + "description": "Grants permission to list the streams in your account", + "privilege": "ListStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all current CloudFront public keys for the account", - "privilege": "ListCloudFrontPublicKeys", + "access_level": "Read", + "description": "Grants permission to list all tags for a given resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "authorizer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "billinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cacert" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificateprovider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custommetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dimension" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domainconfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dynamicthinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleetmetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mitigationaction" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "otaupdate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioningtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rolealias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduledaudit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securityprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thingtype" } ] }, { "access_level": "List", - "description": "Grants permission to list all IAM identities to which the specified managed policy is attached", - "privilege": "ListEntitiesForPolicy", + "description": "Grants permission to list targets for the specified policy", + "privilege": "ListTargetsForPolicy", "resource_types": [ { "condition_keys": [], @@ -122378,20 +146531,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM group", - "privilege": "ListGroupPolicies", + "description": "Grants permission to list the targets associated with a given Device Defender security profile", + "privilege": "ListTargetsForSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "securityprofile*" } ] }, { "access_level": "List", - "description": "Grants permission to list the IAM groups that have the specified path prefix", - "privilege": "ListGroups", + "description": "Grants permission to list all thing groups", + "privilege": "ListThingGroups", "resource_types": [ { "condition_keys": [], @@ -122402,32 +146555,32 @@ }, { "access_level": "List", - "description": "Grants permission to list the IAM groups that the specified IAM user belongs to", - "privilege": "ListGroupsForUser", + "description": "Grants permission to list thing groups to which the specified thing belongs", + "privilege": "ListThingGroupsForThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" } ] }, { "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified instance profile", - "privilege": "ListInstanceProfileTags", + "description": "Grants permission to list the principals associated with the specified thing", + "privilege": "ListThingPrincipals", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the instance profiles that have the specified path prefix", - "privilege": "ListInstanceProfiles", + "description": "Grants permission to list information about bulk thing registration tasks", + "privilege": "ListThingRegistrationTaskReports", "resource_types": [ { "condition_keys": [], @@ -122438,68 +146591,68 @@ }, { "access_level": "List", - "description": "Grants permission to list the instance profiles that have the specified associated IAM role", - "privilege": "ListInstanceProfilesForRole", + "description": "Grants permission to list bulk thing registration tasks", + "privilege": "ListThingRegistrationTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified virtual mfa device", - "privilege": "ListMFADeviceTags", + "description": "Grants permission to list all thing types", + "privilege": "ListThingTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the MFA devices for an IAM user", - "privilege": "ListMFADevices", + "description": "Grants permission to list all things", + "privilege": "ListThings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified OpenID Connect provider", - "privilege": "ListOpenIDConnectProviderTags", + "description": "Grants permission to list all things in the specified billing group", + "privilege": "ListThingsInBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "billinggroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list information about the IAM OpenID Connect (OIDC) provider resource objects that are defined in the AWS account", - "privilege": "ListOpenIDConnectProviders", + "description": "Grants permission to list all things in the specified thing group", + "privilege": "ListThingsInThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thinggroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list all managed policies", - "privilege": "ListPolicies", + "description": "Grants permission to list all TopicRuleDestinations", + "privilege": "ListTopicRuleDestinations", "resource_types": [ { "condition_keys": [], @@ -122510,102 +146663,90 @@ }, { "access_level": "List", - "description": "Grants permission to list information about the policies that grant an entity access to a specific service", - "privilege": "ListPoliciesGrantingServiceAccess", + "description": "Grants permission to list the rules for the specific topic", + "privilege": "ListTopicRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified managed policy", - "privilege": "ListPolicyTags", + "description": "Grants permission to list tunnels", + "privilege": "ListTunnels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list information about the versions of the specified managed policy, including the version that is currently set as the policy's default version", - "privilege": "ListPolicyVersions", + "description": "Grants permission to list the v2 logging levels", + "privilege": "ListV2LoggingLevels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM role", - "privilege": "ListRolePolicies", + "description": "Grants permission to list the Device Defender security profile violations discovered during the given time period", + "privilege": "ListViolationEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified IAM role", - "privilege": "ListRoleTags", - "resource_types": [ + "resource_type": "securityprofile" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "thing" } ] }, { - "access_level": "List", - "description": "Grants permission to list the IAM roles that have the specified path prefix", - "privilege": "ListRoles", + "access_level": "Write", + "description": "Grants permission to open a tunnel", + "privilege": "OpenTunnel", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iot:ThingGroupArn", + "iot:TunnelDestinationService" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified SAML provider", - "privilege": "ListSAMLProviderTags", + "access_level": "Write", + "description": "Grants permission to publish to the specified topic", + "privilege": "Publish", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "topic*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the SAML provider resources in IAM", - "privilege": "ListSAMLProviders", + "access_level": "Write", + "description": "Grants permission to put verification state on a violation", + "privilege": "PutVerificationStateOnViolation", "resource_types": [ { "condition_keys": [], @@ -122615,45 +146756,50 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list information about the SSH public keys that are associated with the specified IAM user", - "privilege": "ListSSHPublicKeys", + "access_level": "Write", + "description": "Grants permission to receive from the specified topic", + "privilege": "Receive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "topic*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the status of all active STS regional endpoints", - "privilege": "ListSTSRegionalEndpointsStatus", + "access_level": "Write", + "description": "Grants permission to register a CA certificate with AWS IoT", + "privilege": "RegisterCACertificate", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified server certificate", - "privilege": "ListServerCertificateTags", + "access_level": "Write", + "description": "Grants permission to register a device certificate with AWS IoT", + "privilege": "RegisterCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the server certificates that have the specified path prefix", - "privilege": "ListServerCertificates", + "access_level": "Write", + "description": "Grants permission to register a device certificate with AWS IoT without a registered CA (certificate authority)", + "privilege": "RegisterCertificateWithoutCA", "resource_types": [ { "condition_keys": [], @@ -122663,122 +146809,102 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the service-specific credentials that are associated with the specified IAM user", - "privilege": "ListServiceSpecificCredentials", + "access_level": "Write", + "description": "Grants permission to register your thing", + "privilege": "RegisterThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list information about the signing certificates that are associated with the specified IAM user", - "privilege": "ListSigningCertificates", + "access_level": "Write", + "description": "Grants permission to reject a pending certificate transfer", + "privilege": "RejectCertificateTransfer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "cert*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of the inline policies that are embedded in the specified IAM user", - "privilege": "ListUserPolicies", + "access_level": "Write", + "description": "Grants permission to remove thing from the specified billing group", + "privilege": "RemoveThingFromBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the tags that are attached to the specified IAM user", - "privilege": "ListUserTags", - "resource_types": [ + "resource_type": "billinggroup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the IAM users that have the specified path prefix", - "privilege": "ListUsers", + "access_level": "Write", + "description": "Grants permission to remove thing from the specified thing group", + "privilege": "RemoveThingFromThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list virtual MFA devices by assignment status", - "privilege": "ListVirtualMFADevices", - "resource_types": [ + "resource_type": "thing*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thinggroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to pass a role to a service", - "privilege": "PassRole", + "description": "Grants permission to replace the specified rule", + "privilege": "ReplaceTopicRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:AssociatedResourceArn", - "iam:PassedToService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "rule*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM group", - "privilege": "PutGroupPolicy", + "access_level": "Write", + "description": "Grants permission to publish a retained message to the specified topic", + "privilege": "RetainPublish", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "topic*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set a managed policy as a permissions boundary for a role", - "privilege": "PutRolePermissionsBoundary", + "access_level": "Write", + "description": "Grants permission to rotate the access token of a tunnel", + "privilege": "RotateTunnelAccessToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "tunnel*" }, { "condition_keys": [ - "iam:PermissionsBoundary" + "iot:ThingGroupArn", + "iot:TunnelDestinationService", + "iot:ClientMode" ], "dependent_actions": [], "resource_type": "" @@ -122786,138 +146912,117 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM role", - "privilege": "PutRolePolicy", + "access_level": "Read", + "description": "Grants permission to search IoT fleet index", + "privilege": "SearchIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to set a managed policy as a permissions boundary for an IAM user", - "privilege": "PutUserPermissionsBoundary", + "description": "Grants permission to set the default authorizer. This will be used if a websocket connection is made without specifying an authorizer", + "privilege": "SetDefaultAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "authorizer*" } ] }, { "access_level": "Permissions management", - "description": "Grants permission to create or update an inline policy document that is embedded in the specified IAM user", - "privilege": "PutUserPolicy", + "description": "Grants permission to set the specified version of the specified policy as the policy's default (operative) version", + "privilege": "SetDefaultPolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "iam:PermissionsBoundary" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the client ID (audience) from the list of client IDs in the specified IAM OpenID Connect (OIDC) provider resource", - "privilege": "RemoveClientIDFromOpenIDConnectProvider", + "description": "Grants permission to set the logging options", + "privilege": "SetLoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an IAM role from the specified EC2 instance profile", - "privilege": "RemoveRoleFromInstanceProfile", + "description": "Grants permission to set the v2 logging level", + "privilege": "SetV2LoggingLevel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove an IAM user from the specified group", - "privilege": "RemoveUserFromGroup", + "description": "Grants permission to set the v2 logging options", + "privilege": "SetV2LoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reset the password for an existing service-specific credential for an IAM user", - "privilege": "ResetServiceSpecificCredential", + "description": "Grants permission to start a task that applies a set of mitigation actions to the specified target", + "privilege": "StartAuditMitigationActionsTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to synchronize the specified MFA device with its IAM entity (user or role)", - "privilege": "ResyncMFADevice", + "description": "Grants permission to start a Device Defender ML Detect mitigation actions task", + "privilege": "StartDetectMitigationActionsTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "securityprofile" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the version of the specified policy as the policy's default version", - "privilege": "SetDefaultPolicyVersion", + "access_level": "Write", + "description": "Grants permission to start an on-demand Device Defender audit", + "privilege": "StartOnDemandAuditTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to activate or deactivate an STS regional endpoint", - "privilege": "SetSTSRegionalEndpointStatus", + "description": "Grants permission to start a bulk thing registration task", + "privilege": "StartThingRegistrationTask", "resource_types": [ { "condition_keys": [], @@ -122928,8 +147033,8 @@ }, { "access_level": "Write", - "description": "Grants permission to set the STS global endpoint token version", - "privilege": "SetSecurityTokenServicePreferences", + "description": "Grants permission to stop a bulk thing registration task", + "privilege": "StopThingRegistrationTask", "resource_types": [ { "condition_keys": [], @@ -122939,153 +147044,146 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to simulate whether an identity-based policy or resource-based policy provides permissions for specific API operations and resources", - "privilege": "SimulateCustomPolicy", + "access_level": "Write", + "description": "Grants permission to subscribe to the specified TopicFilter", + "privilege": "Subscribe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "topicfilter*" } ] }, { - "access_level": "Read", - "description": "Grants permission to simulate whether an identity-based policy that is attached to a specified IAM entity (user or role) provides permissions for specific API operations and resources", - "privilege": "SimulatePrincipalPolicy", + "access_level": "Tagging", + "description": "Grants permission to tag a specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "group" + "resource_type": "authorizer" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "role" + "resource_type": "billinggroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "user" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an instance profile", - "privilege": "TagInstanceProfile", - "resource_types": [ + "resource_type": "cacert" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "certificateprovider" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a virtual mfa device", - "privilege": "TagMFADevice", - "resource_types": [ + "resource_type": "custommetric" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" + "resource_type": "dimension" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an OpenID Connect provider", - "privilege": "TagOpenIDConnectProvider", - "resource_types": [ + "resource_type": "domainconfiguration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" + "resource_type": "dynamicthinggroup" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a managed policy", - "privilege": "TagPolicy", - "resource_types": [ + "resource_type": "fleetmetric" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "job" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to an IAM role", - "privilege": "TagRole", - "resource_types": [ + "resource_type": "jobtemplate" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "mitigationaction" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to add tags to a SAML Provider", - "privilege": "TagSAMLProvider", - "resource_types": [ + "resource_type": "otaupdate" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "package" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packageversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioningtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rolealias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduledaudit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securityprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thingtype" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -123093,54 +147191,165 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a server certificate", - "privilege": "TagServerCertificate", + "access_level": "Read", + "description": "Grants permission to test the policies evaluation for group policies", + "privilege": "TestAuthorization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cert" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to an IAM user", - "privilege": "TagUser", + "access_level": "Read", + "description": "Grants permission to test invoke the specified custom authorizer for testing purposes", + "privilege": "TestInvokeAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "authorizer*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to transfer the specified certificate to the specified AWS account", + "privilege": "TransferCertificate", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cert*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the instance profile", - "privilege": "UntagInstanceProfile", + "description": "Grants permission to untag a specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "instance-profile*" + "resource_type": "authorizer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "billinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cacert" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "certificateprovider" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custommetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dimension" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domainconfiguration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dynamicthinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleetmetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "job" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "jobtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mitigationaction" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "otaupdate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "package" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packageversion" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "provisioningtemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rolealias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rule" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scheduledaudit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "securityprofile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stream" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thingtype" }, { "condition_keys": [ @@ -123152,133 +147361,146 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the virtual mfa device", - "privilege": "UntagMFADevice", + "access_level": "Write", + "description": "Grants permission to configure or reconfigure the Device Defender audit settings for this account", + "privilege": "UpdateAccountAuditConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mfa*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the OpenID Connect provider", - "privilege": "UntagOpenIDConnectProvider", + "access_level": "Write", + "description": "Grants permission to update a Device Defender audit suppression", + "privilege": "UpdateAuditSuppression", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "oidc-provider*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the managed policy", - "privilege": "UntagPolicy", + "access_level": "Write", + "description": "Grants permission to update an authorizer", + "privilege": "UpdateAuthorizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "authorizer*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the role", - "privilege": "UntagRole", + "access_level": "Write", + "description": "Grants permission to update information associated with the specified billing group", + "privilege": "UpdateBillingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" - }, + "resource_type": "billinggroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a registered CA certificate", + "privilege": "UpdateCACertificate", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" ], + "resource_type": "cacert*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the status of the specified certificate. This operation is idempotent", + "privilege": "UpdateCertificate", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cert*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the SAML Provider", - "privilege": "UntagSAMLProvider", + "access_level": "Write", + "description": "Grants permission to update a certificate provider", + "privilege": "UpdateCertificateProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" - }, + "resource_type": "certificateprovider*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the specified custom metric", + "privilege": "UpdateCustomMetric", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "custommetric*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the server certificate", - "privilege": "UntagServerCertificate", + "access_level": "Write", + "description": "Grants permission to update the definition for a dimension", + "privilege": "UpdateDimension", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" - }, + "resource_type": "dimension*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a domain configuration", + "privilege": "UpdateDomainConfiguration", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domainconfiguration*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the user", - "privilege": "UntagUser", + "access_level": "Write", + "description": "Grants permission to update a Dynamic Thing Group", + "privilege": "UpdateDynamicThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, + "resource_type": "dynamicthinggroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update event configurations", + "privilege": "UpdateEventConfigurations", + "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -123286,20 +147508,25 @@ }, { "access_level": "Write", - "description": "Grants permission to update the status of the specified access key as Active or Inactive", - "privilege": "UpdateAccessKey", + "description": "Grants permission to update a fleet metric", + "privilege": "UpdateFleetMetric", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "fleetmetric*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the email address that is associated with the account", - "privilege": "UpdateAccountEmailAddress", + "description": "Grants permission to update fleet indexing configuration", + "privilege": "UpdateIndexingConfiguration", "resource_types": [ { "condition_keys": [], @@ -123310,188 +147537,218 @@ }, { "access_level": "Write", - "description": "Grants permission to update the account name that is associated with the account", - "privilege": "UpdateAccountName", + "description": "Grants permission to update a job", + "privilege": "UpdateJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "job*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the password policy settings for the AWS account", - "privilege": "UpdateAccountPasswordPolicy", + "description": "Grants permission to update the definition for the specified mitigation action", + "privilege": "UpdateMitigationAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "mitigationaction*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update the policy that grants an IAM entity permission to assume a role", - "privilege": "UpdateAssumeRolePolicy", + "access_level": "Write", + "description": "Grants permission to update a package", + "privilege": "UpdatePackage", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "role*" + "dependent_actions": [ + "iot:GetIndexingConfiguration" + ], + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing CloudFront public key", - "privilege": "UpdateCloudFrontPublicKey", + "description": "Grants permission to update the package configuration of the account", + "privilege": "UpdatePackageConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name or path of the specified IAM group", - "privilege": "UpdateGroup", + "description": "Grants permission to update the version of the specified package", + "privilege": "UpdatePackageVersion", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:GetIndexingConfiguration" + ], + "resource_type": "package*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "group*" + "resource_type": "packageversion*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the password for the specified IAM user", - "privilege": "UpdateLoginProfile", + "description": "Grants permission to update a fleet provisioning template", + "privilege": "UpdateProvisioningTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "provisioningtemplate*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the entire list of server certificate thumbprints that are associated with an OpenID Connect (OIDC) provider resource", - "privilege": "UpdateOpenIDConnectProviderThumbprint", + "description": "Grants permission to update the role alias", + "privilege": "UpdateRoleAlias", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "oidc-provider*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "rolealias*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the description or maximum session duration setting of a role", - "privilege": "UpdateRole", + "description": "Grants permission to update a scheduled audit, including what checks are performed and how often the audit takes place", + "privilege": "UpdateScheduledAudit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "scheduledaudit*" } ] }, { "access_level": "Write", - "description": "Grants permission to update only the description of a role", - "privilege": "UpdateRoleDescription", + "description": "Grants permission to update a Device Defender security profile", + "privilege": "UpdateSecurityProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "role*" + "resource_type": "securityprofile*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "custommetric" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dimension" } ] }, { "access_level": "Write", - "description": "Grants permission to update the metadata document for an existing SAML provider resource", - "privilege": "UpdateSAMLProvider", + "description": "Grants permission to update the data for a stream", + "privilege": "UpdateStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "saml-provider*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status of an IAM user's SSH public key to active or inactive", - "privilege": "UpdateSSHPublicKey", + "description": "Grants permission to update information associated with the specified thing", + "privilege": "UpdateThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name or the path of the specified server certificate stored in IAM", - "privilege": "UpdateServerCertificate", + "description": "Grants permission to update information associated with the specified thing group", + "privilege": "UpdateThingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "server-certificate*" + "resource_type": "thinggroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status of a service-specific credential to active or inactive for an IAM user", - "privilege": "UpdateServiceSpecificCredential", + "description": "Grants permission to update the thing groups to which the thing belongs", + "privilege": "UpdateThingGroupsForThing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thinggroup" } ] }, { "access_level": "Write", - "description": "Grants permission to update the status of the specified user signing certificate to active or disabled", - "privilege": "UpdateSigningCertificate", + "description": "Grants permission to update the thing shadow", + "privilege": "UpdateThingShadow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "thing*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the name or the path of the specified IAM user", - "privilege": "UpdateUser", + "description": "Grants permission to update a TopicRuleDestination", + "privilege": "UpdateTopicRuleDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "destination*" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload a CloudFront public key", - "privilege": "UploadCloudFrontPublicKey", + "access_level": "Read", + "description": "Grants permission to validate a Device Defender security profile behaviors specification", + "privilege": "ValidateSecurityProfileBehaviors", "resource_types": [ { "condition_keys": [], @@ -123499,902 +147756,740 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:client/${ClientId}", + "condition_keys": [], + "resource": "client" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:index/${IndexName}", + "condition_keys": [], + "resource": "index" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:fleetmetric/${FleetMetricName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "fleetmetric" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:job/${JobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "job" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:jobtemplate/${JobTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "jobtemplate" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:tunnel/${TunnelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "tunnel" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "condition_keys": [], + "resource": "thing" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "thinggroup" }, { - "access_level": "Write", - "description": "Grants permission to upload an SSH public key and associate it with the specified IAM user", - "privilege": "UploadSSHPublicKey", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - } - ] + "arn": "arn:${Partition}:iot:${Region}:${Account}:billinggroup/${BillingGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "billinggroup" }, { - "access_level": "Write", - "description": "Grants permission to upload a server certificate entity for the AWS account", - "privilege": "UploadServerCertificate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "server-certificate*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dynamicthinggroup" }, { - "access_level": "Write", - "description": "Grants permission to upload an X.509 signing certificate and associate it with the specified IAM user", - "privilege": "UploadSigningCertificate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - } - ] - } - ], - "resources": [ + "arn": "arn:${Partition}:iot:${Region}:${Account}:thingtype/${ThingTypeName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "thingtype" + }, { - "arn": "arn:${Partition}:iam::${Account}:access-report/${EntityPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:topic/${TopicName}", "condition_keys": [], - "resource": "access-report" + "resource": "topic" }, { - "arn": "arn:${Partition}:iam::${Account}:assumed-role/${RoleName}/${RoleSessionName}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:topicfilter/${TopicFilter}", "condition_keys": [], - "resource": "assumed-role" + "resource": "topicfilter" }, { - "arn": "arn:${Partition}:iam::${Account}:federated-user/${UserName}", - "condition_keys": [], - "resource": "federated-user" + "arn": "arn:${Partition}:iot:${Region}:${Account}:rolealias/${RoleAlias}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rolealias" }, { - "arn": "arn:${Partition}:iam::${Account}:group/${GroupNameWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:authorizer/${AuthorizerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "authorizer" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:policy/${PolicyName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "policy" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:cert/${Certificate}", "condition_keys": [], - "resource": "group" + "resource": "cert" }, { - "arn": "arn:${Partition}:iam::${Account}:instance-profile/${InstanceProfileNameWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:cacert/${CACertificate}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "instance-profile" + "resource": "cacert" }, { - "arn": "arn:${Partition}:iam::${Account}:mfa/${MfaTokenIdWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:stream/${StreamId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "mfa" + "resource": "stream" }, { - "arn": "arn:${Partition}:iam::${Account}:oidc-provider/${OidcProviderName}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:otaupdate/${OtaUpdateId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "oidc-provider" + "resource": "otaupdate" }, { - "arn": "arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:scheduledaudit/${ScheduleName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "policy" + "resource": "scheduledaudit" }, { - "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:mitigationaction/${MitigationActionName}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "iam:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "role" + "resource": "mitigationaction" }, { - "arn": "arn:${Partition}:iam::${Account}:saml-provider/${SamlProviderName}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:securityprofile/${SecurityProfileName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "saml-provider" + "resource": "securityprofile" }, { - "arn": "arn:${Partition}:iam::${Account}:server-certificate/${CertificateNameWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:custommetric/${MetricName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "server-certificate" + "resource": "custommetric" }, { - "arn": "arn:${Partition}:iam::${Account}:sms-mfa/${MfaTokenIdWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:dimension/${DimensionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dimension" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:rule/${RuleName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rule" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:destination/${DestinationType}/${Uuid}", "condition_keys": [], - "resource": "sms-mfa" + "resource": "destination" }, { - "arn": "arn:${Partition}:iam::${Account}:user/${UserNameWithPath}", + "arn": "arn:${Partition}:iot:${Region}:${Account}:provisioningtemplate/${ProvisioningTemplate}", "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "iam:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], - "resource": "user" + "resource": "provisioningtemplate" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "domainconfiguration" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:package/${PackageName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "package" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:package/${PackageName}/version/${VersionName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "packageversion" + }, + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:certificateprovider/${CertificateProviderName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "certificateprovider" } ], - "service_name": "AWS Identity and Access Management (IAM)" + "service_name": "AWS IoT" }, { "conditions": [], - "prefix": "identity-sync", + "prefix": "iot-device-tester", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to create a sync filter on the sync profile", - "privilege": "CreateSyncFilter", + "access_level": "Read", + "description": "Grants permission to IoT Device Tester to check if a given set of product, test suite and device tester version are compatible", + "privilege": "CheckVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a sync profile for the identity source", - "privilege": "CreateSyncProfile", + "access_level": "Read", + "description": "Grants permission to IoT Device Tester to download compatible test suite versions", + "privilege": "DownloadTestSuite", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:AuthorizeApplication" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a sync target for the identity source", - "privilege": "CreateSyncTarget", + "access_level": "Read", + "description": "Grants permission to IoT Device Tester to get information on latest version of device tester available", + "privilege": "LatestIdt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a sync filter from the sync profile", - "privilege": "DeleteSyncFilter", + "description": "Grants permission to IoT Device Tester to send usage metrics on your behalf", + "privilege": "SendMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a sync profile from the source", - "privilege": "DeleteSyncProfile", + "access_level": "Read", + "description": "Grants permission to IoT Device Tester to get list of supported products and test suite versions", + "privilege": "SupportedVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:UnauthorizeApplication" - ], - "resource_type": "SyncProfileResource*" + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS IoT Device Tester" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the tags that are passed in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to delete a sync target from the source", - "privilege": "DeleteSyncTarget", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SyncProfileResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SyncTargetResource*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tags associated with the resource", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to retrieve a sync profile by using a sync profile name", - "privilege": "GetSyncProfile", + "condition": "aws:TagKeys", + "description": "Filters actions based on the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "iot1click", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a device to a placement", + "privilege": "AssociateDeviceWithPlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a sync target from the sync profile", - "privilege": "GetSyncTarget", + "description": "Grants permission to claim a batch of devices with a claim code", + "privilege": "ClaimDevicesByClaimCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SyncTargetResource*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the sync filters from the sync profile", - "privilege": "ListSyncFilters", + "access_level": "Write", + "description": "Grants permission to create a new placement in a project", + "privilege": "CreatePlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a sync process or to resume a sync process that was previously paused", - "privilege": "StartSync", + "description": "Grants permission to create a new project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "project*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop any planned sync process in the sync schedule from starting", - "privilege": "StopSync", + "description": "Grants permission to delete a placement from a project", + "privilege": "DeletePlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a sync target on the sync profile", - "privilege": "UpdateSyncTarget", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SyncProfileResource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SyncTargetResource*" + "resource_type": "project*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:identity-sync:${Region}:${Account}:profile/${SyncProfileName}", - "condition_keys": [], - "resource": "SyncProfileResource" }, { - "arn": "arn:${Partition}:identity-sync:${Region}:${Account}:target/${SyncProfileName}/${SyncTargetName}", - "condition_keys": [], - "resource": "SyncTargetResource" - } - ], - "service_name": "AWS Identity Sync" - }, - { - "conditions": [], - "prefix": "identitystore", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a group in the specified IdentityStore", - "privilege": "CreateGroup", + "access_level": "Read", + "description": "Grants permission to describe a device", + "privilege": "DescribeDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "device*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a member to a group in the specified IdentityStore", - "privilege": "CreateGroupMembership", + "access_level": "Read", + "description": "Grants permission to describe a placement", + "privilege": "DescribePlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a user in the specified IdentityStore", - "privilege": "CreateUser", + "access_level": "Read", + "description": "Grants permission to describe a project", + "privilege": "DescribeProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a group in the specified IdentityStore", - "privilege": "DeleteGroup", + "description": "Grants permission to disassociate a device from a placement", + "privilege": "DisassociateDeviceFromPlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a member that is part of a group in the specified IdentityStore", - "privilege": "DeleteGroupMembership", + "access_level": "Read", + "description": "Grants permission to finalize a device claim", + "privilege": "FinalizeDeviceClaim", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GroupMembership*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "device*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "User*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a user in the specified IdentityStore", - "privilege": "DeleteUser", + "access_level": "Read", + "description": "Grants permission to get available methods of a device", + "privilege": "GetDeviceMethods", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "device*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a group in the specified IdentityStore", - "privilege": "DescribeGroup", + "description": "Grants permission to get devices associated to a placement", + "privilege": "GetDevicesInPlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "project*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a member that is part of a group in the specified IdentityStore", - "privilege": "DescribeGroupMembership", + "description": "Grants permission to initialize a device claim", + "privilege": "InitiateDeviceClaim", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GroupMembership*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about user in the specified IdentityStore", - "privilege": "DescribeUser", + "access_level": "Write", + "description": "Grants permission to invoke a device method", + "privilege": "InvokeDeviceMethod", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "device*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve ID information about group in the specified IdentityStore", - "privilege": "GetGroupId", + "description": "Grants permission to list past events published by a device", + "privilege": "ListDeviceEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve ID information of a member which is part of a group in the specified IdentityStore", - "privilege": "GetGroupMembershipId", + "access_level": "List", + "description": "Grants permission to list all devices", + "privilege": "ListDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "GroupMembership*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieves ID information about user in the specified IdentityStore", - "privilege": "GetUserId", + "description": "Grants permission to list placements in a project", + "privilege": "ListPlacements", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check if a member is a part of groups in the specified IdentityStore", - "privilege": "IsMemberInGroups", + "access_level": "List", + "description": "Grants permission to list all projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllGroupMemberships*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Group*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all members that are part of a group in the specified IdentityStore", - "privilege": "ListGroupMemberships", + "access_level": "Read", + "description": "Grants permission to lists the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllGroupMemberships*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Group*" + "resource_type": "device" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "project" } ] }, { - "access_level": "List", - "description": "Grants permission to list groups of the target member in the specified IdentityStore", - "privilege": "ListGroupMembershipsForMember", + "access_level": "Tagging", + "description": "Grants permission to add or modify the tags of a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllGroupMemberships*" + "resource_type": "device" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "project" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "User*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to search for groups within the specified IdentityStore", - "privilege": "ListGroups", + "access_level": "Read", + "description": "Grants permission to unclaim a device", + "privilege": "UnclaimDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllGroups*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "device*" } ] }, { - "access_level": "List", - "description": "Grants permission to search for users in the specified IdentityStore", - "privilege": "ListUsers", + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllUsers*" + "resource_type": "device" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information about a group in the specified IdentityStore", - "privilege": "UpdateGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Group*" + "resource_type": "project" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Identitystore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update user information in the specified IdentityStore", - "privilege": "UpdateUser", + "description": "Grants permission to update device state", + "privilege": "UpdateDeviceState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Identitystore*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "User*" + "resource_type": "device*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:identitystore::${Account}:identitystore/${IdentityStoreId}", - "condition_keys": [], - "resource": "Identitystore" - }, - { - "arn": "arn:${Partition}:identitystore:::user/${UserId}", - "condition_keys": [], - "resource": "User" - }, - { - "arn": "arn:${Partition}:identitystore:::group/${GroupId}", - "condition_keys": [], - "resource": "Group" - }, - { - "arn": "arn:${Partition}:identitystore:::membership/${MembershipId}", - "condition_keys": [], - "resource": "GroupMembership" - }, - { - "arn": "arn:${Partition}:identitystore:::user/*", - "condition_keys": [], - "resource": "AllUsers" - }, - { - "arn": "arn:${Partition}:identitystore:::group/*", - "condition_keys": [], - "resource": "AllGroups" }, - { - "arn": "arn:${Partition}:identitystore:::membership/*", - "condition_keys": [], - "resource": "AllGroupMemberships" - } - ], - "service_name": "AWS Identity Store" - }, - { - "conditions": [], - "prefix": "identitystore-auth", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a batch of specified sessions", - "privilege": "BatchDeleteSession", + "description": "Grants permission to update a placement", + "privilege": "UpdatePlacement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return session attributes for a batch of specified sessions", - "privilege": "BatchGetSession", + "access_level": "Write", + "description": "Update a project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iot1click:${Region}:${Account}:devices/${DeviceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device" }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of active sessions for the specified user", - "privilege": "ListSessions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:iot1click:${Region}:${Account}:projects/${ProjectName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" } ], - "resources": [], - "service_name": "AWS Identity Store Auth" + "service_name": "AWS IoT 1-Click" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "imagebuilder:CreatedResourceTag/", - "description": "Filters access by the tag key-value pairs attached to the resource created by Image Builder", - "type": "String" - }, - { - "condition": "imagebuilder:CreatedResourceTagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access based on the presence of tag keys in the request", "type": "ArrayOfString" }, { - "condition": "imagebuilder:Ec2MetadataHttpTokens", - "description": "Filters access by the EC2 Instance Metadata HTTP Token Requirement specified in the request", - "type": "String" - }, - { - "condition": "imagebuilder:StatusTopicArn", - "description": "Filters access by the SNS Topic Arn in the request to which terminal state notifications will be published", + "condition": "iotanalytics:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" } ], - "prefix": "imagebuilder", + "prefix": "iotanalytics", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel an image creation", - "privilege": "CancelImageCreation", + "description": "Puts a batch of messages into the specified channel", + "privilege": "BatchPutMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new component", - "privilege": "CreateComponent", + "description": "Cancels reprocessing for the specified pipeline", + "privilege": "CancelPipelineReprocessing", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:TagResource", - "kms:Encrypt", - "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext" - ], - "resource_type": "component*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kmsKey" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Container Recipe", - "privilege": "CreateContainerRecipe", + "description": "Creates a channel", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ecr:DescribeImages", - "ecr:DescribeRepositories", - "iam:CreateServiceLinkedRole", - "imagebuilder:GetComponent", - "imagebuilder:GetImage", - "imagebuilder:TagResource", - "kms:Encrypt", - "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext" - ], - "resource_type": "containerRecipe*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new distribution configuration", - "privilege": "CreateDistributionConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:TagResource" - ], - "resource_type": "distributionConfiguration*" + "resource_type": "channel*" }, { "condition_keys": [ @@ -124408,20 +148503,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new image", - "privilege": "CreateImage", + "description": "Creates a dataset", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:GetContainerRecipe", - "imagebuilder:GetDistributionConfiguration", - "imagebuilder:GetImageRecipe", - "imagebuilder:GetInfrastructureConfiguration", - "imagebuilder:TagResource" - ], - "resource_type": "image*" + "dependent_actions": [], + "resource_type": "dataset*" }, { "condition_keys": [ @@ -124435,44 +148523,25 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new image pipeline", - "privilege": "CreateImagePipeline", + "description": "Generates content from the specified dataset (by executing the dataset actions)", + "privilege": "CreateDatasetContent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:GetContainerRecipe", - "imagebuilder:GetImageRecipe", - "imagebuilder:TagResource" - ], - "resource_type": "imagePipeline*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new Image Recipe", - "privilege": "CreateImageRecipe", + "description": "Creates a datastore", + "privilege": "CreateDatastore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeImages", - "iam:CreateServiceLinkedRole", - "imagebuilder:GetComponent", - "imagebuilder:GetImage", - "imagebuilder:TagResource" - ], - "resource_type": "imageRecipe*" + "dependent_actions": [], + "resource_type": "datastore*" }, { "condition_keys": [ @@ -124486,27 +148555,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new infrastructure configuration", - "privilege": "CreateInfrastructureConfiguration", + "description": "Creates a pipeline", + "privilege": "CreatePipeline", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "imagebuilder:TagResource", - "sns:Publish" - ], - "resource_type": "infrastructureConfiguration*" + "dependent_actions": [], + "resource_type": "pipeline*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "imagebuilder:CreatedResourceTagKeys", - "imagebuilder:CreatedResourceTag/", - "imagebuilder:Ec2MetadataHttpTokens", - "imagebuilder:StatusTopicArn" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -124515,335 +148575,164 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a component", - "privilege": "DeleteComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a container recipe", - "privilege": "DeleteContainerRecipe", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerRecipe*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a distribution configuration", - "privilege": "DeleteDistributionConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "distributionConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an image", - "privilege": "DeleteImage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "image*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an image pipeline", - "privilege": "DeleteImagePipeline", + "description": "Deletes the specified channel", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an image recipe", - "privilege": "DeleteImageRecipe", + "description": "Deletes the specified dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe*" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an infrastructure configuration", - "privilege": "DeleteInfrastructureConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "infrastructureConfiguration*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details about a component", - "privilege": "GetComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "kms:Decrypt" - ], - "resource_type": "component*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the resource policy associated with a component", - "privilege": "GetComponentPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details about a container recipe", - "privilege": "GetContainerRecipe", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerRecipe*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view the resource policy associated with a container recipe", - "privilege": "GetContainerRecipePolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerRecipe*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details about a distribution configuration", - "privilege": "GetDistributionConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "distributionConfiguration*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details about an image", - "privilege": "GetImage", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "image*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view details about an image pipeline", - "privilege": "GetImagePipeline", + "description": "Deletes the content of the specified dataset", + "privilege": "DeleteDatasetContent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline*" + "resource_type": "dataset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the resource policy associated with an image", - "privilege": "GetImagePolicy", + "access_level": "Write", + "description": "Deletes the specified datastore", + "privilege": "DeleteDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "datastore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an image recipe", - "privilege": "GetImageRecipe", + "access_level": "Write", + "description": "Deletes the specified pipeline", + "privilege": "DeletePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe*" + "resource_type": "pipeline*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the resource policy associated with an image recipe", - "privilege": "GetImageRecipePolicy", + "description": "Describes the specified channel", + "privilege": "DescribeChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe*" + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about an infrastructure configuration", - "privilege": "GetInfrastructureConfiguration", + "description": "Describes the specified dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "infrastructureConfiguration*" + "resource_type": "dataset*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a workflow execution", - "privilege": "GetWorkflowExecution", + "description": "Describes the specified datastore", + "privilege": "DescribeDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflowExecution*" + "resource_type": "datastore*" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a workflow step execution", - "privilege": "GetWorkflowStepExecution", + "description": "Describes logging options for the the account", + "privilege": "DescribeLoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflowStepExecution*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to import a new component", - "privilege": "ImportComponent", + "access_level": "Read", + "description": "Describes the specified pipeline", + "privilege": "DescribePipeline", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:TagResource", - "kms:Encrypt", - "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext" - ], - "resource_type": "component*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "kmsKey" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to import an image", - "privilege": "ImportVmImage", + "access_level": "Read", + "description": "Gets the content of the specified dataset", + "privilege": "GetDatasetContent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeImportImageTasks", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "image*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "List", - "description": "Grants permission to list the component build versions in your account", - "privilege": "ListComponentBuildVersions", + "description": "Lists the channels for the account", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentVersion*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the component versions owned by or shared with your account", - "privilege": "ListComponents", + "description": "Lists information about dataset contents that have been created", + "privilege": "ListDatasetContents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "List", - "description": "Grants permission to list the container recipes owned by or shared with your account", - "privilege": "ListContainerRecipes", + "description": "Lists the datasets for the account", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], @@ -124854,8 +148743,8 @@ }, { "access_level": "List", - "description": "Grants permission to list the distribution configurations in your account", - "privilege": "ListDistributionConfigurations", + "description": "Lists the datastores for the account", + "privilege": "ListDatastores", "resource_types": [ { "condition_keys": [], @@ -124866,63 +148755,47 @@ }, { "access_level": "List", - "description": "Grants permission to list the image build versions in your account", - "privilege": "ListImageBuildVersions", + "description": "Lists the pipelines for the account", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageVersion*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of packages installed on the specified image", - "privilege": "ListImagePackages", + "access_level": "Read", + "description": "Lists the tags (metadata) which you have assigned to the resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "channel" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a list of images created by the specified pipeline", - "privilege": "ListImagePipelineImages", - "resource_types": [ + "resource_type": "dataset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the image pipelines in your account", - "privilege": "ListImagePipelines", - "resource_types": [ + "resource_type": "datastore" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline" } ] }, { - "access_level": "List", - "description": "Grants permission to list the image recipes owned by or shared with your account", - "privilege": "ListImageRecipes", + "access_level": "Write", + "description": "Puts logging options for the the account", + "privilege": "PutLoggingOptions", "resource_types": [ { "condition_keys": [], @@ -124932,108 +148805,105 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list aggregations on the image scan findings in your account", - "privilege": "ListImageScanFindingAggregations", + "access_level": "Read", + "description": "Runs the specified pipeline activity", + "privilege": "RunPipelineActivity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "imagePipeline" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the image scan findings for the images in your account", - "privilege": "ListImageScanFindings", + "access_level": "Read", + "description": "Samples the specified channel's data", + "privilege": "SampleChannelData", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "inspector2:ListFindings" - ], - "resource_type": "image" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the image versions owned by or shared with your account", - "privilege": "ListImages", + "access_level": "Write", + "description": "Starts reprocessing for the specified pipeline", + "privilege": "StartPipelineReprocessing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "pipeline*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the infrastructure configurations in your account", - "privilege": "ListInfrastructureConfigurations", + "access_level": "Tagging", + "description": "Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for an Image Builder resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerRecipe" + "resource_type": "datastore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "distributionConfiguration" + "resource_type": "pipeline" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Removes the given tags (metadata) from the resource", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe" + "resource_type": "datastore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "infrastructureConfiguration" + "resource_type": "pipeline" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -125041,137 +148911,239 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list workflow executions for the specified image", - "privilege": "ListWorkflowExecutions", + "access_level": "Write", + "description": "Updates the specified channel", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list workflow step executions for the specified workflow", - "privilege": "ListWorkflowStepExecutions", + "access_level": "Write", + "description": "Updates the specified dataset", + "privilege": "UpdateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflowExecution*" + "resource_type": "dataset*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the resource policy associated with a component", - "privilege": "PutComponentPolicy", + "access_level": "Write", + "description": "Updates the specified datastore", + "privilege": "UpdateDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "datastore*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the resource policy associated with a container recipe", - "privilege": "PutContainerRecipePolicy", + "access_level": "Write", + "description": "Updates the specified pipeline", + "privilege": "UpdatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerRecipe*" + "resource_type": "pipeline*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:channel/${ChannelName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "channel" }, { - "access_level": "Permissions management", - "description": "Grants permission to set the resource policy associated with an image", - "privilege": "PutImagePolicy", + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:dataset/${DatasetName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "dataset" + }, + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:datastore/${DatastoreName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "datastore" + }, + { + "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:pipeline/${PipelineName}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotanalytics:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + } + ], + "service_name": "AWS IoT Analytics" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "iotdeviceadvisor", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a suite definition", + "privilege": "CreateSuiteDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the resource policy associated with an image recipe", - "privilege": "PutImageRecipePolicy", + "access_level": "Write", + "description": "Grants permission to delete a suite definition", + "privilege": "DeleteSuiteDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe*" + "resource_type": "Suitedefinition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new image from a pipeline", - "privilege": "StartImagePipelineExecution", + "access_level": "Read", + "description": "Grants permission to get a Device Advisor endpoint", + "privilege": "GetEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "imagebuilder:GetImagePipeline" - ], - "resource_type": "imagePipeline*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an Image Builder resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get a suite definition", + "privilege": "GetSuiteDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, + "resource_type": "Suitedefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a suite run", + "privilege": "GetSuiteRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "containerRecipe" - }, + "resource_type": "Suiterun*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the qualification report for a suite run", + "privilege": "GetSuiteRunReport", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distributionConfiguration" - }, + "resource_type": "Suiterun*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list suite definitions", + "privilege": "ListSuiteDefinitions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "image" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list suite runs", + "privilege": "ListSuiteRuns", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline" - }, + "resource_type": "Suitedefinition*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) assigned to a resource", + "privilege": "ListTagsForResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe" + "resource_type": "Suitedefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "infrastructureConfiguration" - }, + "resource_type": "Suiterun" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a suite run", + "privilege": "StartSuiteRun", + "resource_types": [ { "condition_keys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -125179,48 +149151,35 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag an Image Builder resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to stop a suite run", + "privilege": "StopSuiteRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "containerRecipe" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "distributionConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "image" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "imagePipeline" - }, + "resource_type": "Suiterun*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add to or modify the tags of the given resource. Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "imageRecipe" + "resource_type": "Suitedefinition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "infrastructureConfiguration" + "resource_type": "Suiterun" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -125229,370 +149188,329 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing distribution configuration", - "privilege": "UpdateDistributionConfiguration", + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "distributionConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing image pipeline", - "privilege": "UpdateImagePipeline", - "resource_types": [ + "resource_type": "Suitedefinition" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "imagePipeline*" + "resource_type": "Suiterun" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing infrastructure configuration", - "privilege": "UpdateInfrastructureConfiguration", + "description": "Grants permission to update a suite definition", + "privilege": "UpdateSuiteDefinition", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "sns:Publish" - ], - "resource_type": "infrastructureConfiguration*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "imagebuilder:CreatedResourceTagKeys", - "imagebuilder:CreatedResourceTag/", - "imagebuilder:Ec2MetadataHttpTokens", - "imagebuilder:StatusTopicArn" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "Suitedefinition*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/${ComponentBuildVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "component" - }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentVersion" - }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:distribution-configuration/${DistributionConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "distributionConfiguration" - }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/${ImageBuildVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "image" - }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "imageVersion" - }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image-recipe/${ImageRecipeName}/${ImageRecipeVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "imageRecipe" - }, - { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:container-recipe/${ContainerRecipeName}/${ContainerRecipeVersion}", + "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suitedefinition/${SuiteDefinitionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "containerRecipe" + "resource": "Suitedefinition" }, { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:image-pipeline/${ImagePipelineName}", + "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suiterun/${SuiteDefinitionId}/${SuiteRunId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "imagePipeline" - }, + "resource": "Suiterun" + } + ], + "service_name": "AWS IoT Core Device Advisor" + }, + { + "conditions": [ { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:infrastructure-configuration/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "infrastructureConfiguration" + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" }, { - "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", - "condition_keys": [], - "resource": "kmsKey" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" }, { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-execution/${WorkflowExecutionId}", - "condition_keys": [], - "resource": "workflowExecution" + "condition": "aws:TagKeys", + "description": "Filters actions by the tag keys in the request", + "type": "ArrayOfString" }, { - "arn": "arn:${Partition}:imagebuilder:${Region}:${Account}:workflow-step-execution/${WorkflowStepExecutionId}", - "condition_keys": [], - "resource": "workflowStepExecution" + "condition": "iotevents:keyValue", + "description": "Filters access by the instanceId (key-value) of the message", + "type": "String" } ], - "service_name": "Amazon EC2 Image Builder" - }, - { - "conditions": [], - "prefix": "importexport", + "prefix": "iotevents", "privileges": [ { "access_level": "Write", - "description": "This action cancels a specified job. Only the job owner can cancel it. The action fails if the job has already started or is complete.", - "privilege": "CancelJob", + "description": "Grants permission to send one or more acknowledge action requests to AWS IoT Events", + "privilege": "BatchAcknowledgeAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { "access_level": "Write", - "description": "This action initiates the process of scheduling an upload or download of your data.", - "privilege": "CreateJob", + "description": "Grants permission to delete a detector instance within the AWS IoT Events system", + "privilege": "BatchDeleteDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { - "access_level": "Read", - "description": "This action generates a pre-paid shipping label that you will use to ship your device to AWS for processing.", - "privilege": "GetShippingLabel", + "access_level": "Write", + "description": "Grants permission to disable one or more alarm instances", + "privilege": "BatchDisableAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { - "access_level": "Read", - "description": "This action returns information about a job, including where the job is in the processing pipeline, the status of the results, and the signature value associated with the job.", - "privilege": "GetStatus", + "access_level": "Write", + "description": "Grants permission to enable one or more alarm instances", + "privilege": "BatchEnableAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { - "access_level": "List", - "description": "This action returns the jobs associated with the requester.", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to send a set of messages to the AWS IoT Events system", + "privilege": "BatchPutMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input*" } ] }, { "access_level": "Write", - "description": "You use this action to change the parameters specified in the original manifest file by supplying a new manifest file.", - "privilege": "UpdateJob", + "description": "Grants permission to reset one or more alarm instances", + "privilege": "BatchResetAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] - } - ], - "resources": [], - "service_name": "AWS Import Export Disk Service" - }, - { - "conditions": [], - "prefix": "inspector", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to assign attributes (key and value pairs) to the findings that are specified by the ARNs of the findings", - "privilege": "AddAttributesToFindings", + "description": "Grants permission to change one or more alarm instances to the snooze mode", + "privilege": "BatchSnoozeAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new assessment target using the ARN of the resource group that is generated by CreateResourceGroup", - "privilege": "CreateAssessmentTarget", + "description": "Grants permission to update a detector instance within the AWS IoT Events system", + "privilege": "BatchUpdateDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an assessment template for the assessment target that is specified by the ARN of the assessment target", - "privilege": "CreateAssessmentTemplate", + "description": "Grants permission to create an alarm model to monitor an AWS IoT Events input attribute or an AWS IoT SiteWise asset property", + "privilege": "CreateAlarmModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "alarmModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start the generation of an exclusions preview for the specified assessment template", - "privilege": "CreateExclusionsPreview", + "description": "Grants permission to create a detector model to monitor an AWS IoT Events input attribute", + "privilege": "CreateDetectorModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "detectorModel*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a resource group using the specified set of tags (key and value pairs) that are used to select the EC2 instances to be included in an Amazon Inspector assessment target", - "privilege": "CreateResourceGroup", + "description": "Grants permission to create an Input in IotEvents", + "privilege": "CreateInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "input*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the assessment run that is specified by the ARN of the assessment run", - "privilege": "DeleteAssessmentRun", + "description": "Grants permission to delete an alarm model", + "privilege": "DeleteAlarmModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the assessment target that is specified by the ARN of the assessment target", - "privilege": "DeleteAssessmentTarget", + "description": "Grants permission to delete a detector model", + "privilege": "DeleteDetectorModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the assessment template that is specified by the ARN of the assessment template", - "privilege": "DeleteAssessmentTemplate", + "description": "Grants permission to delete an input", + "privilege": "DeleteInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the assessment runs that are specified by the ARNs of the assessment runs", - "privilege": "DescribeAssessmentRuns", + "description": "Grants permission to retrieve information about an alarm instance", + "privilege": "DescribeAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the assessment targets that are specified by the ARNs of the assessment targets", - "privilege": "DescribeAssessmentTargets", + "description": "Grants permission to retrieve information about an alarm model", + "privilege": "DescribeAlarmModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the assessment templates that are specified by the ARNs of the assessment templates", - "privilege": "DescribeAssessmentTemplates", + "description": "Grants permission to retriev information about a detector instance", + "privilege": "DescribeDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the IAM role that enables Amazon Inspector to access your AWS account", - "privilege": "DescribeCrossAccountAccessRole", + "description": "Grants permission to retrieve information about a detector model", + "privilege": "DescribeDetectorModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the exclusions that are specified by the exclusions' ARNs", - "privilege": "DescribeExclusions", + "description": "Grants permission to retrieve the detector model analysis information", + "privilege": "DescribeDetectorModelAnalysis", "resource_types": [ { "condition_keys": [], @@ -125603,20 +149521,20 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the findings that are specified by the ARNs of the findings", - "privilege": "DescribeFindings", + "description": "Grants permission to retrieve an information about Input", + "privilege": "DescribeInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the resource groups that are specified by the ARNs of the resource groups", - "privilege": "DescribeResourceGroups", + "description": "Grants permission to retrieve the current settings of the AWS IoT Events logging options", + "privilege": "DescribeLoggingOptions", "resource_types": [ { "condition_keys": [], @@ -125627,8 +149545,8 @@ }, { "access_level": "Read", - "description": "Grants permission to describe the rules packages that are specified by the ARNs of the rules packages", - "privilege": "DescribeRulesPackages", + "description": "Grants permission to retrieve the detector model analysis results", + "privilege": "GetDetectorModelAnalysisResults", "resource_types": [ { "condition_keys": [], @@ -125638,21 +149556,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to produce an assessment report that includes detailed and comprehensive results of a specified assessment run", - "privilege": "GetAssessmentReport", + "access_level": "List", + "description": "Grants permission to list all the versions of an alarm model", + "privilege": "ListAlarmModelVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the exclusions preview (a list of ExclusionPreview objects) specified by the preview token", - "privilege": "GetExclusionsPreview", + "access_level": "List", + "description": "Grants permission to list the alarm models that you created", + "privilege": "ListAlarmModels", "resource_types": [ { "condition_keys": [], @@ -125662,33 +149580,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the data that is collected for the specified assessment run", - "privilege": "GetTelemetryMetadata", + "access_level": "List", + "description": "Grants permission to retrieve information about all alarm instances per alarmModel", + "privilege": "ListAlarms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "alarmModel*" } ] }, { "access_level": "List", - "description": "Grants permission to list the agents of the assessment runs that are specified by the ARNs of the assessment runs", - "privilege": "ListAssessmentRunAgents", + "description": "Grants permission to list all the versions of a detector model", + "privilege": "ListDetectorModelVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { "access_level": "List", - "description": "Grants permission to list the assessment runs that correspond to the assessment templates that are specified by the ARNs of the assessment templates", - "privilege": "ListAssessmentRuns", + "description": "Grants permission to list the detector models that you created", + "privilege": "ListDetectorModels", "resource_types": [ { "condition_keys": [], @@ -125699,20 +149617,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the ARNs of the assessment targets within this AWS account", - "privilege": "ListAssessmentTargets", + "description": "Grants permission to retrieve information about all detector instances per detectormodel", + "privilege": "ListDetectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "detectorModel*" } ] }, { "access_level": "List", - "description": "Grants permission to list the assessment templates that correspond to the assessment targets that are specified by the ARNs of the assessment targets", - "privilege": "ListAssessmentTemplates", + "description": "Grants permission to list one or more input routings", + "privilege": "ListInputRoutings", "resource_types": [ { "condition_keys": [], @@ -125723,8 +149641,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all the event subscriptions for the assessment template that is specified by the ARN of the assessment template", - "privilege": "ListEventSubscriptions", + "description": "Grants permission to lists the inputs you have created", + "privilege": "ListInputs", "resource_types": [ { "condition_keys": [], @@ -125734,9 +149652,31 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list exclusions that are generated by the assessment run", - "privilege": "ListExclusions", + "access_level": "Read", + "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to set or update the AWS IoT Events logging options", + "privilege": "PutLoggingOptions", "resource_types": [ { "condition_keys": [], @@ -125746,9 +149686,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list findings that are generated by the assessment runs that are specified by the ARNs of the assessment runs", - "privilege": "ListFindings", + "access_level": "Write", + "description": "Grants permission to start the detector model analysis", + "privilege": "StartDetectorModelAnalysis", "resource_types": [ { "condition_keys": [], @@ -125758,45 +149698,206 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all available Amazon Inspector rules packages", - "privilege": "ListRulesPackages", + "access_level": "Tagging", + "description": "Grants permission to adds to or modifies the tags of the given resource.Tags are metadata which can be used to manage a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove the given tags (metadata) from the resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an alarm model", + "privilege": "UpdateAlarmModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "alarmModel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a detector model", + "privilege": "UpdateDetectorModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "detectorModel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an input", + "privilege": "UpdateInput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update input routing", + "privilege": "UpdateInputRouting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "input*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotevents:${Region}:${Account}:detectorModel/${DetectorModelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "detectorModel" + }, + { + "arn": "arn:${Partition}:iotevents:${Region}:${Account}:alarmModel/${AlarmModelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "alarmModel" + }, + { + "arn": "arn:${Partition}:iotevents:${Region}:${Account}:input/${InputName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "input" + } + ], + "service_name": "AWS IoT Events" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters actions by the tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "iotfleethub", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "sso:CreateManagedApplicationInstance", + "sso:DescribeRegisteredRegions" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags associated with an assessment template", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" + ], + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to preview the agents installed on the EC2 instances that are part of the specified assessment target", - "privilege": "PreviewAgents", + "description": "Grants permission to describe an application", + "privilege": "DescribeApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register the IAM role that Amazon Inspector uses to list your EC2 instances at the start of the assessment run or when you call the PreviewAgents action", - "privilege": "RegisterCrossAccountAccessRole", + "access_level": "List", + "description": "Grants permission to list all applications", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], @@ -125806,60 +149907,51 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove entire attributes (key and value pairs) from the findings that are specified by the ARNs of the findings where an attribute with the specified key exists", - "privilege": "RemoveAttributesFromFindings", + "access_level": "Read", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application" } ] }, { "access_level": "Tagging", - "description": "Grants permission to set tags (key and value pairs) to the assessment template that is specified by the ARN of the assessment template", - "privilege": "SetTagsForResource", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start the assessment run specified by the ARN of the assessment template", - "privilege": "StartAssessmentRun", - "resource_types": [ + "resource_type": "application" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop the assessment run that is specified by the ARN of the assessment run", - "privilege": "StopAssessmentRun", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic", - "privilege": "SubscribeToEvent", - "resource_types": [ + "resource_type": "application" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -125867,31 +149959,27 @@ }, { "access_level": "Write", - "description": "Grants permission to disable the process of sending Amazon Simple Notification Service (SNS) notifications about a specified event to a specified SNS topic", - "privilege": "UnsubscribeFromEvent", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] - }, + } + ], + "resources": [ { - "access_level": "Write", - "description": "Grants permission to update the assessment target that is specified by the ARN of the assessment target", - "privilege": "UpdateAssessmentTarget", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:iotfleethub:${Region}:${Account}:application/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" } ], - "resources": [], - "service_name": "Amazon Inspector" + "service_name": "AWS IoT Fleet Hub for Device Management" }, { "conditions": [ @@ -125909,115 +149997,225 @@ "condition": "aws:TagKeys", "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "iotfleetwise:DestinationArn", + "description": "Filters access by campaign destination ARN, eg. an S3 bucket ARN or a Timestream ARN", + "type": "ARN" + }, + { + "condition": "iotfleetwise:UpdateToDecoderManifestArn", + "description": "Filters access by a list of IoT FleetWise Decoder Manifest ARNs", + "type": "ARN" + }, + { + "condition": "iotfleetwise:UpdateToModelManifestArn", + "description": "Filters access by a list of IoT FleetWise Model Manifest ARNs", + "type": "ARN" } ], - "prefix": "inspector2", + "prefix": "iotfleetwise", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate an account with an Amazon Inspector administrator account", - "privilege": "AssociateMember", + "description": "Grants permission to associate the given vehicle to a fleet", + "privilege": "AssociateVehicleFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about Amazon Inspector accounts for an account", - "privilege": "BatchGetAccountStatus", - "resource_types": [ + "resource_type": "fleet*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve code snippet information about one or more code vulnerability findings", - "privilege": "BatchGetCodeSnippet", + "access_level": "Write", + "description": "Grants permission to create a batch of vehicles", + "privilege": "BatchCreateVehicle", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iot:CreateThing", + "iot:DescribeThing" + ], + "resource_type": "decodermanifest*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve free trial period eligibility about Amazon Inspector accounts for an account", - "privilege": "BatchGetFreeTrialInfo", + "access_level": "Write", + "description": "Grants permission to update a batch of vehicles", + "privilege": "BatchUpdateVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "vehicle*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "decodermanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest" + }, + { + "condition_keys": [ + "iotfleetwise:UpdateToModelManifestArn", + "iotfleetwise:UpdateToDecoderManifestArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to delegated administrator to retrieve ec2 deep inspection status of member accounts", - "privilege": "BatchGetMemberEc2DeepInspectionStatus", + "access_level": "Write", + "description": "Grants permission to create a campaign", + "privilege": "CreateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "campaign*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signalcatalog*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "iotfleetwise:DestinationArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update ec2 deep inspection status by delegated administrator for its associated member accounts", - "privilege": "BatchUpdateMemberEc2DeepInspectionStatus", + "description": "Grants permission to create a decoder manifest for an existing model", + "privilege": "CreateDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "decodermanifest*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel the generation of a findings report", - "privilege": "CancelFindingsReport", + "description": "Grants permission to create a fleet", + "privilege": "CreateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "fleet*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signalcatalog*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel the generation of an SBOM report", - "privilege": "CancelSbomExport", + "description": "Grants permission to create a model manifest definition", + "privilege": "CreateModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "modelmanifest*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signalcatalog*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create and define the settings for a findings filter", - "privilege": "CreateFilter", + "description": "Grants permission to create a signal catalog", + "privilege": "CreateSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Filter*" + "resource_type": "signalcatalog*" }, { "condition_keys": [ @@ -126031,11 +150229,32 @@ }, { "access_level": "Write", - "description": "Grants permission to request the generation of a findings report", - "privilege": "CreateFindingsReport", + "description": "Grants permission to create a vehicle", + "privilege": "CreateVehicle", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iot:CreateThing", + "iot:DescribeThing" + ], + "resource_type": "decodermanifest*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -126043,116 +150262,121 @@ }, { "access_level": "Write", - "description": "Grants permission to request the generation of an SBOM report", - "privilege": "CreateSbomExport", + "description": "Grants permission to delete a campaign", + "privilege": "DeleteCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a findings filter", - "privilege": "DeleteFilter", + "description": "Grants permission to delete the given decoder manifest", + "privilege": "DeleteDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Filter*" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS organization", - "privilege": "DescribeOrganizationConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a fleet", + "privilege": "DeleteFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable an Amazon Inspector account", - "privilege": "Disable", + "description": "Grants permission to delete the given model manifest", + "privilege": "DeleteModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "modelmanifest*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable an account as the delegated Amazon Inspector administrator account for an AWS organization", - "privilege": "DisableDelegatedAdminAccount", + "description": "Grants permission to delete a specific signal catalog", + "privilege": "DeleteSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" } ] }, { "access_level": "Write", - "description": "Grants permission to an Amazon Inspector administrator account to disassociate from an Inspector member account", - "privilege": "DisassociateMember", + "description": "Grants permission to delete a vehicle", + "privilege": "DeleteVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable and specify the configuration settings for a new Amazon Inspector account", - "privilege": "Enable", + "description": "Grants permission to disassociate a vehicle from an existing fleet", + "privilege": "DisassociateVehicleFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable an account as the delegated Amazon Inspector administrator account for an AWS organization", - "privilege": "EnableDelegatedAdminAccount", + "access_level": "Read", + "description": "Grants permission to get summary information for a given campaign", + "privilege": "GetCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS account", - "privilege": "GetConfiguration", + "description": "Grants permission to get summary information for a given decoder manifest definition", + "privilege": "GetDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "decodermanifest*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Inspector administrator account for an account", - "privilege": "GetDelegatedAdminAccount", + "description": "Grants permission to get KMS-based encryption status for the AWS account", + "privilege": "GetEncryptionConfiguration", "resource_types": [ { "condition_keys": [], @@ -126163,20 +150387,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve ec2 deep inspection configuration for standalone accounts, delegated administrator and member account", - "privilege": "GetEc2DeepInspectionConfiguration", + "description": "Grants permission to get summary information for a fleet", + "privilege": "GetFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the KMS key used to encrypt code snippets with", - "privilege": "GetEncryptionKey", + "description": "Grants permission to get the logging options for the AWS account", + "privilege": "GetLoggingOptions", "resource_types": [ { "condition_keys": [], @@ -126187,20 +150411,20 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve status for a requested findings report", - "privilege": "GetFindingsReportStatus", + "description": "Grants permission to get summary information for a given model manifest definition", + "privilege": "GetModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "modelmanifest*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about an account that's associated with an Amazon Inspector administrator account", - "privilege": "GetMember", + "description": "Grants permission to get the account registration status with IoT FleetWise", + "privilege": "GetRegisterAccountStatus", "resource_types": [ { "condition_keys": [], @@ -126211,68 +150435,76 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve a requested SBOM report", - "privilege": "GetSbomExport", + "description": "Grants permission to get summary information for a specific signal catalog", + "privilege": "GetSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve feature configuration permissions associated with an Amazon Inspector account within an organization", - "privilege": "ListAccountPermissions", + "access_level": "Read", + "description": "Grants permission to get summary information for a vehicle", + "privilege": "GetVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the types of statistics Amazon Inspector can generate for resources Inspector monitors", - "privilege": "ListCoverage", + "access_level": "Read", + "description": "Grants permission to get the status of the campaigns running on a specific vehicle", + "privilege": "GetVehicleStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve statistical data and other information about the resources Amazon Inspector monitors", - "privilege": "ListCoverageStatistics", + "access_level": "Write", + "description": "Grants permission to import an existing decoder manifest", + "privilege": "ImportDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the delegated Amazon Inspector administrator account for an AWS organization", - "privilege": "ListDelegatedAdminAccounts", + "access_level": "Write", + "description": "Grants permission to create a signal catalog by importing existing definitions", + "privilege": "ImportSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "signalcatalog*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all findings filters", - "privilege": "ListFilters", + "access_level": "Read", + "description": "Grants permission to list campaigns", + "privilege": "ListCampaigns", "resource_types": [ { "condition_keys": [], @@ -126283,32 +150515,32 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve statistical data and other information about Amazon Inspector findings", - "privilege": "ListFindingAggregations", + "description": "Grants permission to list network interfaces associated to the existing decoder manifest", + "privilege": "ListDecoderManifestNetworkInterfaces", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "decodermanifest*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a subset of information about one or more findings", - "privilege": "ListFindings", + "description": "Grants permission to list decoder manifest signals", + "privilege": "ListDecoderManifestSignals", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the Amazon Inspector member accounts that are associated with an Inspector administrator account", - "privilege": "ListMembers", + "access_level": "Read", + "description": "Grants permission to list all decoder manifests, with an optional filter on model manifest", + "privilege": "ListDecoderManifests", "resource_types": [ { "condition_keys": [], @@ -126319,8 +150551,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve the tags for an Amazon Inspector resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to list all fleets", + "privilege": "ListFleets", "resource_types": [ { "condition_keys": [], @@ -126330,33 +150562,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve aggregated usage data for an account", - "privilege": "ListUsageTotals", + "access_level": "Read", + "description": "Grants permission to list all the fleets that the given vehicle is associated with", + "privilege": "ListFleetsForVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vehicle*" } ] }, { - "access_level": "Write", - "description": "Grants permission to let a customer reset to use an Amazon-owned KMS key to encrypt code snippets with", - "privilege": "ResetEncryptionKey", + "access_level": "List", + "description": "Grants permission to list all nodes for the given model manifest", + "privilege": "ListModelManifestNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "modelmanifest*" } ] }, { "access_level": "Read", - "description": "Grants permission to list Amazon Inspector coverage details for a specific vulnerability", - "privilege": "SearchVulnerabilities", + "description": "Grants permission to list all model manifests, with an optional filter on signal catalog", + "privilege": "ListModelManifests", "resource_types": [ { "condition_keys": [], @@ -126366,51 +150598,70 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update the tags for an Amazon Inspector resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list all nodes for a given signal catalog", + "privilege": "ListSignalCatalogNodes", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signalcatalog*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon Inspector resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to list all signal catalogs", + "privilege": "ListSignalCatalogs", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update information about the Amazon Inspector configuration settings for an AWS account", - "privilege": "UpdateConfiguration", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "decodermanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signalcatalog" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle" } ] }, { - "access_level": "Write", - "description": "Grants permission to update ec2 deep inspection configuration by delegated administrator, member and standalone account", - "privilege": "UpdateEc2DeepInspectionConfiguration", + "access_level": "Read", + "description": "Grants permission to list all vehicles, with an optional filter on model manifest", + "privilege": "ListVehicles", "resource_types": [ { "condition_keys": [], @@ -126420,41 +150671,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to let a customer use a KMS key to encrypt code snippets with", - "privilege": "UpdateEncryptionKey", + "access_level": "Read", + "description": "Grants permission to list vehicles in the given fleet", + "privilege": "ListVehiclesInFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "fleet*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the settings for a findings filter", - "privilege": "UpdateFilter", + "description": "Grants permission to enable or disable KMS-based encryption for the AWS account", + "privilege": "PutEncryptionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Filter*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update ec2 deep inspection configuration by delegated administrator for its associated member accounts", - "privilege": "UpdateOrgEc2DeepInspectionConfiguration", + "description": "Grants permission to put the logging options for the AWS account", + "privilege": "PutLoggingOptions", "resource_types": [ { "condition_keys": [], @@ -126465,62 +150708,52 @@ }, { "access_level": "Write", - "description": "Grants permission to update Amazon Inspector configuration settings for an AWS organization", - "privilege": "UpdateOrganizationConfiguration", + "description": "Grants permission to register an AWS account to IoT FleetWise", + "privilege": "RegisterAccount", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:inspector2:${Region}:${Account}:owner/${OwnerId}/filter/${FilterId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Filter" - }, - { - "arn": "arn:${Partition}:inspector2:${Region}:${Account}:finding/${FindingId}", - "condition_keys": [], - "resource": "Finding" - } - ], - "service_name": "Amazon Inspector2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "internetmonitor", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a monitor", - "privilege": "CreateMonitor", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "campaign" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "decodermanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signalcatalog" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle" }, { "condition_keys": [ @@ -126533,422 +150766,455 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a monitor", - "privilege": "DeleteMonitor", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "campaign" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "decodermanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "fleet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "modelmanifest" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signalcatalog" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vehicle" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a health event for a specified monitor", - "privilege": "GetHealthEvent", + "access_level": "Write", + "description": "Grants permission to update the given campaign", + "privilege": "UpdateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "HealthEvent*" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a monitor", - "privilege": "GetMonitor", + "access_level": "Write", + "description": "Grants permission to update a decoder manifest defnition", + "privilege": "UpdateDecoderManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "decodermanifest*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all health events for a monitor", - "privilege": "ListHealthEvents", + "access_level": "Write", + "description": "Grants permission to update the fleet", + "privilege": "UpdateFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "fleet*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all monitors in an account and their statuses", - "privilege": "ListMonitors", + "access_level": "Write", + "description": "Grants permission to update the given model manifest definition", + "privilege": "UpdateModelManifest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "modelmanifest*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a specific signal catalog definition", + "privilege": "UpdateSignalCatalog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "signalcatalog*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update the vehicle", + "privilege": "UpdateVehicle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "vehicle*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", - "resource_types": [ + "resource_type": "decodermanifest" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Monitor*" + "resource_type": "modelmanifest" }, { "condition_keys": [ - "aws:TagKeys" + "iotfleetwise:UpdateToModelManifestArn", + "iotfleetwise:UpdateToDecoderManifestArn" ], "dependent_actions": [], "resource_type": "" } ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a monitor", - "privilege": "UpdateMonitor", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Monitor*" - } - ] } ], "resources": [ { - "arn": "arn:${Partition}:internetmonitor:${Region}:${Account}:monitor/${MonitorName}/health-event/${EventId}", - "condition_keys": [], - "resource": "HealthEvent" + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:campaign/${CampaignName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "campaign" }, { - "arn": "arn:${Partition}:internetmonitor:${Region}:${Account}:monitor/${MonitorName}", + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:decoder-manifest/${Name}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Monitor" + "resource": "decodermanifest" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:fleet/${FleetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "fleet" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:model-manifest/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "modelmanifest" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:signal-catalog/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "signalcatalog" + }, + { + "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:vehicle/${VehicleId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "vehicle" } ], - "service_name": "Amazon CloudWatch Internet Monitor" + "service_name": "AWS IoT FleetWise" }, { - "conditions": [], - "prefix": "invoicing", + "conditions": [ + { + "condition": "iot:JobId", + "description": "Filters access by jobId for iotjobsdata:DescribeJobExecution and iotjobsdata:UpdateJobExecution APIs", + "type": "String" + } + ], + "prefix": "iotjobsdata", "privileges": [ { "access_level": "Read", - "description": "Grants permission to get Invoice Email Delivery Preferences", - "privilege": "GetInvoiceEmailDeliveryPreferences", + "description": "Grants permission to describe a job execution", + "privilege": "DescribeJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "thing*" + }, + { + "condition_keys": [ + "iot:JobId" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get Invoice PDF", - "privilege": "GetInvoicePDF", + "description": "Grants permission to get the list of all jobs for a thing that are not in a terminal state", + "privilege": "GetPendingJobExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get Invoice summary information for your account or linked account", - "privilege": "ListInvoiceSummaries", + "access_level": "Write", + "description": "Grants permission to get and start the next pending job execution for a thing", + "privilege": "StartNextPendingJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { "access_level": "Write", - "description": "Grants permission to put Invoice Email Delivery Preferences", - "privilege": "PutInvoiceEmailDeliveryPreferences", + "description": "Grants permission to update a job execution", + "privilege": "UpdateJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "thing*" + }, + { + "condition_keys": [ + "iot:JobId" + ], + "dependent_actions": [], "resource_type": "" } ] } ], - "resources": [], - "service_name": "AWS Invoicing Service" + "resources": [ + { + "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "condition_keys": [], + "resource": "thing" + } + ], + "service_name": "AWS IoT Jobs DataPlane" }, { "conditions": [ { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key that is present in the request", + "condition": "iotroborunner:DestinationResourceId", + "description": "Filters access by the destination's identifier", "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key component of a tag associated to the IoT resource in the request", + "condition": "iotroborunner:SiteResourceId", + "description": "Filters access by the site's identifier", "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys associated to the IoT resource in the request", - "type": "ArrayOfString" - }, - { - "condition": "iot:ClientMode", - "description": "Filters access by the mode of the client for IoT Tunnel", + "condition": "iotroborunner:WorkerFleetResourceId", + "description": "Filters access by the worker fleet's identifier", "type": "String" }, { - "condition": "iot:Delete", - "description": "Filters access by a flag indicating whether or not to also delete an IoT Tunnel immediately when making iot:CloseTunnel request", - "type": "Bool" - }, - { - "condition": "iot:DomainName", - "description": "Filters access by based on the domain name of an IoT DomainConfiguration", + "condition": "iotroborunner:WorkerResourceId", + "description": "Filters access by the workers identifier", "type": "String" - }, - { - "condition": "iot:ThingGroupArn", - "description": "Filters access by a list of IoT Thing Group ARNs that the destination IoT Thing belongs to for an IoT Tunnel", - "type": "ArrayOfString" - }, - { - "condition": "iot:TunnelDestinationService", - "description": "Filters access by a list of destination services for an IoT Tunnel", - "type": "ArrayOfString" } ], - "prefix": "iot", + "prefix": "iotroborunner", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept a pending certificate transfer", - "privilege": "AcceptCertificateTransfer", + "description": "Grants permission to create a destination", + "privilege": "CreateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "SiteResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a thing to the specified billing group", - "privilege": "AddThingToBillingGroup", + "description": "Grants permission to create a site", + "privilege": "CreateSite", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "billinggroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add a thing to the specified thing group", - "privilege": "AddThingToThingGroup", + "description": "Grants permission to create a worker", + "privilege": "CreateWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "WorkerFleetResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a group with a continuous job", - "privilege": "AssociateTargetsWithJob", + "description": "Grants permission to create a worker fleet", + "privilege": "CreateWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "SiteResource*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach a policy to the specified target", - "privilege": "AttachPolicy", + "access_level": "Write", + "description": "Grants permission to delete a destination", + "privilege": "DeleteDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "DestinationResource*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to attach the specified policy to the specified principal (certificate or other credential)", - "privilege": "AttachPrincipalPolicy", + "access_level": "Write", + "description": "Grants permission to delete a site", + "privilege": "DeleteSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert" + "resource_type": "SiteResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a Device Defender security profile with a thing group or with this account", - "privilege": "AttachSecurityProfile", + "description": "Grants permission to delete a worker", + "privilege": "DeleteWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custommetric" - }, + "resource_type": "WorkerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a worker fleet", + "privilege": "DeleteWorkerFleet", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension" - }, + "resource_type": "WorkerFleetResource*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a destination", + "privilege": "GetDestination", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "DestinationResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach the specified principal to the specified thing", - "privilege": "AttachThingPrincipal", + "access_level": "Read", + "description": "Grants permission to get a site", + "privilege": "GetSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SiteResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a mitigation action task that is in progress", - "privilege": "CancelAuditMitigationActionsTask", + "access_level": "Read", + "description": "Grants permission to get a worker", + "privilege": "GetWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkerResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel an audit that is in progress. The audit can be either scheduled or on-demand", - "privilege": "CancelAuditTask", + "access_level": "Read", + "description": "Grants permission to get a worker fleet", + "privilege": "GetWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WorkerFleetResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a pending transfer for the specified certificate", - "privilege": "CancelCertificateTransfer", + "access_level": "Read", + "description": "Grants permission to list destinations", + "privilege": "ListDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "SiteResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a Device Defender ML Detect mitigation action", - "privilege": "CancelDetectMitigationActionsTask", + "access_level": "Read", + "description": "Grants permission to list sites", + "privilege": "ListSites", "resource_types": [ { "condition_keys": [], @@ -126958,248 +151224,315 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a job", - "privilege": "CancelJob", + "access_level": "Read", + "description": "Grants permission to list worker fleets", + "privilege": "ListWorkerFleets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "SiteResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a job execution on a particular device", - "privilege": "CancelJobExecution", + "access_level": "Read", + "description": "Grants permission to list workers", + "privilege": "ListWorkers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "SiteResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to clear the default authorizer", - "privilege": "ClearDefaultAuthorizer", + "description": "Grants permission to update a destination", + "privilege": "UpdateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DestinationResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to close a tunnel", - "privilege": "CloseTunnel", + "description": "Grants permission to update a site", + "privilege": "UpdateSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tunnel*" - }, - { - "condition_keys": [ - "iot:Delete" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SiteResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to confirm a http url TopicRuleDestinationDestination", - "privilege": "ConfirmTopicRuleDestination", + "description": "Grants permission to update a worker", + "privilege": "UpdateWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" + "resource_type": "WorkerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to connect as the specified client", - "privilege": "Connect", + "description": "Grants permission to update a worker fleet", + "privilege": "UpdateWorkerFleet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "client*" + "resource_type": "WorkerFleetResource*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/destination/${DestinationId}", + "condition_keys": [ + "iotroborunner:DestinationResourceId" + ], + "resource": "DestinationResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}", + "condition_keys": [ + "iotroborunner:SiteResourceId" + ], + "resource": "SiteResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/worker-fleet/${WorkerFleetId}", + "condition_keys": [ + "iotroborunner:WorkerFleetResourceId" + ], + "resource": "WorkerFleetResource" + }, + { + "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/worker-fleet/${WorkerFleetId}/worker/${WorkerId}", + "condition_keys": [ + "iotroborunner:WorkerResourceId" + ], + "resource": "WorkerResource" + } + ], + "service_name": "AWS IoT RoboRunner" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "iotsitewise:assetHierarchyPath", + "description": "Filters access by an asset hierarchy path, which is the string of asset IDs in the asset's hierarchy, each separated by a forward slash", + "type": "String" + }, + { + "condition": "iotsitewise:childAssetId", + "description": "Filters access by the ID of a child asset being associated whith a parent asset", + "type": "String" + }, + { + "condition": "iotsitewise:group", + "description": "Filters access by the ID of an AWS Single Sign-On group", + "type": "String" + }, + { + "condition": "iotsitewise:iam", + "description": "Filters access by the ID of an AWS IAM identity", + "type": "String" + }, + { + "condition": "iotsitewise:isAssociatedWithAssetProperty", + "description": "Filters access by data streams associated with or not associated with asset properties", + "type": "String" + }, + { + "condition": "iotsitewise:portal", + "description": "Filters access by the ID of a portal", + "type": "String" + }, + { + "condition": "iotsitewise:project", + "description": "Filters access by the ID of a project", + "type": "String" + }, + { + "condition": "iotsitewise:propertyAlias", + "description": "Filters access by the property alias", + "type": "String" + }, + { + "condition": "iotsitewise:propertyId", + "description": "Filters access by the ID of an asset property", + "type": "String" }, + { + "condition": "iotsitewise:user", + "description": "Filters access by the ID of an AWS Single Sign-On user", + "type": "String" + } + ], + "prefix": "iotsitewise", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a Device Defender audit suppression", - "privilege": "CreateAuditSuppression", + "description": "Grants permission to associate a child asset with a parent asset through a hierarchy", + "privilege": "AssociateAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an authorizer", - "privilege": "CreateAuthorizer", + "description": "Grants permission to associate a time series with an asset property", + "privilege": "AssociateTimeSeriesToAssetProperty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer*" + "resource_type": "asset*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "time-series*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a billing group", - "privilege": "CreateBillingGroup", + "description": "Grants permission to associate assets to a project", + "privilege": "BatchAssociateProjectAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an X.509 certificate using the specified certificate signing request", - "privilege": "CreateCertificateFromCsr", + "description": "Grants permission to disassociate assets from a project", + "privilege": "BatchDisassociateProjectAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a custom metric for device side metric reporting and monitoring", - "privilege": "CreateCustomMetric", + "access_level": "Read", + "description": "Grants permission to retrieve computed aggregates for multiple asset properties", + "privilege": "BatchGetAssetPropertyAggregates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric*" + "resource_type": "asset" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to define a dimension that can be used to to limit the scope of a metric used in a security profile", - "privilege": "CreateDimension", + "access_level": "Read", + "description": "Grants permission to retrieve the latest value for multiple asset properties", + "privilege": "BatchGetAssetPropertyValue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension*" + "resource_type": "asset" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a domain configuration", - "privilege": "CreateDomainConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve the value history for multiple asset properties", + "privilege": "BatchGetAssetPropertyValueHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domainconfiguration*" + "resource_type": "asset" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iot:DomainName" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "time-series" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Dynamic Thing Group", - "privilege": "CreateDynamicThingGroup", + "description": "Grants permission to put property values for asset properties", + "privilege": "BatchPutAssetPropertyValue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dynamicthinggroup*" + "resource_type": "asset" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "time-series" } ] }, { "access_level": "Write", - "description": "Grants permission to create a fleet metric", - "privilege": "CreateFleetMetric", + "description": "Grants permission to create an access policy for a portal or a project", + "privilege": "CreateAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleetmetric*" + "resource_type": "portal" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "project" }, { "condition_keys": [ @@ -127213,28 +151546,13 @@ }, { "access_level": "Write", - "description": "Grants permission to create a job", - "privilege": "CreateJob", + "description": "Grants permission to create an asset from an asset model", + "privilege": "CreateAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thinggroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobtemplate" + "resource_type": "asset-model*" }, { "condition_keys": [ @@ -127248,19 +151566,9 @@ }, { "access_level": "Write", - "description": "Grants permission to create a job template", - "privilege": "CreateJobTemplate", + "description": "Grants permission to create an asset model", + "privilege": "CreateAssetModel", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobtemplate*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -127273,45 +151581,37 @@ }, { "access_level": "Write", - "description": "Grants permission to create a 2048 bit RSA key pair and issues an X.509 certificate using the issued public key", - "privilege": "CreateKeysAndCertificate", + "description": "Grants permission to create an asset model composite model inside an asset model", + "privilege": "CreateAssetModelCompositeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset-model*" } ] }, { "access_level": "Write", - "description": "Grants permission to define an action that can be applied to audit findings by using StartAuditMitigationActionsTask", - "privilege": "CreateMitigationAction", + "description": "Grants permission to create bulk import job", + "privilege": "CreateBulkImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an OTA update job", - "privilege": "CreateOTAUpdate", + "description": "Grants permission to create a dashboard in a project", + "privilege": "CreateDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "otaupdate*" + "resource_type": "project*" }, { "condition_keys": [ @@ -127325,16 +151625,9 @@ }, { "access_level": "Write", - "description": "Grants permission to create a software package that you can deploy to your devices", - "privilege": "CreatePackage", + "description": "Grants permission to create a gateway", + "privilege": "CreateGateway", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:GetIndexingConfiguration" - ], - "resource_type": "package*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -127347,40 +151640,31 @@ }, { "access_level": "Write", - "description": "Grants permission to create a version under the specified package", - "privilege": "CreatePackageVersion", + "description": "Grants permission to create a portal", + "privilege": "CreatePortal", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:GetIndexingConfiguration" - ], - "resource_type": "package*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packageversion*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "sso:CreateManagedApplicationInstance", + "sso:DescribeRegisteredRegions" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS IoT policy", - "privilege": "CreatePolicy", + "description": "Grants permission to create a project in a portal", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "portal*" }, { "condition_keys": [ @@ -127394,687 +151678,586 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new version of the specified AWS IoT policy", - "privilege": "CreatePolicyVersion", + "description": "Grants permission to delete an access policy", + "privilege": "DeleteAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "access-policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a provisioning claim", - "privilege": "CreateProvisioningClaim", + "description": "Grants permission to delete an asset", + "privilege": "DeleteAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" + "resource_type": "asset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a fleet provisioning template", - "privilege": "CreateProvisioningTemplate", + "description": "Grants permission to delete an asset model", + "privilege": "DeleteAssetModel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "provisioningtemplate*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset-model*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new version of a fleet provisioning template", - "privilege": "CreateProvisioningTemplateVersion", + "description": "Grants permission to delete an asset model composite model", + "privilege": "DeleteAssetModelCompositeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" + "resource_type": "asset-model*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a role alias", - "privilege": "CreateRoleAlias", + "description": "Grants permission to delete a dashboard", + "privilege": "DeleteDashboard", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "rolealias*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "dashboard*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a scheduled audit that is run at a specified time interval", - "privilege": "CreateScheduledAudit", + "description": "Grants permission to delete a gateway", + "privilege": "DeleteGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "gateway*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Device Defender security profile", - "privilege": "CreateSecurityProfile", + "description": "Grants permission to delete a portal", + "privilege": "DeletePortal", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "securityprofile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custommetric" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dimension" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "portal*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new AWS IoT stream", - "privilege": "CreateStream", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a thing in the thing registry", - "privilege": "CreateThing", + "description": "Grants permission to delete a time series", + "privilege": "DeleteTimeSeries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "asset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a thing group", - "privilege": "CreateThingGroup", + "access_level": "Read", + "description": "Grants permission to describe an access policy", + "privilege": "DescribeAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "access-policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new thing type", - "privilege": "CreateThingType", + "access_level": "Read", + "description": "Grants permission to describe actions", + "privilege": "DescribeAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "asset" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a rule", - "privilege": "CreateTopicRule", + "access_level": "Read", + "description": "Grants permission to describe an asset", + "privilege": "DescribeAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "asset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a TopicRuleDestination", - "privilege": "CreateTopicRuleDestination", + "access_level": "Read", + "description": "Grants permission to describe an asset composite model", + "privilege": "DescribeAssetCompositeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" + "resource_type": "asset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the audit configuration associated with the account", - "privilege": "DeleteAccountAuditConfiguration", + "access_level": "Read", + "description": "Grants permission to describe an asset model", + "privilege": "DescribeAssetModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset-model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Device Defender audit suppression", - "privilege": "DeleteAuditSuppression", + "access_level": "Read", + "description": "Grants permission to describe an asset model composite model", + "privilege": "DescribeAssetModelCompositeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset-model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified authorizer", - "privilege": "DeleteAuthorizer", + "access_level": "Read", + "description": "Grants permission to describe an asset property", + "privilege": "DescribeAssetProperty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer*" + "resource_type": "asset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified billing group", - "privilege": "DeleteBillingGroup", + "access_level": "Read", + "description": "Grants permission to describe bulk import job", + "privilege": "DescribeBulkImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a registered CA certificate", - "privilege": "DeleteCACertificate", + "access_level": "Read", + "description": "Grants permission to describe a dashboard", + "privilege": "DescribeDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cacert*" + "resource_type": "dashboard*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified certificate", - "privilege": "DeleteCertificate", + "access_level": "Read", + "description": "Grants permission to describe the default encryption configuration for the AWS account", + "privilege": "DescribeDefaultEncryptionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deletes the specified custom metric from your AWS account", - "privilege": "DeleteCustomMetric", + "access_level": "Read", + "description": "Grants permission to describe a gateway", + "privilege": "DescribeGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric*" + "resource_type": "gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove the specified dimension from your AWS account", - "privilege": "DeleteDimension", + "access_level": "Read", + "description": "Grants permission to describe a capability configuration for a gateway", + "privilege": "DescribeGatewayCapabilityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension*" + "resource_type": "gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a domain configuration", - "privilege": "DeleteDomainConfiguration", + "access_level": "Read", + "description": "Grants permission to describe logging options for the AWS account", + "privilege": "DescribeLoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domainconfiguration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified Dynamic Thing Group", - "privilege": "DeleteDynamicThingGroup", + "access_level": "Read", + "description": "Grants permission to describe a portal", + "privilege": "DescribePortal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dynamicthinggroup*" + "resource_type": "portal*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified fleet metric", - "privilege": "DeleteFleetMetric", + "access_level": "Read", + "description": "Grants permission to describe a project", + "privilege": "DescribeProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleetmetric*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job and its related job executions", - "privilege": "DeleteJob", + "access_level": "Read", + "description": "Grants permission to describe the storage configuration for the AWS account", + "privilege": "DescribeStorageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a job execution", - "privilege": "DeleteJobExecution", + "access_level": "Read", + "description": "Grants permission to describe a time series", + "privilege": "DescribeTimeSeries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "asset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "time-series" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a job template", - "privilege": "DeleteJobTemplate", + "description": "Grants permission to disassociate a child asset from a parent asset by a hierarchy", + "privilege": "DisassociateAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobtemplate*" + "resource_type": "asset*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a defined mitigation action from your AWS account", - "privilege": "DeleteMitigationAction", + "description": "Grants permission to disassociate a time series from an asset property", + "privilege": "DisassociateTimeSeriesFromAssetProperty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an OTA update job", - "privilege": "DeleteOTAUpdate", - "resource_types": [ + "resource_type": "asset*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "otaupdate*" + "resource_type": "time-series*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a package", - "privilege": "DeletePackage", + "description": "Grants permission to allow IoT SiteWise integrate with other services", + "privilege": "EnableSiteWiseIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a version of the specified package", - "privilege": "DeletePackageVersion", + "description": "Grants permission to execute actions", + "privilege": "ExecuteAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packageversion*" + "resource_type": "asset" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified policy", - "privilege": "DeletePolicy", + "access_level": "Read", + "description": "Grants permission to execute query", + "privilege": "ExecuteQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to Delete the specified version of the specified policy", - "privilege": "DeletePolicyVersion", + "access_level": "Read", + "description": "Grants permission to retrieve computed aggregates for an asset property", + "privilege": "GetAssetPropertyAggregates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a fleet provisioning template", - "privilege": "DeleteProvisioningTemplate", - "resource_types": [ + "resource_type": "asset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a fleet provisioning template version", - "privilege": "DeleteProvisioningTemplateVersion", + "access_level": "Read", + "description": "Grants permission to retrieve the latest value for an asset property", + "privilege": "GetAssetPropertyValue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a CA certificate registration code", - "privilege": "DeleteRegistrationCode", - "resource_types": [ + "resource_type": "asset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified role alias", - "privilege": "DeleteRoleAlias", + "access_level": "Read", + "description": "Grants permission to retrieve the value history for an asset property", + "privilege": "GetAssetPropertyValueHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rolealias*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a scheduled audit", - "privilege": "DeleteScheduledAudit", - "resource_types": [ + "resource_type": "asset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit*" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Device Defender security profile", - "privilege": "DeleteSecurityProfile", + "access_level": "Read", + "description": "Grants permission to retrieve interpolated values for an asset property", + "privilege": "GetInterpolatedAssetPropertyValues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custommetric" + "resource_type": "asset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension" + "resource_type": "time-series" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified stream", - "privilege": "DeleteStream", + "access_level": "List", + "description": "Grants permission to list all access policies for an identity or a resource", + "privilege": "ListAccessPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "portal" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified thing", - "privilege": "DeleteThing", + "access_level": "List", + "description": "Grants permission to list all actions", + "privilege": "ListActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "asset" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified thing group", - "privilege": "DeleteThingGroup", + "access_level": "List", + "description": "Grants permission to list all asset model composite models", + "privilege": "ListAssetModelCompositeModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "asset-model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified thing shadow", - "privilege": "DeleteThingShadow", + "access_level": "List", + "description": "Grants permission to list asset model properties", + "privilege": "ListAssetModelProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "asset-model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified thing type", - "privilege": "DeleteThingType", + "access_level": "List", + "description": "Grants permission to list all asset models", + "privilege": "ListAssetModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified rule", - "privilege": "DeleteTopicRule", + "access_level": "List", + "description": "Grants permission to list asset properties", + "privilege": "ListAssetProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "asset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a TopicRuleDestination", - "privilege": "DeleteTopicRuleDestination", + "access_level": "List", + "description": "Grants permission to list the asset relationship graph for an asset", + "privilege": "ListAssetRelationships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" + "resource_type": "asset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified v2 logging level", - "privilege": "DeleteV2LoggingLevel", + "access_level": "List", + "description": "Grants permission to list all assets", + "privilege": "ListAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset-model" } ] }, { - "access_level": "Write", - "description": "Grants permission to deprecate the specified thing type", - "privilege": "DeprecateThingType", + "access_level": "List", + "description": "Grants permission to list all assets associated with an asset through a hierarchy", + "privilege": "ListAssociatedAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype*" + "resource_type": "asset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about audit configurations for the account", - "privilege": "DescribeAccountAuditConfiguration", + "access_level": "List", + "description": "Grants permission to list bulk import jobs", + "privilege": "ListBulkImportJobs", "resource_types": [ { "condition_keys": [], @@ -128084,33 +152267,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started", - "privilege": "DescribeAuditFinding", + "access_level": "List", + "description": "Grants permission to list all asset model composition relationships", + "privilege": "ListCompositionRelationships", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings", - "privilege": "DescribeAuditMitigationActionsTask", + "access_level": "List", + "description": "Grants permission to list all dashboards in a project", + "privilege": "ListDashboards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a Device Defender audit suppression", - "privilege": "DescribeAuditSuppression", + "access_level": "List", + "description": "Grants permission to list all gateways", + "privilege": "ListGateways", "resource_types": [ { "condition_keys": [], @@ -128120,9 +152303,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a Device Defender audit", - "privilege": "DescribeAuditTask", + "access_level": "List", + "description": "Grants permission to list all portals", + "privilege": "ListPortals", "resource_types": [ { "condition_keys": [], @@ -128132,117 +152315,123 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe an authorizer", - "privilege": "DescribeAuthorizer", + "access_level": "List", + "description": "Grants permission to list all assets associated with a project", + "privilege": "ListProjectAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer*" + "resource_type": "project*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified billing group", - "privilege": "DescribeBillingGroup", + "access_level": "List", + "description": "Grants permission to list all projects in a portal", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "portal*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a registered CA certificate", - "privilege": "DescribeCACertificate", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cacert*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about the specified certificate", - "privilege": "DescribeCertificate", - "resource_types": [ + "resource_type": "access-policy" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a custom metric that is defined in your AWS account", - "privilege": "DescribeCustomMetric", - "resource_types": [ + "resource_type": "asset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the default authorizer", - "privilege": "DescribeDefaultAuthorizer", - "resource_types": [ + "resource_type": "asset-model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a Device Defender ML Detect mitigation action", - "privilege": "DescribeDetectMitigationActionsTask", + "access_level": "List", + "description": "Grants permission to list time series", + "privilege": "ListTimeSeries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "asset" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a dimension that is defined in your AWS account", - "privilege": "DescribeDimension", + "access_level": "Write", + "description": "Grants permission to set the default encryption configuration for the AWS account", + "privilege": "PutDefaultEncryptionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the domain configuration", - "privilege": "DescribeDomainConfiguration", + "access_level": "Write", + "description": "Grants permission to set logging options for the AWS account", + "privilege": "PutLoggingOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domainconfiguration*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a unique endpoint specific to the AWS account making the call", - "privilege": "DescribeEndpoint", + "access_level": "Write", + "description": "Grants permission to configure storage settings for the AWS account", + "privilege": "PutStorageConfiguration", "resource_types": [ { "condition_keys": [], @@ -128252,301 +152441,477 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get account event configurations", - "privilege": "DescribeEventConfigurations", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "access-policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "asset-model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified fleet metric", - "privilege": "DescribeFleetMetric", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleetmetric*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about the specified index", - "privilege": "DescribeIndex", - "resource_types": [ + "resource_type": "access-policy" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a job", - "privilege": "DescribeJob", - "resource_types": [ + "resource_type": "asset" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a job execution", - "privilege": "DescribeJobExecution", - "resource_types": [ + "resource_type": "asset-model" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "dashboard" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing" + "resource_type": "gateway" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "portal" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "time-series" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a job template", - "privilege": "DescribeJobTemplate", + "access_level": "Write", + "description": "Grants permission to update an access policy", + "privilege": "UpdateAccessPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobtemplate*" + "resource_type": "access-policy*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a managed job template", - "privilege": "DescribeManagedJobTemplate", + "access_level": "Write", + "description": "Grants permission to update an asset", + "privilege": "UpdateAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobtemplate*" + "resource_type": "asset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a mitigation action", - "privilege": "DescribeMitigationAction", + "access_level": "Write", + "description": "Grants permission to update an asset model", + "privilege": "UpdateAssetModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction*" + "resource_type": "asset-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a fleet provisioning template", - "privilege": "DescribeProvisioningTemplate", + "access_level": "Write", + "description": "Grants permission to update asset model composite model", + "privilege": "UpdateAssetModelCompositeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" + "resource_type": "asset-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a fleet provisioning template version", - "privilege": "DescribeProvisioningTemplateVersion", + "access_level": "Write", + "description": "Grants permission to update an AssetModel property routing", + "privilege": "UpdateAssetModelPropertyRouting", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" + "resource_type": "asset-model*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a role alias", - "privilege": "DescribeRoleAlias", + "access_level": "Write", + "description": "Grants permission to update an asset property", + "privilege": "UpdateAssetProperty", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rolealias*" + "resource_type": "asset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a scheduled audit", - "privilege": "DescribeScheduledAudit", + "access_level": "Write", + "description": "Grants permission to update a dashboard", + "privilege": "UpdateDashboard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit*" + "resource_type": "dashboard*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a Device Defender security profile", - "privilege": "DescribeSecurityProfile", + "access_level": "Write", + "description": "Grants permission to update a gateway", + "privilege": "UpdateGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile*" + "resource_type": "gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified stream", - "privilege": "DescribeStream", + "access_level": "Write", + "description": "Grants permission to update a capability configuration for a gateway", + "privilege": "UpdateGatewayCapabilityConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified thing", - "privilege": "DescribeThing", + "access_level": "Write", + "description": "Grants permission to update a portal", + "privilege": "UpdatePortal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "portal*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified thing group", - "privilege": "DescribeThingGroup", + "access_level": "Write", + "description": "Grants permission to update a project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "project*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "asset" }, { - "access_level": "Read", - "description": "Grants permission to get information about the bulk thing registration task", - "privilege": "DescribeThingRegistrationTask", + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:asset-model/${AssetModelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "asset-model" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:time-series/${TimeSeriesId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "time-series" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:gateway/${GatewayId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "gateway" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "portal" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:project/${ProjectId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "project" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:dashboard/${DashboardId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dashboard" + }, + { + "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "access-policy" + } + ], + "service_name": "AWS IoT SiteWise" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "iottwinmaker:destinationType", + "description": "Filters access by destination type of metadata transfer job", + "type": "ArrayOfString" + }, + { + "condition": "iottwinmaker:linkedServices", + "description": "Filters access by workspace linked to services", + "type": "ArrayOfString" + }, + { + "condition": "iottwinmaker:sourceType", + "description": "Filters access by source type of metadata transfer job", + "type": "ArrayOfString" + } + ], + "prefix": "iottwinmaker", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to set values for multiple time series properties", + "privilege": "BatchPutPropertyValues", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetWorkspace" + ], + "resource_type": "workspace*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified thing type", - "privilege": "DescribeThingType", + "access_level": "Write", + "description": "Grants permission to cancel a metadata transfer job", + "privilege": "CancelMetadataTransferJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype*" + "resource_type": "metadataTransferJob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a tunnel", - "privilege": "DescribeTunnel", + "access_level": "Write", + "description": "Grants permission to create a componentType", + "privilege": "CreateComponentType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tunnel*" + "resource_type": "workspace*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to detach a policy from the specified target", - "privilege": "DetachPolicy", + "access_level": "Write", + "description": "Grants permission to create an entity", + "privilege": "CreateEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert" + "resource_type": "workspace*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove the specified policy from the specified certificate", - "privilege": "DetachPrincipalPolicy", + "access_level": "Write", + "description": "Grants permission to create a metadata transfer job", + "privilege": "CreateMetadataTransferJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a Device Defender security profile from a thing group or from this account", - "privilege": "DetachSecurityProfile", + "description": "Grants permission to create a scene", + "privilege": "CreateScene", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile*" + "resource_type": "workspace*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "custommetric" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a sync job", + "privilege": "CreateSyncJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension" + "resource_type": "workspace*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to detach the specified principal from the specified thing", - "privilege": "DetachThingPrincipal", + "description": "Grants permission to create a workspace", + "privilege": "CreateWorkspace", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -128554,140 +152919,146 @@ }, { "access_level": "Write", - "description": "Grants permission to disable the specified rule", - "privilege": "DisableTopicRule", + "description": "Grants permission to delete a componentType", + "privilege": "DeleteComponentType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "componentType*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable the specified rule", - "privilege": "EnableTopicRule", + "description": "Grants permission to delete an entity", + "privilege": "DeleteEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to fetch a Device Defender's ML Detect Security Profile training model's status", - "privilege": "GetBehaviorModelTrainingSummaries", - "resource_types": [ + "resource_type": "entity*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get buckets aggregation for IoT fleet index", - "privilege": "GetBucketsAggregation", + "access_level": "Write", + "description": "Grants permission to delete a scene", + "privilege": "DeleteScene", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get cardinality for IoT fleet index", - "privilege": "GetCardinality", - "resource_types": [ + "resource_type": "scene*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get effective policies", - "privilege": "GetEffectivePolicies", + "access_level": "Write", + "description": "Grants permission to delete a sync job", + "privilege": "DeleteSyncJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert" + "resource_type": "syncJob*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get current fleet indexing configuration", - "privilege": "GetIndexingConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a workspace", + "privilege": "DeleteWorkspace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a job document", - "privilege": "GetJobDocument", + "description": "Grants permission to execute query", + "privilege": "ExecuteQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the logging options", - "privilege": "GetLoggingOptions", + "description": "Grants permission to get a componentType", + "privilege": "GetComponentType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "componentType*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the information about the OTA update job", - "privilege": "GetOTAUpdate", + "description": "Grants permission to get an entity", + "privilege": "GetEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "otaupdate*" + "resource_type": "entity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the information about the package", - "privilege": "GetPackage", + "description": "Grants permission to get a metadata transfer job", + "privilege": "GetMetadataTransferJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "metadataTransferJob*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the package configuration of the account", - "privilege": "GetPackageConfiguration", + "description": "Grants permission to get pricing plan", + "privilege": "GetPricingPlan", "resource_types": [ { "condition_keys": [], @@ -128698,133 +153069,147 @@ }, { "access_level": "Read", - "description": "Grants permission to get the version of the package", - "privilege": "GetPackageVersion", + "description": "Grants permission to retrieve the property values", + "privilege": "GetPropertyValue", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetWorkspace" + ], + "resource_type": "workspace*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "componentType" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "packageversion*" + "resource_type": "entity" } ] }, { "access_level": "Read", - "description": "Grants permission to get percentiles for IoT fleet index", - "privilege": "GetPercentiles", + "description": "Grants permission to retrieve the time series value history", + "privilege": "GetPropertyValueHistory", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetWorkspace" + ], + "resource_type": "workspace*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get information about the specified policy with the policy document of the default version", - "privilege": "GetPolicy", - "resource_types": [ + "resource_type": "componentType" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "entity" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about the specified policy version", - "privilege": "GetPolicyVersion", + "description": "Grants permission to get a scene", + "privilege": "GetScene", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a registration code used to register a CA certificate with AWS IoT", - "privilege": "GetRegistrationCode", - "resource_types": [ + "resource_type": "scene*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the retained message on the specified topic", - "privilege": "GetRetainedMessage", + "description": "Grants permission to get a sync job", + "privilege": "GetSyncJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topic*" + "resource_type": "syncJob*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { "access_level": "Read", - "description": "Grants permission to get statistics for IoT fleet index", - "privilege": "GetStatistics", + "description": "Grants permission to get a workspace", + "privilege": "GetWorkspace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the thing shadow", - "privilege": "GetThingShadow", + "access_level": "List", + "description": "Grants permission to list all componentTypes in a workspace", + "privilege": "ListComponentTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified rule", - "privilege": "GetTopicRule", + "access_level": "List", + "description": "Grants permission to list components attached to an entity", + "privilege": "ListComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "entity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a TopicRuleDestination", - "privilege": "GetTopicRuleDestination", + "access_level": "List", + "description": "Grants permission to list all entities in a workspace", + "privilege": "ListEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" + "resource_type": "workspace*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get v2 logging options", - "privilege": "GetV2LoggingOptions", + "access_level": "List", + "description": "Grants permission to list all metadata transfer jobs", + "privilege": "ListMetadataTransferJobs", "resource_types": [ { "condition_keys": [], @@ -128835,73 +153220,105 @@ }, { "access_level": "List", - "description": "Grants permission to list the active violations for a given Device Defender security profile or Thing", - "privilege": "ListActiveViolations", + "description": "Grants permission to list properties of an entity component", + "privilege": "ListProperties", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" + "resource_type": "entity*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing" + "resource_type": "workspace*" } ] }, { "access_level": "List", - "description": "Grants permission to list the policies attached to the specified thing group", - "privilege": "ListAttachedPolicies", + "description": "Grants permission to list all scenes in a workspace", + "privilege": "ListScenes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "List", - "description": "Grants permission to list the findings (results) of a Device Defender audit or of the audits performed during a specified time period", - "privilege": "ListAuditFindings", + "description": "Grants permission to list all sync jobs in a workspace", + "privilege": "ListSyncJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] }, { "access_level": "List", - "description": "Grants permission to get the status of audit mitigation action tasks that were executed", - "privilege": "ListAuditMitigationActionsExecutions", + "description": "Grants permission to list all sync resources for a sync job", + "privilege": "ListSyncResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "syncJob*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of audit mitigation action tasks that match the specified filters", - "privilege": "ListAuditMitigationActionsTasks", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "syncJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list your Device Defender audit suppressions", - "privilege": "ListAuditSuppressions", + "description": "Grants permission to list all workspaces", + "privilege": "ListWorkspaces", "resource_types": [ { "condition_keys": [], @@ -128911,57 +153328,122 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Device Defender audits that have been performed during a given time period", - "privilege": "ListAuditTasks", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "syncJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the authorizers registered in your account", - "privilege": "ListAuthorizers", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "componentType" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "entity" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "scene" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "syncJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all billing groups", - "privilege": "ListBillingGroups", + "access_level": "Write", + "description": "Grants permission to update a componentType", + "privilege": "UpdateComponentType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "componentType*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the CA certificates registered for your AWS account", - "privilege": "ListCACertificates", + "access_level": "Write", + "description": "Grants permission to update an entity", + "privilege": "UpdateEntity", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "entity*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your certificates", - "privilege": "ListCertificates", + "access_level": "Write", + "description": "Grants permission to update pricing plan", + "privilege": "UpdatePricingPlan", "resource_types": [ { "condition_keys": [], @@ -128971,558 +153453,696 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the device certificates signed by the specified CA certificate", - "privilege": "ListCertificatesByCA", + "access_level": "Write", + "description": "Grants permission to update a scene", + "privilege": "UpdateScene", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "scene*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspace*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the custom metrics in your AWS account", - "privilege": "ListCustomMetrics", + "access_level": "Write", + "description": "Grants permission to update a workspace", + "privilege": "UpdateWorkspace", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workspace*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workspace" }, { - "access_level": "List", - "description": "Grants permission to lists mitigation actions executions for a Device Defender ML Detect Security Profile", - "privilege": "ListDetectMitigationActionsExecutions", + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/entity/${EntityId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "entity" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/component-type/${ComponentTypeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "componentType" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/scene/${SceneId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "scene" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/sync-job/${SyncJobId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "syncJob" + }, + { + "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:metadata-transfer-job/${MetadataTransferJobId}", + "condition_keys": [], + "resource": "metadataTransferJob" + } + ], + "service_name": "AWS IoT TwinMaker" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key that is present in the request that the user makes to IoT Wireless", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key component of a tag attached to an IoT Wireless resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the list of all the tag key names associated with the resource in the request", + "type": "ArrayOfString" + } + ], + "prefix": "iotwireless", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to link partner accounts with AWS account", + "privilege": "AssociateAwsAccountWithPartnerAccount", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "thing" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Device Defender ML Detect mitigation actions tasks", - "privilege": "ListDetectMitigationActionsTasks", + "access_level": "Write", + "description": "Grants permission to associate the MulticastGroup with FuotaTask", + "privilege": "AssociateMulticastGroupWithFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "FuotaTask*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the dimensions that are defined for your AWS account", - "privilege": "ListDimensions", + "access_level": "Write", + "description": "Grants permission to associate the wireless device with FuotaTask", + "privilege": "AssociateWirelessDeviceWithFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "FuotaTask*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the domain configuration created by your AWS account", - "privilege": "ListDomainConfigurations", + "access_level": "Write", + "description": "Grants permission to associate the WirelessDevice with MulticastGroup", + "privilege": "AssociateWirelessDeviceWithMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MulticastGroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the fleet metrics in your account", - "privilege": "ListFleetMetrics", + "access_level": "Write", + "description": "Grants permission to associate the wireless device with AWS IoT thing for a given wirelessDeviceId", + "privilege": "AssociateWirelessDeviceWithThing", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:DescribeThing" + ], + "resource_type": "WirelessDevice*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "thing*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all indices for fleet index", - "privilege": "ListIndices", + "access_level": "Write", + "description": "Grants permission to associate a WirelessGateway with the IoT Core Identity certificate", + "privilege": "AssociateWirelessGatewayWithCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cert*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the job executions for a job", - "privilege": "ListJobExecutionsForJob", + "access_level": "Write", + "description": "Grants permission to associate the wireless gateway with AWS IoT thing for a given wirelessGatewayId", + "privilege": "AssociateWirelessGatewayWithThing", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iot:DescribeThing" + ], + "resource_type": "WirelessGateway*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "thing*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the job executions for the specified thing", - "privilege": "ListJobExecutionsForThing", + "access_level": "Write", + "description": "Grants permission to cancel the MulticastGroup session", + "privilege": "CancelMulticastGroupSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list job templates", - "privilege": "ListJobTemplates", + "access_level": "Write", + "description": "Grants permission to create a Destination resource", + "privilege": "CreateDestination", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list jobs", - "privilege": "ListJobs", + "access_level": "Write", + "description": "Grants permission to create a DeviceProfile resource", + "privilege": "CreateDeviceProfile", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list managed job templates", - "privilege": "ListManagedJobTemplates", + "access_level": "Write", + "description": "Grants permission to create a FuotaTask resource", + "privilege": "CreateFuotaTask", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permissions to list the metric values for a thing based on the metricName, and dimension if specified", - "privilege": "ListMetricValues", + "access_level": "Write", + "description": "Grants permission to create a MulticastGroup resource", + "privilege": "CreateMulticastGroup", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of all mitigation actions that match the specified filter criteria", - "privilege": "ListMitigationActions", + "access_level": "Write", + "description": "Grants permission to create a NetworkAnalyzerConfiguration resource", + "privilege": "CreateNetworkAnalyzerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "MulticastGroup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all named shadows for a given thing", - "privilege": "ListNamedShadowsForThing", + "access_level": "Write", + "description": "Grants permission to create a ServiceProfile resource", + "privilege": "CreateServiceProfile", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list OTA update jobs in the account", - "privilege": "ListOTAUpdates", + "access_level": "Write", + "description": "Grants permission to create a WirelessDevice resource with given Destination", + "privilege": "CreateWirelessDevice", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list certificates that are being transfered but not yet accepted", - "privilege": "ListOutgoingCertificates", + "access_level": "Write", + "description": "Grants permission to create a WirelessGateway resource", + "privilege": "CreateWirelessGateway", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list versions for a package in the account", - "privilege": "ListPackageVersions", + "access_level": "Write", + "description": "Grants permission to create a task for a given WirelessGateway", + "privilege": "CreateWirelessGatewayTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "List", - "description": "Grants permission to list packages in the account", - "privilege": "ListPackages", + "access_level": "Write", + "description": "Grants permission to create a WirelessGateway task definition", + "privilege": "CreateWirelessGatewayTaskDefinition", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list your policies", - "privilege": "ListPolicies", + "access_level": "Write", + "description": "Grants permission to delete a Destination", + "privilege": "DeleteDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Destination*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the principals associated with the specified policy", - "privilege": "ListPolicyPrincipals", + "access_level": "Write", + "description": "Grants permission to delete a DeviceProfile", + "privilege": "DeleteDeviceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DeviceProfile*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the versions of the specified policy, and identifies the default version", - "privilege": "ListPolicyVersions", + "access_level": "Write", + "description": "Grants permission to delete the FuotaTask", + "privilege": "DeleteFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "FuotaTask*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the policies attached to the specified principal. If you use an Amazon Cognito identity, the ID needs to be in Amazon Cognito Identity format", - "privilege": "ListPrincipalPolicies", + "access_level": "Write", + "description": "Grants permission to delete the MulticastGroup", + "privilege": "DeleteMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the things associated with the specified principal", - "privilege": "ListPrincipalThings", + "access_level": "Write", + "description": "Grants permission to delete the NetworkAnalyzerConfiguration", + "privilege": "DeleteNetworkAnalyzerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "NetworkAnalyzerConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of fleet provisioning template versions", - "privilege": "ListProvisioningTemplateVersions", + "access_level": "Write", + "description": "Grants permission to delete QueuedMessages", + "privilege": "DeleteQueuedMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the fleet provisioning templates in your AWS account", - "privilege": "ListProvisioningTemplates", + "access_level": "Write", + "description": "Grants permission to delete a ServiceProfile", + "privilege": "DeleteServiceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ServiceProfile*" } ] }, { - "access_level": "List", - "description": "Grants permission to list related resources for a single audit finding", - "privilege": "ListRelatedResourcesForAuditFinding", + "access_level": "Write", + "description": "Grants permission to delete a WirelessDevice", + "privilege": "DeleteWirelessDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the retained messages for your account", - "privilege": "ListRetainedMessages", + "access_level": "Write", + "description": "Grants permission to delete the wireless device import task", + "privilege": "DeleteWirelessDeviceImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ImportTask*" } ] }, { - "access_level": "List", - "description": "Grants permission to list role aliases", - "privilege": "ListRoleAliases", + "access_level": "Write", + "description": "Grants permission to delete a WirelessGateway", + "privilege": "DeleteWirelessGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of your scheduled audits", - "privilege": "ListScheduledAudits", + "access_level": "Write", + "description": "Grants permission to delete task for a given WirelessGateway", + "privilege": "DeleteWirelessGatewayTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Device Defender security profiles you have created", - "privilege": "ListSecurityProfiles", + "access_level": "Write", + "description": "Grants permission to delete a WirelessGateway task definition", + "privilege": "DeleteWirelessGatewayTaskDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dimension" + "resource_type": "WirelessGatewayTaskDefinition*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Device Defender security profiles attached to a target", - "privilege": "ListSecurityProfilesForTarget", + "access_level": "Write", + "description": "Grants permission to deregister wireless device", + "privilege": "DeregisterWirelessDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the streams in your account", - "privilege": "ListStreams", + "access_level": "Write", + "description": "Grants permission to disassociate an AWS account from a partner account", + "privilege": "DisassociateAwsAccountFromPartnerAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SidewalkAccount*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags for a given resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to disassociate the MulticastGroup from FuotaTask", + "privilege": "DisassociateMulticastGroupFromFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "billinggroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cacert" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custommetric" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dimension" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "domainconfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dynamicthinggroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleetmetric" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "job" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "jobtemplate" + "resource_type": "FuotaTask*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction" - }, + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the wireless device from FuotaTask", + "privilege": "DisassociateWirelessDeviceFromFuotaTask", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "otaupdate" + "resource_type": "FuotaTask*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "WirelessDevice*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate the wireless device from MulticastGroup", + "privilege": "DisassociateWirelessDeviceFromMulticastGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate" + "resource_type": "MulticastGroup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rolealias" - }, + "resource_type": "WirelessDevice*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a wireless device from a AWS IoT thing", + "privilege": "DisassociateWirelessDeviceFromThing", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" + "dependent_actions": [ + "iot:DescribeThing" + ], + "resource_type": "WirelessDevice*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit" - }, + "resource_type": "thing*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a WirelessGateway from a IoT Core Identity certificate", + "privilege": "DisassociateWirelessGatewayFromCertificate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" + "resource_type": "WirelessGateway*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream" - }, + "resource_type": "cert*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a WirelessGateway from a IoT Core thing", + "privilege": "DisassociateWirelessGatewayFromThing", + "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "thinggroup" + "dependent_actions": [ + "iot:DescribeThing" + ], + "resource_type": "WirelessGateway*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype" + "resource_type": "thing*" } ] }, { - "access_level": "List", - "description": "Grants permission to list targets for the specified policy", - "privilege": "ListTargetsForPolicy", + "access_level": "Read", + "description": "Grants permission to get the Destination", + "privilege": "GetDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "Destination*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the targets associated with a given Device Defender security profile", - "privilege": "ListTargetsForSecurityProfile", + "access_level": "Read", + "description": "Grants permission to get the DeviceProfile", + "privilege": "GetDeviceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile*" + "resource_type": "DeviceProfile*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all thing groups", - "privilege": "ListThingGroups", + "access_level": "Read", + "description": "Grants permission to get event configuration by resource types", + "privilege": "GetEventConfigurationByResourceTypes", "resource_types": [ { "condition_keys": [], @@ -129532,21 +154152,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list thing groups to which the specified thing belongs", - "privilege": "ListThingGroupsForThing", + "access_level": "Read", + "description": "Grants permission to get the FuotaTask", + "privilege": "GetFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "FuotaTask*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the principals associated with the specified thing", - "privilege": "ListThingPrincipals", + "access_level": "Read", + "description": "Grants permission to get log levels by resource types", + "privilege": "GetLogLevelsByResourceTypes", "resource_types": [ { "condition_keys": [], @@ -129556,9 +154176,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list information about bulk thing registration tasks", - "privilege": "ListThingRegistrationTaskReports", + "access_level": "Read", + "description": "Grants permission to get metric configuration", + "privilege": "GetMetricConfiguration", "resource_types": [ { "condition_keys": [], @@ -129568,9 +154188,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list bulk thing registration tasks", - "privilege": "ListThingRegistrationTasks", + "access_level": "Read", + "description": "Grants permission to get metrics", + "privilege": "GetMetrics", "resource_types": [ { "condition_keys": [], @@ -129580,93 +154200,91 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all thing types", - "privilege": "ListThingTypes", + "access_level": "Read", + "description": "Grants permission to get the MulticastGroup", + "privilege": "GetMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all things", - "privilege": "ListThings", + "access_level": "Read", + "description": "Grants permission to get the MulticastGroup session", + "privilege": "GetMulticastGroupSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all things in the specified billing group", - "privilege": "ListThingsInBillingGroup", + "access_level": "Read", + "description": "Grants permission to get the NetworkAnalyzerConfiguration", + "privilege": "GetNetworkAnalyzerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" + "resource_type": "NetworkAnalyzerConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all things in the specified thing group", - "privilege": "ListThingsInThingGroup", + "access_level": "Read", + "description": "Grants permission to get the associated PartnerAccount", + "privilege": "GetPartnerAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "SidewalkAccount*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all TopicRuleDestinations", - "privilege": "ListTopicRuleDestinations", + "access_level": "Read", + "description": "Grants permission to get position for a given resource", + "privilege": "GetPosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the rules for the specific topic", - "privilege": "ListTopicRules", - "resource_types": [ + "resource_type": "WirelessDevice" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway" } ] }, { - "access_level": "List", - "description": "Grants permission to list tunnels", - "privilege": "ListTunnels", + "access_level": "Read", + "description": "Grants permission to get position configuration for a given resource", + "privilege": "GetPositionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" } ] }, { - "access_level": "List", - "description": "Grants permission to list the v2 logging levels", - "privilege": "ListV2LoggingLevels", + "access_level": "Read", + "description": "Grants permission to get position estimate", + "privilege": "GetPositionEstimate", "resource_types": [ { "condition_keys": [], @@ -129676,259 +154294,233 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the Device Defender security profile violations discovered during the given time period", - "privilege": "ListViolationEvents", + "access_level": "Read", + "description": "Grants permission to get an event configuration for an identifier", + "privilege": "GetResourceEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" + "resource_type": "SidewalkAccount" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to open a tunnel", - "privilege": "OpenTunnel", - "resource_types": [ + "resource_type": "WirelessDevice" + }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iot:ThingGroupArn", - "iot:TunnelDestinationService" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish to the specified topic", - "privilege": "Publish", + "access_level": "Read", + "description": "Grants permission to get resource log level", + "privilege": "GetResourceLogLevel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topic*" + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" } ] }, { - "access_level": "Write", - "description": "Grants permission to put verification state on a violation", - "privilege": "PutVerificationStateOnViolation", + "access_level": "Read", + "description": "Grants permission to get position for a given resource", + "privilege": "GetResourcePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" } ] }, { - "access_level": "Write", - "description": "Grants permission to receive from the specified topic", - "privilege": "Receive", + "access_level": "Read", + "description": "Grants permission to retrieve the customer account specific endpoint for CUPS protocol connection or LoRaWAN Network Server (LNS) protocol connection, and optionally server trust certificate in PEM format", + "privilege": "GetServiceEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topic*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to register a CA certificate with AWS IoT", - "privilege": "RegisterCACertificate", + "access_level": "Read", + "description": "Grants permission to get the ServiceProfile", + "privilege": "GetServiceProfile", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ServiceProfile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register a device certificate with AWS IoT", - "privilege": "RegisterCertificate", + "access_level": "Read", + "description": "Grants permission to get the WirelessDevice", + "privilege": "GetWirelessDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register a device certificate with AWS IoT without a registered CA (certificate authority)", - "privilege": "RegisterCertificateWithoutCA", + "access_level": "Read", + "description": "Grants permission to get the wireless device import task", + "privilege": "GetWirelessDeviceImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ImportTask*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register your thing", - "privilege": "RegisterThing", + "access_level": "Read", + "description": "Grants permission to get statistics info for a given WirelessDevice", + "privilege": "GetWirelessDeviceStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reject a pending certificate transfer", - "privilege": "RejectCertificateTransfer", + "access_level": "Read", + "description": "Grants permission to get the WirelessGateway", + "privilege": "GetWirelessGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove thing from the specified billing group", - "privilege": "RemoveThingFromBillingGroup", + "access_level": "Read", + "description": "Grants permission to get the IoT Core Identity certificate id associated with the WirelessGateway", + "privilege": "GetWirelessGatewayCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove thing from the specified thing group", - "privilege": "RemoveThingFromThingGroup", + "access_level": "Read", + "description": "Grants permission to get Current firmware version and other information for the WirelessGateway", + "privilege": "GetWirelessGatewayFirmwareInformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to replace the specified rule", - "privilege": "ReplaceTopicRule", + "access_level": "Read", + "description": "Grants permission to get statistics info for a given WirelessGateway", + "privilege": "GetWirelessGatewayStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule*" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to publish a retained message to the specified topic", - "privilege": "RetainPublish", + "access_level": "Read", + "description": "Grants permission to get the task for a given WirelessGateway", + "privilege": "GetWirelessGatewayTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topic*" + "resource_type": "WirelessGateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to rotate the access token of a tunnel", - "privilege": "RotateTunnelAccessToken", + "access_level": "Read", + "description": "Grants permission to get the given WirelessGateway task definition", + "privilege": "GetWirelessGatewayTaskDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "tunnel*" - }, - { - "condition_keys": [ - "iot:ThingGroupArn", - "iot:TunnelDestinationService", - "iot:ClientMode" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGatewayTaskDefinition*" } ] }, { "access_level": "Read", - "description": "Grants permission to search IoT fleet index", - "privilege": "SearchIndex", + "description": "Grants permission to list information of available Destinations based on the AWS account", + "privilege": "ListDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the default authorizer. This will be used if a websocket connection is made without specifying an authorizer", - "privilege": "SetDefaultAuthorizer", + "access_level": "Read", + "description": "Grants permission to list information of available DeviceProfiles based on the AWS account", + "privilege": "ListDeviceProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the specified version of the specified policy as the policy's default (operative) version", - "privilege": "SetDefaultPolicyVersion", + "access_level": "Read", + "description": "Grants permission to list information of devices by wireless device import task based on the AWS account", + "privilege": "ListDevicesForWirelessDeviceImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "ImportTask*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the logging options", - "privilege": "SetLoggingOptions", + "access_level": "Read", + "description": "Grants permission to list information of available event configurations based on the AWS account", + "privilege": "ListEventConfigurations", "resource_types": [ { "condition_keys": [], @@ -129938,9 +154530,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to set the v2 logging level", - "privilege": "SetV2LoggingLevel", + "access_level": "Read", + "description": "Grants permission to list information of available FuotaTasks based on the AWS account", + "privilege": "ListFuotaTasks", "resource_types": [ { "condition_keys": [], @@ -129950,9 +154542,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to set the v2 logging options", - "privilege": "SetV2LoggingOptions", + "access_level": "Read", + "description": "Grants permission to list information of available MulticastGroups based on the AWS account", + "privilege": "ListMulticastGroups", "resource_types": [ { "condition_keys": [], @@ -129962,33 +154554,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a task that applies a set of mitigation actions to the specified target", - "privilege": "StartAuditMitigationActionsTask", + "access_level": "Read", + "description": "Grants permission to list information of available MulticastGroups by FuotaTask based on the AWS account", + "privilege": "ListMulticastGroupsByFuotaTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "FuotaTask*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a Device Defender ML Detect mitigation actions task", - "privilege": "StartDetectMitigationActionsTask", + "access_level": "Read", + "description": "Grants permission to list information of available NetworkAnalyzerConfigurations based on the AWS account", + "privilege": "ListNetworkAnalyzerConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an on-demand Device Defender audit", - "privilege": "StartOnDemandAuditTask", + "access_level": "Read", + "description": "Grants permission to list the available partner accounts", + "privilege": "ListPartnerAccounts", "resource_types": [ { "condition_keys": [], @@ -129998,9 +154590,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start a bulk thing registration task", - "privilege": "StartThingRegistrationTask", + "access_level": "Read", + "description": "Grants permission to list information of available position configurations based on the AWS account", + "privilege": "ListPositionConfigurations", "resource_types": [ { "condition_keys": [], @@ -130010,9 +154602,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to stop a bulk thing registration task", - "privilege": "StopThingRegistrationTask", + "access_level": "Read", + "description": "Grants permission to list the Queued Messages", + "privilege": "ListQueuedMessages", "resource_types": [ { "condition_keys": [], @@ -130022,305 +154614,372 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to subscribe to the specified TopicFilter", - "privilege": "Subscribe", + "access_level": "Read", + "description": "Grants permission to list information of available ServiceProfiles based on the AWS account", + "privilege": "ListServiceProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "topicfilter*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a specified resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list all tags for a given resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "billinggroup" + "resource_type": "Destination" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cacert" + "resource_type": "DeviceProfile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric" + "resource_type": "FuotaTask" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension" + "resource_type": "ImportTask" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domainconfiguration" + "resource_type": "MulticastGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dynamicthinggroup" + "resource_type": "NetworkAnalyzerConfiguration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleetmetric" + "resource_type": "ServiceProfile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" + "resource_type": "SidewalkAccount" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "jobtemplate" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction" + "resource_type": "WirelessGateway" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "otaupdate" - }, + "resource_type": "WirelessGatewayTaskDefinition" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list wireless device import tasks information of based on the AWS account", + "privilege": "ListWirelessDeviceImportTasks", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available WirelessDevices based on the AWS account", + "privilege": "ListWirelessDevices", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "packageversion" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available WirelessGateway task definitions based on the AWS account", + "privilege": "ListWirelessGatewayTaskDefinitions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list information of available WirelessGateways based on the AWS account", + "privilege": "ListWirelessGateways", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put position configuration for a given resource", + "privilege": "PutPositionConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rolealias" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" - }, + "resource_type": "WirelessGateway" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put resource log level", + "privilege": "PutResourceLogLevel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" - }, + "resource_type": "WirelessGateway" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset all resource log levels", + "privilege": "ResetAllResourceLogLevels", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to reset resource log level", + "privilege": "ResetResourceLogLevel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway" } ] }, { - "access_level": "Read", - "description": "Grants permission to test the policies evaluation for group policies", - "privilege": "TestAuthorization", + "access_level": "Write", + "description": "Grants permission to send data to the MulticastGroup", + "privilege": "SendDataToMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert" + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to test invoke the specified custom authorizer for testing purposes", - "privilege": "TestInvokeAuthorizer", + "access_level": "Write", + "description": "Grants permission to send the decrypted application data frame to the target device", + "privilege": "SendDataToWirelessDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer*" + "resource_type": "WirelessDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to transfer the specified certificate to the specified AWS account", - "privilege": "TransferCertificate", + "description": "Grants permission to associate the WirelessDevices with MulticastGroup", + "privilege": "StartBulkAssociateWirelessDeviceWithMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "MulticastGroup*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to bulk disassociate the WirelessDevices from MulticastGroup", + "privilege": "StartBulkDisassociateWirelessDeviceFromMulticastGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "billinggroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cacert" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "custommetric" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dimension" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "domainconfiguration" - }, + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the FuotaTask", + "privilege": "StartFuotaTask", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dynamicthinggroup" - }, + "resource_type": "FuotaTask*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the MulticastGroup session", + "privilege": "StartMulticastGroupSession", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleetmetric" - }, + "resource_type": "MulticastGroup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start NetworkAnalyzer stream", + "privilege": "StartNetworkAnalyzerStream", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job" - }, + "resource_type": "NetworkAnalyzerConfiguration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the single wireless device import task", + "privilege": "StartSingleWirelessDeviceImportTask", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "jobtemplate" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start the wireless device import task", + "privilege": "StartWirelessDeviceImportTask", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction" + "resource_type": "ImportTask*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "otaupdate" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a given resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package" + "resource_type": "Destination" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "packageversion" + "resource_type": "DeviceProfile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" + "resource_type": "FuotaTask" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "provisioningtemplate" + "resource_type": "ImportTask" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rolealias" + "resource_type": "MulticastGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "rule" + "resource_type": "NetworkAnalyzerConfiguration" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit" + "resource_type": "ServiceProfile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile" + "resource_type": "SidewalkAccount" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "WirelessGateway" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thingtype" + "resource_type": "WirelessGatewayTaskDefinition" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -130330,492 +154989,364 @@ }, { "access_level": "Write", - "description": "Grants permission to configure or reconfigure the Device Defender audit settings for this account", - "privilege": "UpdateAccountAuditConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a Device Defender audit suppression", - "privilege": "UpdateAuditSuppression", + "description": "Grants permission to simulate a provisioned device to send an uplink data with payload of 'Hello'", + "privilege": "TestWirelessDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessDevice*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an authorizer", - "privilege": "UpdateAuthorizer", + "access_level": "Tagging", + "description": "Grants permission to remove the given tags from the resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "authorizer*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update information associated with the specified billing group", - "privilege": "UpdateBillingGroup", - "resource_types": [ + "resource_type": "Destination" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "billinggroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a registered CA certificate", - "privilege": "UpdateCACertificate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "cacert*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the status of the specified certificate. This operation is idempotent", - "privilege": "UpdateCertificate", - "resource_types": [ + "resource_type": "DeviceProfile" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "cert*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the specified custom metric", - "privilege": "UpdateCustomMetric", - "resource_types": [ + "resource_type": "FuotaTask" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the definition for a dimension", - "privilege": "UpdateDimension", - "resource_types": [ + "resource_type": "ImportTask" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a domain configuration", - "privilege": "UpdateDomainConfiguration", - "resource_types": [ + "resource_type": "MulticastGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domainconfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a Dynamic Thing Group", - "privilege": "UpdateDynamicThingGroup", - "resource_types": [ + "resource_type": "NetworkAnalyzerConfiguration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dynamicthinggroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update event configurations", - "privilege": "UpdateEventConfigurations", - "resource_types": [ + "resource_type": "ServiceProfile" + }, { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a fleet metric", - "privilege": "UpdateFleetMetric", - "resource_types": [ + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SidewalkAccount" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleetmetric*" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update fleet indexing configuration", - "privilege": "UpdateIndexingConfiguration", - "resource_types": [ + "resource_type": "WirelessGateway" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "WirelessGatewayTaskDefinition" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a job", - "privilege": "UpdateJob", + "description": "Grants permission to update a Destination resource", + "privilege": "UpdateDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "job*" + "resource_type": "Destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the definition for the specified mitigation action", - "privilege": "UpdateMitigationAction", + "description": "Grants permission to update event configuration by resource types", + "privilege": "UpdateEventConfigurationByResourceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mitigationaction*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a package", - "privilege": "UpdatePackage", + "description": "Grants permission to update the FuotaTask", + "privilege": "UpdateFuotaTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iot:GetIndexingConfiguration" - ], - "resource_type": "package*" + "dependent_actions": [], + "resource_type": "FuotaTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the package configuration of the account", - "privilege": "UpdatePackageConfiguration", + "description": "Grants permission to update log levels by resource types", + "privilege": "UpdateLogLevelsByResourceTypes", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the version of the specified package", - "privilege": "UpdatePackageVersion", + "description": "Grants permission to update metric configuration", + "privilege": "UpdateMetricConfiguration", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:GetIndexingConfiguration" - ], - "resource_type": "package*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "packageversion*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a fleet provisioning template", - "privilege": "UpdateProvisioningTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "provisioningtemplate*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the role alias", - "privilege": "UpdateRoleAlias", + "description": "Grants permission to update the MulticastGroup", + "privilege": "UpdateMulticastGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "rolealias*" + "dependent_actions": [], + "resource_type": "MulticastGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a scheduled audit, including what checks are performed and how often the audit takes place", - "privilege": "UpdateScheduledAudit", + "description": "Grants permission to update the NetworkAnalyzerConfiguration", + "privilege": "UpdateNetworkAnalyzerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scheduledaudit*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a Device Defender security profile", - "privilege": "UpdateSecurityProfile", - "resource_types": [ + "resource_type": "MulticastGroup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "securityprofile*" + "resource_type": "NetworkAnalyzerConfiguration*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "custommetric" + "resource_type": "WirelessDevice*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dimension" + "resource_type": "WirelessGateway*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the data for a stream", - "privilege": "UpdateStream", + "description": "Grants permission to update a partner account", + "privilege": "UpdatePartnerAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "SidewalkAccount*" } ] }, { "access_level": "Write", - "description": "Grants permission to update information associated with the specified thing", - "privilege": "UpdateThing", + "description": "Grants permission to update position for a given resource", + "privilege": "UpdatePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" } ] }, { "access_level": "Write", - "description": "Grants permission to update information associated with the specified thing group", - "privilege": "UpdateThingGroup", + "description": "Grants permission to update an event configuration for an identifier", + "privilege": "UpdateResourceEventConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup*" + "resource_type": "SidewalkAccount" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessDevice" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WirelessGateway" } ] }, { "access_level": "Write", - "description": "Grants permission to update the thing groups to which the thing belongs", - "privilege": "UpdateThingGroupsForThing", + "description": "Grants permission to update position for a given resource", + "privilege": "UpdateResourcePosition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "WirelessDevice" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thinggroup" + "resource_type": "WirelessGateway" } ] }, { "access_level": "Write", - "description": "Grants permission to update the thing shadow", - "privilege": "UpdateThingShadow", + "description": "Grants permission to update a WirelessDevice resource", + "privilege": "UpdateWirelessDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "WirelessDevice*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a TopicRuleDestination", - "privilege": "UpdateTopicRuleDestination", + "description": "Grants permission to update a wireless device import task", + "privilege": "UpdateWirelessDeviceImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" + "resource_type": "ImportTask*" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate a Device Defender security profile behaviors specification", - "privilege": "ValidateSecurityProfileBehaviors", + "access_level": "Write", + "description": "Grants permission to update a WirelessGateway resource", + "privilege": "UpdateWirelessGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "WirelessGateway*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iot:${Region}:${Account}:client/${ClientId}", - "condition_keys": [], - "resource": "client" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:index/${IndexName}", - "condition_keys": [], - "resource": "index" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:fleetmetric/${FleetMetricName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDevice/${WirelessDeviceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "fleetmetric" + "resource": "WirelessDevice" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:job/${JobId}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessGateway/${WirelessGatewayId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "job" + "resource": "WirelessGateway" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:jobtemplate/${JobTemplateId}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:DeviceProfile/${DeviceProfileId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "jobtemplate" + "resource": "DeviceProfile" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:tunnel/${TunnelId}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:ServiceProfile/${ServiceProfileId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "tunnel" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", - "condition_keys": [], - "resource": "thing" + "resource": "ServiceProfile" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:Destination/${DestinationName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "thinggroup" + "resource": "Destination" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:billinggroup/${BillingGroupName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:SidewalkAccount/${SidewalkAccountId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "billinggroup" + "resource": "SidewalkAccount" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessGatewayTaskDefinition/${WirelessGatewayTaskDefinitionId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "dynamicthinggroup" + "resource": "WirelessGatewayTaskDefinition" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thingtype/${ThingTypeName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:FuotaTask/${FuotaTaskId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "thingtype" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:topic/${TopicName}", - "condition_keys": [], - "resource": "topic" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:topicfilter/${TopicFilter}", - "condition_keys": [], - "resource": "topicfilter" + "resource": "FuotaTask" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:rolealias/${RoleAlias}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:MulticastGroup/${MulticastGroupId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "rolealias" + "resource": "MulticastGroup" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:authorizer/${AuthorizerName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:NetworkAnalyzerConfiguration/${NetworkAnalyzerConfigurationName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "authorizer" + "resource": "NetworkAnalyzerConfiguration" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:policy/${PolicyName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "policy" + "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "condition_keys": [], + "resource": "thing" }, { "arn": "arn:${Partition}:iot:${Region}:${Account}:cert/${Certificate}", @@ -130823,112 +155354,119 @@ "resource": "cert" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:cacert/${CACertificate}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cacert" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:stream/${StreamId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stream" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:otaupdate/${OtaUpdateId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "otaupdate" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:scheduledaudit/${ScheduleName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "scheduledaudit" - }, - { - "arn": "arn:${Partition}:iot:${Region}:${Account}:mitigationaction/${MitigationActionName}", + "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:ImportTask/${ImportTaskId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "mitigationaction" - }, + "resource": "ImportTask" + } + ], + "service_name": "AWS IoT Wireless" + }, + { + "conditions": [], + "prefix": "iq", + "privileges": [ { - "arn": "arn:${Partition}:iot:${Region}:${Account}:securityprofile/${SecurityProfileName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "securityprofile" + "access_level": "Write", + "description": "Grants permission to accept an incoming voice/video call", + "privilege": "AcceptCall", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "call*" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:custommetric/${MetricName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "custommetric" + "access_level": "Write", + "description": "Grants permission to approve a payment request", + "privilege": "ApprovePaymentRequest", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "paymentRequest*" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:dimension/${DimensionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dimension" + "access_level": "Write", + "description": "Grants permission to approve a proposal", + "privilege": "ApproveProposal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "proposal*" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:rule/${RuleName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "rule" + "access_level": "Write", + "description": "Grants permission to archive a conversation", + "privilege": "ArchiveConversation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "conversation*" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:destination/${DestinationType}/${Uuid}", - "condition_keys": [], - "resource": "destination" + "access_level": "Write", + "description": "Grants permission to complete a proposal", + "privilege": "CompleteProposal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "proposal*" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:provisioningtemplate/${ProvisioningTemplate}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "provisioningtemplate" + "access_level": "Write", + "description": "Grants permission to respond to a request or send a direct message to initiate a conversation", + "privilege": "CreateConversation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domainconfiguration" + "access_level": "Write", + "description": "Grants permission to create an expert profile", + "privilege": "CreateExpert", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:package/${PackageName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "package" + "access_level": "Write", + "description": "Grants permission to create a listing", + "privilege": "CreateListing", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:package/${PackageName}/version/${VersionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "packageversion" - } - ], - "service_name": "AWS IoT" - }, - { - "conditions": [], - "prefix": "iot-device-tester", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to IoT Device Tester to check if a given set of product, test suite and device tester version are compatible", - "privilege": "CheckVersion", + "access_level": "Write", + "description": "Grants permission to create a milestone proposal", + "privilege": "CreateMilestoneProposal", "resource_types": [ { "condition_keys": [], @@ -130938,9 +155476,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to IoT Device Tester to download compatible test suite versions", - "privilege": "DownloadTestSuite", + "access_level": "Write", + "description": "Grants permission to create a payment request", + "privilege": "CreatePaymentRequest", "resource_types": [ { "condition_keys": [], @@ -130950,9 +155488,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to IoT Device Tester to get information on latest version of device tester available", - "privilege": "LatestIdt", + "access_level": "Write", + "description": "Grants permission to submit new requests", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], @@ -130963,8 +155501,8 @@ }, { "access_level": "Write", - "description": "Grants permission to IoT Device Tester to send usage metrics on your behalf", - "privilege": "SendMetrics", + "description": "Grants permission to submit new requests", + "privilege": "CreateRequest", "resource_types": [ { "condition_keys": [], @@ -130974,9 +155512,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to IoT Device Tester to get list of supported products and test suite versions", - "privilege": "SupportedVersion", + "access_level": "Write", + "description": "Grants permission to create a scheduled proposal", + "privilege": "CreateScheduledProposal", "resource_types": [ { "condition_keys": [], @@ -130984,840 +155522,884 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS IoT Device Tester" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to create a seller profile", + "privilege": "CreateSeller", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "iot1click", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a device to a placement", - "privilege": "AssociateDeviceWithPlacement", + "description": "Grants permission to create an upfront proposal", + "privilege": "CreateUpfrontProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to claim a batch of devices with a claim code", - "privilege": "ClaimDevicesByClaimCode", + "access_level": "Write", + "description": "Grants permission to decline an incoming voice/video call", + "privilege": "DeclineCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "call*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new placement in a project", - "privilege": "CreatePlacement", + "description": "Grants permission to delete an existing attachment", + "privilege": "DeleteAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "attachment*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new project", - "privilege": "CreateProject", + "description": "Grants permission to disable individual public profile page", + "privilege": "DisableIndividualPublicProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - }, + "resource_type": "expert*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to download existing attachment", + "privilege": "DownloadAttachment", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a placement from a project", - "privilege": "DeletePlacement", + "description": "Grants permission to enable individual public profile page", + "privilege": "EnableIndividualPublicProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "expert*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", + "description": "Grants permission to end a voice/video call", + "privilege": "EndCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "call*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a device", - "privilege": "DescribeDevice", + "description": "Grants permission to read buyer information", + "privilege": "GetBuyer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "buyer*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a placement", - "privilege": "DescribePlacement", + "description": "Grants permission to read details of a voice/video call", + "privilege": "GetCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "call*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a project", - "privilege": "DescribeProject", + "description": "Grants permission to read the chat environment details about a conversation", + "privilege": "GetChatInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "conversation*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a device from a placement", - "privilege": "DisassociateDeviceFromPlacement", + "access_level": "Read", + "description": "Grants permission to read chat messages in a conversation", + "privilege": "GetChatMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "conversation*" } ] }, { "access_level": "Read", - "description": "Grants permission to finalize a device claim", - "privilege": "FinalizeDeviceClaim", + "description": "Grants permission to request a websocket token for the conversation notifications", + "privilege": "GetChatToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, + "resource_type": "token*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read chat messages in a company conversation", + "privilege": "GetCompanyChatMessages", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "conversation*" } ] }, { "access_level": "Read", - "description": "Grants permission to get available methods of a device", - "privilege": "GetDeviceMethods", + "description": "Grants permission to read a company profile", + "privilege": "GetCompanyProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "company*" } ] }, { "access_level": "Read", - "description": "Grants permission to get devices associated to a placement", - "privilege": "GetDevicesInPlacement", + "description": "Grants permission to read details of a conversation", + "privilege": "GetConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "conversation*" } ] }, { "access_level": "Read", - "description": "Grants permission to initialize a device claim", - "privilege": "InitiateDeviceClaim", + "description": "Grants permission to read expert information", + "privilege": "GetExpert", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "expert*" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke a device method", - "privilege": "InvokeDeviceMethod", + "access_level": "Read", + "description": "Grants permission to read a listing", + "privilege": "GetListing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "listing*" } ] }, { "access_level": "Read", - "description": "Grants permission to list past events published by a device", - "privilege": "ListDeviceEvents", + "description": "Grants permission to read a seller profile information", + "privilege": "GetMarketplaceSeller", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "seller*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all devices", - "privilege": "ListDevices", + "access_level": "Read", + "description": "Grants permission to read a payment request", + "privilege": "GetPaymentRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "paymentRequest*" } ] }, { "access_level": "Read", - "description": "Grants permission to list placements in a project", - "privilege": "ListPlacements", + "description": "Grants permission to read a proposal", + "privilege": "GetProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "proposal*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all projects", - "privilege": "ListProjects", + "access_level": "Read", + "description": "Grants permission to get a created request", + "privilege": "GetRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "request*" } ] }, { "access_level": "Read", - "description": "Grants permission to lists the tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to read a review for an expert", + "privilege": "GetReview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "seller*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to hide a request", + "privilege": "HideRequest", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "request*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or modify the tags of a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to start a voice/video call", + "privilege": "InitiateCall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to link an AWS certification to individual profile", + "privilege": "LinkAwsCertification", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" - }, + "resource_type": "expert*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list existing attachments", + "privilege": "ListAttachments", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { "access_level": "Read", - "description": "Grants permission to unclaim a device", - "privilege": "UnclaimDevice", + "description": "Grants permission to list existing conversations", + "privilege": "ListConversations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "conversation*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to list access logs of expert activity", + "privilege": "ListExpertAccessLogs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "permission*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list listings", + "privilege": "ListListings", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "listing*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list payment requests", + "privilege": "ListPaymentRequests", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "paymentRequest" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "paymentSchedule" } ] }, { - "access_level": "Write", - "description": "Grants permission to update device state", - "privilege": "UpdateDeviceState", + "access_level": "Read", + "description": "Grants permission to list proposals", + "privilege": "ListProposals", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "proposal*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a placement", - "privilege": "UpdatePlacement", + "access_level": "Read", + "description": "Grants permission to list requests that are created", + "privilege": "ListRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "request*" } ] }, { - "access_level": "Write", - "description": "Update a project", - "privilege": "UpdateProject", + "access_level": "Read", + "description": "Grants permission to list reviews for an expert", + "privilege": "ListReviews", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "seller*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iot1click:${Region}:${Account}:devices/${DeviceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "device" - }, - { - "arn": "arn:${Partition}:iot1click:${Region}:${Account}:projects/${ProjectName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "project" - } - ], - "service_name": "AWS IoT 1-Click" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", - "type": "ArrayOfString" }, - { - "condition": "iotanalytics:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" - } - ], - "prefix": "iotanalytics", - "privileges": [ { "access_level": "Write", - "description": "Puts a batch of messages into the specified channel", - "privilege": "BatchPutMessage", + "description": "Grants permission to mark a message as read in a conversation", + "privilege": "MarkChatMessageRead", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "conversation*" } ] }, { "access_level": "Write", - "description": "Cancels reprocessing for the specified pipeline", - "privilege": "CancelPipelineReprocessing", + "description": "Grants permission to reject a payment request", + "privilege": "RejectPaymentRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "paymentRequest*" } ] }, { "access_level": "Write", - "description": "Creates a channel", - "privilege": "CreateChannel", + "description": "Grants permission to reject a proposal", + "privilege": "RejectProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "proposal*" } ] }, { "access_level": "Write", - "description": "Creates a dataset", - "privilege": "CreateDataset", + "description": "Grants permission to send a message in a conversation as a company", + "privilege": "SendCompanyChatMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "conversation*" } ] }, { "access_level": "Write", - "description": "Generates content from the specified dataset (by executing the dataset actions)", - "privilege": "CreateDatasetContent", + "description": "Grants permission to send a message in a conversation as an individual", + "privilege": "SendIndividualChatMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "conversation*" } ] }, { "access_level": "Write", - "description": "Creates a datastore", - "privilege": "CreateDatastore", + "description": "Grants permission to unarchive a conversation", + "privilege": "UnarchiveConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "conversation*" } ] }, { "access_level": "Write", - "description": "Creates a pipeline", - "privilege": "CreatePipeline", + "description": "Grants permission to unlink an AWS certification from individual profile", + "privilege": "UnlinkAwsCertification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "expert*" } ] }, { "access_level": "Write", - "description": "Deletes the specified channel", - "privilege": "DeleteChannel", + "description": "Grants permission to update a company profile", + "privilege": "UpdateCompanyProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "company*" } ] }, { "access_level": "Write", - "description": "Deletes the specified dataset", - "privilege": "DeleteDataset", + "description": "Grants permission to add more participants into a conversation", + "privilege": "UpdateConversationMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "conversation*" } ] }, { "access_level": "Write", - "description": "Deletes the content of the specified dataset", - "privilege": "DeleteDatasetContent", + "description": "Grants permission to update an expert information", + "privilege": "UpdateExpert", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "expert*" } ] }, { "access_level": "Write", - "description": "Deletes the specified datastore", - "privilege": "DeleteDatastore", + "description": "Grants permission to update a listing", + "privilege": "UpdateListing", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "listing*" } ] }, { "access_level": "Write", - "description": "Deletes the specified pipeline", - "privilege": "DeletePipeline", + "description": "Grants permission to update a request", + "privilege": "UpdateRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "request*" } ] }, { - "access_level": "Read", - "description": "Describes the specified channel", - "privilege": "DescribeChannel", + "access_level": "Write", + "description": "Grants permission to upload an attachment", + "privilege": "UploadAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Describes the specified dataset", - "privilege": "DescribeDataset", + "access_level": "Write", + "description": "Grants permission to withdraw a payment request", + "privilege": "WithdrawPaymentRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "paymentRequest*" } ] }, { - "access_level": "Read", - "description": "Describes the specified datastore", - "privilege": "DescribeDatastore", + "access_level": "Write", + "description": "Grants permission to withdraw a proposal", + "privilege": "WithdrawProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "proposal*" } ] }, { - "access_level": "Read", - "description": "Describes logging options for the the account", - "privilege": "DescribeLoggingOptions", + "access_level": "Write", + "description": "Grants permission to write a review for an expert", + "privilege": "WriteReview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "seller*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iq:${Region}::conversation/${ConversationId}", + "condition_keys": [], + "resource": "conversation" }, { - "access_level": "Read", - "description": "Describes the specified pipeline", - "privilege": "DescribePipeline", + "arn": "arn:${Partition}:iq:${Region}::buyer/${BuyerId}", + "condition_keys": [], + "resource": "buyer" + }, + { + "arn": "arn:${Partition}:iq:${Region}::expert/${ExpertId}", + "condition_keys": [], + "resource": "expert" + }, + { + "arn": "arn:${Partition}:iq:${Region}::call/${CallId}", + "condition_keys": [], + "resource": "call" + }, + { + "arn": "arn:${Partition}:iq:${Region}::token/${TokenId}", + "condition_keys": [], + "resource": "token" + }, + { + "arn": "arn:${Partition}:iq:${Region}::proposal/${ConversationId}/${ProposalId}", + "condition_keys": [], + "resource": "proposal" + }, + { + "arn": "arn:${Partition}:iq:${Region}::paymentRequest/${ConversationId}/${ProposalId}/${PaymentRequestId}", + "condition_keys": [], + "resource": "paymentRequest" + }, + { + "arn": "arn:${Partition}:iq:${Region}::paymentSchedule/${ConversationId}/${ProposalId}/${VersionId}", + "condition_keys": [], + "resource": "paymentSchedule" + }, + { + "arn": "arn:${Partition}:iq:${Region}::seller/${SellerAwsAccountId}", + "condition_keys": [], + "resource": "seller" + }, + { + "arn": "arn:${Partition}:iq:${Region}::company/${CompanyId}", + "condition_keys": [], + "resource": "company" + }, + { + "arn": "arn:${Partition}:iq:${Region}::request/${RequestId}", + "condition_keys": [], + "resource": "request" + }, + { + "arn": "arn:${Partition}:iq:${Region}::listing/${ListingId}", + "condition_keys": [], + "resource": "listing" + }, + { + "arn": "arn:${Partition}:iq:${Region}::attachment/${AttachmentId}", + "condition_keys": [], + "resource": "attachment" + }, + { + "arn": "arn:${Partition}:iq-permission:${Region}::permission/${PermissionRequestId}", + "condition_keys": [], + "resource": "permission" + } + ], + "service_name": "AWS IQ" + }, + { + "conditions": [], + "prefix": "iq-permission", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to approve a permission request", + "privilege": "ApproveAccessGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "permission*" } ] }, { - "access_level": "Read", - "description": "Gets the content of the specified dataset", - "privilege": "GetDatasetContent", + "access_level": "Write", + "description": "Grants permission to approve a permission request", + "privilege": "ApprovePermissionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "permission*" } ] - }, - { - "access_level": "List", - "description": "Lists the channels for the account", - "privilege": "ListChannels", + }, + { + "access_level": "Write", + "description": "Grants permission to obtain a set of temporary security credentials for experts which they can use to access buyers' AWS resources", + "privilege": "AssumePermissionRole", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "permission*" } ] }, { - "access_level": "List", - "description": "Lists information about dataset contents that have been created", - "privilege": "ListDatasetContents", + "access_level": "Write", + "description": "Grants permission to create a permission request", + "privilege": "CreatePermissionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "permission*" } ] }, { - "access_level": "List", - "description": "Lists the datasets for the account", - "privilege": "ListDatasets", + "access_level": "Read", + "description": "Grants permission to get a permission request", + "privilege": "GetPermissionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "permission*" } ] }, { - "access_level": "List", - "description": "Lists the datastores for the account", - "privilege": "ListDatastores", + "access_level": "Read", + "description": "Grants permission to list permission requests", + "privilege": "ListPermissionRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "permission*" } ] }, { - "access_level": "List", - "description": "Lists the pipelines for the account", - "privilege": "ListPipelines", + "access_level": "Write", + "description": "Grants permission to reject a permission request", + "privilege": "RejectPermissionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "permission*" } ] }, { - "access_level": "Read", - "description": "Lists the tags (metadata) which you have assigned to the resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to revoke a permission request which was previously approved", + "privilege": "RevokePermissionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipeline" + "resource_type": "permission*" } ] }, { "access_level": "Write", - "description": "Puts logging options for the the account", - "privilege": "PutLoggingOptions", + "description": "Grants permission to withdraw a permission request that has not been approved or declined", + "privilege": "WithdrawPermissionRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "permission*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:iq-permission:${Region}::permission/${PermissionRequestId}", + "condition_keys": [], + "resource": "permission" + } + ], + "service_name": "AWS IQ Permissions" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags associated with the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "ivs", + "privileges": [ { "access_level": "Read", - "description": "Runs the specified pipeline activity", - "privilege": "RunPipelineActivity", + "description": "Grants permission to get multiple channels simultaneously by channel ARN", + "privilege": "BatchGetChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { "access_level": "Read", - "description": "Samples the specified channel's data", - "privilege": "SampleChannelData", + "description": "Grants permission to get multiple stream keys simultaneously by stream key ARN", + "privilege": "BatchGetStreamKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "Stream-Key*" } ] }, { "access_level": "Write", - "description": "Starts reprocessing for the specified pipeline", - "privilege": "StartPipelineReprocessing", + "description": "Grants permission to perform StartViewerSessionRevocation on multiple channel ARN and viewer ID pairs simultaneously", + "privilege": "BatchStartViewerSessionRevocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "Channel*" } ] }, { - "access_level": "Tagging", - "description": "Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a new channel and an associated stream key", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datastore" + "resource_type": "Channel*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline" + "resource_type": "Stream-Key*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -131825,34 +156407,39 @@ ] }, { - "access_level": "Tagging", - "description": "Removes the given tags (metadata) from the resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a new encoder configuration", + "privilege": "CreateEncoderConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" + "resource_type": "Encoder-Configuration*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "datastore" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a participant token", + "privilege": "CreateParticipantToken", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline" + "resource_type": "Stage*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -131861,122 +156448,98 @@ }, { "access_level": "Write", - "description": "Updates the specified channel", - "privilege": "UpdateChannel", + "description": "Grants permission to create a playback restriction policy", + "privilege": "CreatePlaybackRestrictionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "Playback-Restriction-Policy*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Updates the specified dataset", - "privilege": "UpdateDataset", + "description": "Grants permission to create a a new recording configuration", + "privilege": "CreateRecordingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "Recording-Configuration*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Updates the specified datastore", - "privilege": "UpdateDatastore", + "description": "Grants permission to create a stage", + "privilege": "CreateStage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datastore*" + "resource_type": "Stage*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Updates the specified pipeline", - "privilege": "UpdatePipeline", + "description": "Grants permission to create a new storage configuration", + "privilege": "CreateStorageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "Storage-Configuration*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:channel/${ChannelName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:dataset/${DatasetName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:datastore/${DatastoreName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "datastore" - }, - { - "arn": "arn:${Partition}:iotanalytics:${Region}:${Account}:pipeline/${PipelineName}", - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotanalytics:ResourceTag/${TagKey}" - ], - "resource": "pipeline" - } - ], - "service_name": "AWS IoT Analytics" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "iotdeviceadvisor", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a suite definition", - "privilege": "CreateSuiteDefinition", + "description": "Grants permission to create a stream key", + "privilege": "CreateStreamKey", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stream-Key*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -131985,387 +156548,287 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a suite definition", - "privilege": "DeleteSuiteDefinition", + "description": "Grants permission to delete a channel and channel's stream keys", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a Device Advisor endpoint", - "privilege": "GetEndpoint", - "resource_types": [ + "resource_type": "Channel*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Stream-Key*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a suite definition", - "privilege": "GetSuiteDefinition", + "access_level": "Write", + "description": "Grants permission to delete an encoder configuration for the specified ARN", + "privilege": "DeleteEncoderConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition*" + "resource_type": "Encoder-Configuration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a suite run", - "privilege": "GetSuiteRun", + "access_level": "Write", + "description": "Grants permission to delete the playback key pair for a specified ARN", + "privilege": "DeletePlaybackKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suiterun*" + "resource_type": "Playback-Key-Pair*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the qualification report for a suite run", - "privilege": "GetSuiteRunReport", + "access_level": "Write", + "description": "Grants permission to delete the playback restriction policy for a specified ARN", + "privilege": "DeletePlaybackRestrictionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suiterun*" + "resource_type": "Playback-Restriction-Policy*" } ] }, { - "access_level": "List", - "description": "Grants permission to list suite definitions", - "privilege": "ListSuiteDefinitions", + "access_level": "Write", + "description": "Grants permission to delete a recording configuration for the specified ARN", + "privilege": "DeleteRecordingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Recording-Configuration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list suite runs", - "privilege": "ListSuiteRuns", + "access_level": "Write", + "description": "Grants permission to delete the stage for a specified ARN", + "privilege": "DeleteStage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition*" + "resource_type": "Stage*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags (metadata) assigned to a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete an storage configuration for the specified ARN", + "privilege": "DeleteStorageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Suiterun" + "resource_type": "Storage-Configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a suite run", - "privilege": "StartSuiteRun", + "description": "Grants permission to delete the stream key for a specified ARN", + "privilege": "DeleteStreamKey", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Stream-Key*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a suite run", - "privilege": "StopSuiteRun", + "description": "Grants permission to disconnect a participant from for the specified stage ARN", + "privilege": "DisconnectParticipant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suiterun*" + "resource_type": "Stage*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add to or modify the tags of the given resource. Tags are metadata which can be used to manage a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get the channel configuration for a specified channel ARN", + "privilege": "GetChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Suiterun" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get the composition for the specified ARN", + "privilege": "GetComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Suiterun" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Composition*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a suite definition", - "privilege": "UpdateSuiteDefinition", + "access_level": "Read", + "description": "Grants permission to get the encoder configuration for the specified ARN", + "privilege": "GetEncoderConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Suitedefinition*" + "resource_type": "Encoder-Configuration*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suitedefinition/${SuiteDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Suitedefinition" - }, - { - "arn": "arn:${Partition}:iotdeviceadvisor:${Region}:${Account}:suiterun/${SuiteDefinitionId}/${SuiteRunId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Suiterun" - } - ], - "service_name": "AWS IoT Core Device Advisor" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions by the tag keys in the request", - "type": "ArrayOfString" }, { - "condition": "iotevents:keyValue", - "description": "Filters access by the instanceId (key-value) of the message", - "type": "String" - } - ], - "prefix": "iotevents", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to send one or more acknowledge action requests to AWS IoT Events", - "privilege": "BatchAcknowledgeAlarm", + "access_level": "Read", + "description": "Grants permission to get participant information for a specified stage ARN, session, and participant", + "privilege": "GetParticipant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Stage*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a detector instance within the AWS IoT Events system", - "privilege": "BatchDeleteDetector", + "access_level": "Read", + "description": "Grants permission to get the playback keypair information for a specified ARN", + "privilege": "GetPlaybackKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "Playback-Key-Pair*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable one or more alarm instances", - "privilege": "BatchDisableAlarm", + "access_level": "Read", + "description": "Grants permission to get the playback restriction policy for a specified ARN", + "privilege": "GetPlaybackRestrictionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Playback-Restriction-Policy*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable one or more alarm instances", - "privilege": "BatchEnableAlarm", + "access_level": "Read", + "description": "Grants permission to get the recording configuration for the specified ARN", + "privilege": "GetRecordingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Recording-Configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send a set of messages to the AWS IoT Events system", - "privilege": "BatchPutMessage", + "access_level": "Read", + "description": "Grants permission to get stage information for a specified ARN", + "privilege": "GetStage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "Stage*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset one or more alarm instances", - "privilege": "BatchResetAlarm", + "access_level": "Read", + "description": "Grants permission to get stage session information for a specified stage ARN and session", + "privilege": "GetStageSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Stage*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change one or more alarm instances to the snooze mode", - "privilege": "BatchSnoozeAlarm", + "access_level": "Read", + "description": "Grants permission to get the storage configuration for the specified ARN", + "privilege": "GetStorageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Storage-Configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a detector instance within the AWS IoT Events system", - "privilege": "BatchUpdateDetector", + "access_level": "Read", + "description": "Grants permission to get information about the active (live) stream on a specified channel", + "privilege": "GetStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "Channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an alarm model to monitor an AWS IoT Events input attribute or an AWS IoT SiteWise asset property", - "privilege": "CreateAlarmModel", + "access_level": "Read", + "description": "Grants permission to get stream-key information for a specified ARN", + "privilege": "GetStreamKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Stream-Key*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a detector model to monitor an AWS IoT Events input attribute", - "privilege": "CreateDetectorModel", + "access_level": "Read", + "description": "Grants permission to get information about the stream session on a specified channel", + "privilege": "GetStreamSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Input in IotEvents", - "privilege": "CreateInput", + "description": "Grants permission to import the public key", + "privilege": "ImportPlaybackKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "Playback-Key-Pair*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -132373,93 +156836,86 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an alarm model", - "privilege": "DeleteAlarmModel", + "access_level": "List", + "description": "Grants permission to get summary information about channels", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a detector model", - "privilege": "DeleteDetectorModel", + "access_level": "List", + "description": "Grants permission to get summary information about compositions", + "privilege": "ListCompositions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an input", - "privilege": "DeleteInput", - "resource_types": [ + "resource_type": "Encoder-Configuration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "Stage" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an alarm instance", - "privilege": "DescribeAlarm", + "access_level": "List", + "description": "Grants permission to get summary information about encoder configurations", + "privilege": "ListEncoderConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an alarm model", - "privilege": "DescribeAlarmModel", + "access_level": "List", + "description": "Grants permission to list participant events for a specified stage ARN, session, and participant", + "privilege": "ListParticipantEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Stage*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retriev information about a detector instance", - "privilege": "DescribeDetector", + "access_level": "List", + "description": "Grants permission to list participants for a specified stage ARN and session", + "privilege": "ListParticipants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "Stage*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a detector model", - "privilege": "DescribeDetectorModel", + "access_level": "List", + "description": "Grants permission to get summary information about playback key pairs", + "privilege": "ListPlaybackKeyPairs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "Playback-Key-Pair*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the detector model analysis information", - "privilege": "DescribeDetectorModelAnalysis", + "access_level": "List", + "description": "Grants permission to get summary information about playback restriction policies", + "privilege": "ListPlaybackRestrictionPolicies", "resource_types": [ { "condition_keys": [], @@ -132469,207 +156925,291 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an information about Input", - "privilege": "DescribeInput", + "access_level": "List", + "description": "Grants permission to get summary information about recording configurations", + "privilege": "ListRecordingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "Recording-Configuration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the current settings of the AWS IoT Events logging options", - "privilege": "DescribeLoggingOptions", + "access_level": "List", + "description": "Grants permission to list stage sessions for a specified stage ARN", + "privilege": "ListStageSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Stage*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the detector model analysis results", - "privilege": "GetDetectorModelAnalysisResults", + "access_level": "List", + "description": "Grants permission to get summary information about stages", + "privilege": "ListStages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Stage*" } ] }, { "access_level": "List", - "description": "Grants permission to list all the versions of an alarm model", - "privilege": "ListAlarmModelVersions", + "description": "Grants permission to get summary information about storage configurations", + "privilege": "ListStorageConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list the alarm models that you created", - "privilege": "ListAlarmModels", + "description": "Grants permission to get summary information about stream keys", + "privilege": "ListStreamKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve information about all alarm instances per alarmModel", - "privilege": "ListAlarms", - "resource_types": [ + "resource_type": "Channel*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel*" + "resource_type": "Stream-Key*" } ] }, { "access_level": "List", - "description": "Grants permission to list all the versions of a detector model", - "privilege": "ListDetectorModelVersions", + "description": "Grants permission to get summary information about streams sessions on a specified channel", + "privilege": "ListStreamSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "Channel*" } ] }, { "access_level": "List", - "description": "Grants permission to list the detector models that you created", - "privilege": "ListDetectorModels", + "description": "Grants permission to get summary information about live streams", + "privilege": "ListStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all detector instances per detectormodel", - "privilege": "ListDetectors", + "access_level": "Read", + "description": "Grants permission to get information about the tags for a specified ARN", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list one or more input routings", - "privilege": "ListInputRoutings", - "resource_types": [ + "resource_type": "Channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Composition" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Encoder-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Playback-Key-Pair" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "Playback-Restriction-Policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Recording-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Storage-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stream-Key" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to lists the inputs you have created", - "privilege": "ListInputs", + "access_level": "Write", + "description": "Grants permission to insert metadata into an RTMP stream for a specified channel", + "privilege": "PutMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags (metadata) which you have assigned to the resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to start a new composition", + "privilege": "StartComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel" + "resource_type": "Encoder-Configuration*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel" + "resource_type": "Stage*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input" + "resource_type": "Channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Storage-Configuration" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set or update the AWS IoT Events logging options", - "privilege": "PutLoggingOptions", + "description": "Grants permission to start the process of revoking the viewer session associated with a specified channel ARN and viewer ID", + "privilege": "StartViewerSessionRevocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the detector model analysis", - "privilege": "StartDetectorModelAnalysis", + "description": "Grants permission to stop the composition for the specified ARN", + "privilege": "StopComposition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Composition*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disconnect a streamer on a specified channel", + "privilege": "StopStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Channel*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to adds to or modifies the tags of the given resource.Tags are metadata which can be used to manage a resource", + "description": "Grants permission to add or update tags for a resource with a specified ARN", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel" + "resource_type": "Channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel" + "resource_type": "Composition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input" + "resource_type": "Encoder-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Playback-Key-Pair" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Playback-Restriction-Policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Recording-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Storage-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stream-Key" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -132678,23 +157218,53 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove the given tags (metadata) from the resource", + "description": "Grants permission to remove tags for a resource with a specified ARN", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alarmModel" + "resource_type": "Channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel" + "resource_type": "Composition" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input" + "resource_type": "Encoder-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Playback-Key-Pair" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Playback-Restriction-Policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Recording-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stage" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Storage-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Stream-Key" }, { "condition_keys": [ @@ -132707,175 +157277,330 @@ }, { "access_level": "Write", - "description": "Grants permission to update an alarm model", - "privilege": "UpdateAlarmModel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "alarmModel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a detector model", - "privilege": "UpdateDetectorModel", + "description": "Grants permission to update a channel's configuration", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "detectorModel*" + "resource_type": "Channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an input", - "privilege": "UpdateInput", + "description": "Grants permission to update a playback restriction policy for a specified ARN", + "privilege": "UpdatePlaybackRestrictionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "Playback-Restriction-Policy*" } ] }, { "access_level": "Write", - "description": "Grants permission to update input routing", - "privilege": "UpdateInputRouting", + "description": "Grants permission to update a stage's configuration", + "privilege": "UpdateStage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "Stage*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotevents:${Region}:${Account}:detectorModel/${DetectorModelName}", + "arn": "arn:${Partition}:ivs:${Region}:${Account}:channel/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "detectorModel" + "resource": "Channel" }, { - "arn": "arn:${Partition}:iotevents:${Region}:${Account}:alarmModel/${AlarmModelName}", + "arn": "arn:${Partition}:ivs:${Region}:${Account}:stream-key/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "alarmModel" + "resource": "Stream-Key" }, { - "arn": "arn:${Partition}:iotevents:${Region}:${Account}:input/${InputName}", + "arn": "arn:${Partition}:ivs:${Region}:${Account}:playback-key/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "input" + "resource": "Playback-Key-Pair" + }, + { + "arn": "arn:${Partition}:ivs:${Region}:${Account}:playback-restriction-policy/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Playback-Restriction-Policy" + }, + { + "arn": "arn:${Partition}:ivs:${Region}:${Account}:recording-configuration/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Recording-Configuration" + }, + { + "arn": "arn:${Partition}:ivs:${Region}:${Account}:stage/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Stage" + }, + { + "arn": "arn:${Partition}:ivs:${Region}:${Account}:composition/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Composition" + }, + { + "arn": "arn:${Partition}:ivs:${Region}:${Account}:encoder-configuration/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Encoder-Configuration" + }, + { + "arn": "arn:${Partition}:ivs:${Region}:${Account}:storage-configuration/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Storage-Configuration" } ], - "service_name": "AWS IoT Events" + "service_name": "Amazon Interactive Video Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", + "description": "Filters access by the tags associated with the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions by the tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "iotfleethub", + "prefix": "ivschat", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an application", - "privilege": "CreateApplication", + "description": "Grants permission to create an encrypted token that is used to establish an individual WebSocket connection to a room", + "privilege": "CreateChatToken", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a logging configuration that allows clients to record room messages", + "privilege": "CreateLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Logging-Configuration*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a room that allows clients to connect and pass messages", + "privilege": "CreateRoom", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the logging configuration for a specified logging configuration ARN", + "privilege": "DeleteLoggingConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Logging-Configuration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send an event to a specific room which directs clients to delete a specific message", + "privilege": "DeleteMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the room for a specified room ARN", + "privilege": "DeleteRoom", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disconnect all connections using a specified user ID from a room", + "privilege": "DisconnectUser", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "sso:CreateManagedApplicationInstance", - "sso:DescribeRegisteredRegions" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApplication", + "access_level": "Read", + "description": "Grants permission to get the logging configuration for a specified logging configuration ARN", + "privilege": "GetLoggingConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "application*" + "dependent_actions": [], + "resource_type": "Logging-Configuration*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an application", - "privilege": "DescribeApplication", + "description": "Grants permission to get the room configuration for a specified room ARN", + "privilege": "GetRoom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "Room*" } ] }, { "access_level": "List", - "description": "Grants permission to list all applications", - "privilege": "ListApplications", + "description": "Grants permission to get summary information about logging configurations", + "privilege": "ListLoggingConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Logging-Configuration*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get summary information about rooms", + "privilege": "ListRooms", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all tags for a resource", + "description": "Grants permission to get information about the tags for a specified ARN", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "Room" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send an event to a room", + "privilege": "SendEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource", + "description": "Grants permission to add or update tags for a resource with a specified ARN", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "Logging-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room" }, { "condition_keys": [ @@ -132889,13 +157614,18 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", + "description": "Grants permission to remove tags for a resource with a specified ARN", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application" + "resource_type": "Logging-Configuration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room" }, { "condition_keys": [ @@ -132908,27 +157638,46 @@ }, { "access_level": "Write", - "description": "Grants permission to update an application", - "privilege": "UpdateApplication", + "description": "Grants permission to update the logging configuration for a specified logging configuration ARN", + "privilege": "UpdateLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "Logging-Configuration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the room configuration for a specified room ARN", + "privilege": "UpdateRoom", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Room*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotfleethub:${Region}:${Account}:application/${ApplicationId}", + "arn": "arn:${Partition}:ivschat:${Region}:${Account}:room/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "application" + "resource": "Room" + }, + { + "arn": "arn:${Partition}:ivschat:${Region}:${Account}:logging-configuration/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Logging-Configuration" } ], - "service_name": "AWS IoT Fleet Hub for Device Management" + "service_name": "Amazon Interactive Video Service Chat" }, { "conditions": [ @@ -132948,123 +157697,65 @@ "type": "ArrayOfString" }, { - "condition": "iotfleetwise:DestinationArn", - "description": "Filters access by campaign destination ARN, eg. an S3 bucket ARN or a Timestream ARN", - "type": "String" - }, - { - "condition": "iotfleetwise:UpdateToDecoderManifestArn", - "description": "Filters access by a list of IoT FleetWise Decoder Manifest ARNs", - "type": "String" - }, - { - "condition": "iotfleetwise:UpdateToModelManifestArn", - "description": "Filters access by a list of IoT FleetWise Model Manifest ARNs", - "type": "String" + "condition": "kafka:publicAccessEnabled", + "description": "Filters access by the presence of public access enabled in the request", + "type": "Bool" } ], - "prefix": "iotfleetwise", + "prefix": "kafka", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate the given vehicle to a fleet", - "privilege": "AssociateVehicleFleet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a batch of vehicles", - "privilege": "BatchCreateVehicle", + "description": "Grants permission to associate one or more Scram Secrets with an Amazon MSK cluster", + "privilege": "BatchAssociateScramSecret", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iot:CreateThing", - "iot:DescribeThing" - ], - "resource_type": "decodermanifest*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "modelmanifest*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "kms:CreateGrant", + "kms:RetireGrant" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a batch of vehicles", - "privilege": "BatchUpdateVehicle", + "description": "Grants permission to disassociate one or more Scram Secrets from an Amazon MSK cluster", + "privilege": "BatchDisassociateScramSecret", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "decodermanifest" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "modelmanifest" - }, - { - "condition_keys": [ - "iotfleetwise:UpdateToModelManifestArn", - "iotfleetwise:UpdateToDecoderManifestArn" + "dependent_actions": [ + "kms:RetireGrant" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a campaign", - "privilege": "CreateCampaign", + "description": "Grants permission to create an MSK cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "signalcatalog*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kms:CreateGrant", + "kms:DescribeKey" + ], + "resource_type": "cluster*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "iotfleetwise:DestinationArn" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -133073,13 +157764,27 @@ }, { "access_level": "Write", - "description": "Grants permission to create a decoder manifest for an existing model", - "privilege": "CreateDecoderManifest", + "description": "Grants permission to create an MSK cluster", + "privilege": "CreateClusterV2", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "modelmanifest*" + "dependent_actions": [ + "ec2:CreateTags", + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy", + "kms:CreateGrant", + "kms:DescribeKey" + ], + "resource_type": "cluster*" }, { "condition_keys": [ @@ -133093,49 +157798,36 @@ }, { "access_level": "Write", - "description": "Grants permission to create a fleet", - "privilege": "CreateFleet", + "description": "Grants permission to create an MSK configuration", + "privilege": "CreateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a model manifest definition", - "privilege": "CreateModelManifest", + "description": "Grants permission to create a MSK replicator", + "privilege": "CreateReplicator", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "signalcatalog*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "iam:PutRolePolicy", + "kafka:DescribeClusterV2", + "kafka:GetBootstrapBrokers" ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a signal catalog", - "privilege": "CreateSignalCatalog", - "resource_types": [ + "resource_type": "replicator*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -133148,21 +157840,29 @@ }, { "access_level": "Write", - "description": "Grants permission to create a vehicle", - "privilege": "CreateVehicle", + "description": "Grants permission to create a MSK VPC connection", + "privilege": "CreateVpcConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iot:CreateThing", - "iot:DescribeThing" + "ec2:CreateTags", + "ec2:CreateVpcEndpoint", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" ], - "resource_type": "decodermanifest*" + "resource_type": "cluster*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest*" + "resource_type": "vpc-connection*" }, { "condition_keys": [ @@ -133176,268 +157876,243 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a campaign", - "privilege": "DeleteCampaign", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the given decoder manifest", - "privilege": "DeleteDecoderManifest", + "description": "Grants permission to delete an MSK cluster", + "privilege": "DeleteCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "decodermanifest*" + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a fleet", - "privilege": "DeleteFleet", + "description": "Grants permission to delete a cluster resource-based policy", + "privilege": "DeleteClusterPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the given model manifest", - "privilege": "DeleteModelManifest", + "description": "Grants permission to delete the specified MSK configuration", + "privilege": "DeleteConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest*" + "resource_type": "configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specific signal catalog", - "privilege": "DeleteSignalCatalog", + "description": "Grants permission to delete a MSK replicator", + "privilege": "DeleteReplicator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog*" + "resource_type": "replicator*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a vehicle", - "privilege": "DeleteVehicle", + "description": "Grants permission to delete a MSK VPC connection", + "privilege": "DeleteVpcConnection", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "vpc-connection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a vehicle from an existing fleet", - "privilege": "DisassociateVehicleFleet", + "access_level": "Read", + "description": "Grants permission to describe an MSK cluster", + "privilege": "DescribeCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to get summary information for a given campaign", - "privilege": "GetCampaign", + "description": "Grants permission to describe the cluster operation that is specified by the given ARN", + "privilege": "DescribeClusterOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get summary information for a given decoder manifest definition", - "privilege": "GetDecoderManifest", + "description": "Grants permission to describe the cluster operation that is specified by the given ARN", + "privilege": "DescribeClusterOperationV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "decodermanifest*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get summary information for a fleet", - "privilege": "GetFleet", + "description": "Grants permission to describe an MSK cluster", + "privilege": "DescribeClusterV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the logging options for the AWS account", - "privilege": "GetLoggingOptions", + "description": "Grants permission to describe an MSK configuration", + "privilege": "DescribeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuration*" } ] }, { "access_level": "Read", - "description": "Grants permission to get summary information for a given model manifest definition", - "privilege": "GetModelManifest", + "description": "Grants permission to describe an MSK configuration revision", + "privilege": "DescribeConfigurationRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest*" + "resource_type": "configuration*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the account registration status with IoT FleetWise", - "privilege": "GetRegisterAccountStatus", + "description": "Grants permission to describe a MSK replicator", + "privilege": "DescribeReplicator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "replicator*" } ] }, { "access_level": "Read", - "description": "Grants permission to get summary information for a specific signal catalog", - "privilege": "GetSignalCatalog", + "description": "Grants permission to describe a MSK VPC connection", + "privilege": "DescribeVpcConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog*" + "resource_type": "vpc-connection*" } ] }, { "access_level": "Read", - "description": "Grants permission to get summary information for a vehicle", - "privilege": "GetVehicle", + "description": "Grants permission to get connection details for the brokers in an MSK cluster", + "privilege": "GetBootstrapBrokers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vehicle*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the status of the campaigns running on a specific vehicle", - "privilege": "GetVehicleStatus", + "description": "Grants permission to describe a cluster resource-based policy", + "privilege": "GetClusterPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vehicle*" + "resource_type": "cluster*" } ] }, { - "access_level": "Write", - "description": "Grants permission to import an existing decoder manifest", - "privilege": "ImportDecoderManifest", + "access_level": "List", + "description": "Grants permission to get a list of the Apache Kafka versions to which you can update an MSK cluster", + "privilege": "GetCompatibleKafkaVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "decodermanifest*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a signal catalog by importing existing definitions", - "privilege": "ImportSignalCatalog", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list campaigns", - "privilege": "ListCampaigns", + "access_level": "List", + "description": "Grants permission to list all MSK VPC connections created for a cluster", + "privilege": "ListClientVpcConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "List", - "description": "Grants permission to list network interfaces associated to the existing decoder manifest", - "privilege": "ListDecoderManifestNetworkInterfaces", + "description": "Grants permission to return a list of all the operations that have been performed on the specified MSK cluster", + "privilege": "ListClusterOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "decodermanifest*" + "resource_type": "cluster*" } ] }, { "access_level": "List", - "description": "Grants permission to list decoder manifest signals", - "privilege": "ListDecoderManifestSignals", + "description": "Grants permission to return a list of all the operations that have been performed on the specified MSK cluster", + "privilege": "ListClusterOperationsV2", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "decodermanifest*" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all decoder manifests, with an optional filter on model manifest", - "privilege": "ListDecoderManifests", + "access_level": "List", + "description": "Grants permission to list all MSK clusters in this account", + "privilege": "ListClusters", "resource_types": [ { "condition_keys": [], @@ -133447,9 +158122,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all fleets", - "privilege": "ListFleets", + "access_level": "List", + "description": "Grants permission to list all MSK clusters in this account", + "privilege": "ListClustersV2", "resource_types": [ { "condition_keys": [], @@ -133459,33 +158134,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all the fleets that the given vehicle is associated with", - "privilege": "ListFleetsForVehicle", + "access_level": "List", + "description": "Grants permission to list all revisions for an MSK configuration in this account", + "privilege": "ListConfigurationRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vehicle*" + "resource_type": "configuration*" } ] }, { "access_level": "List", - "description": "Grants permission to list all nodes for the given model manifest", - "privilege": "ListModelManifestNodes", + "description": "Grants permission to list all MSK configurations in this account", + "privilege": "ListConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all model manifests, with an optional filter on signal catalog", - "privilege": "ListModelManifests", + "access_level": "List", + "description": "Grants permission to list all Apache Kafka versions supported by Amazon MSK", + "privilege": "ListKafkaVersions", "resource_types": [ { "condition_keys": [], @@ -133495,21 +158170,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all nodes for a given signal catalog", - "privilege": "ListSignalCatalogNodes", + "access_level": "List", + "description": "Grants permission to list brokers in an MSK cluster", + "privilege": "ListNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog*" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all signal catalogs", - "privilege": "ListSignalCatalogs", + "access_level": "List", + "description": "Grants permission to list all MSK replicators in this account", + "privilege": "ListReplicators", "resource_types": [ { "condition_keys": [], @@ -133519,126 +158194,96 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list the Scram Secrets associated with an Amazon MSK cluster", + "privilege": "ListScramSecrets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "decodermanifest" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "modelmanifest" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "signalcatalog" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle" + "resource_type": "cluster*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all vehicles, with an optional filter on model manifest", - "privilege": "ListVehicles", + "description": "Grants permission to list tags of an MSK resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list vehicles in the given fleet", - "privilege": "ListVehiclesInFleet", + "access_level": "List", + "description": "Grants permission to list all MSK VPC connections that this account uses", + "privilege": "ListVpcConnections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to put the logging options for the AWS account", - "privilege": "PutLoggingOptions", + "description": "Grants permission to create or update the resource-based policy for a cluster", + "privilege": "PutClusterPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to register an AWS account to IoT FleetWise", - "privilege": "RegisterAccount", + "description": "Grants permission to reboot broker", + "privilege": "RebootBroker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "cluster*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to reject a MSK VPC connection", + "privilege": "RejectClientVpcConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "decodermanifest" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "fleet" + "resource_type": "cluster*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest" - }, + "resource_type": "vpc-connection*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag an MSK resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog" + "resource_type": "cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "vehicle" + "resource_type": "vpc-connection" }, { "condition_keys": [ @@ -133652,313 +158297,596 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", + "description": "Grants permission to remove tags from an MSK resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign" + "resource_type": "cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "decodermanifest" + "resource_type": "vpc-connection" }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the number of brokers of the MSK cluster", + "privilege": "UpdateBrokerCount", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "fleet" - }, + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the storage size of the brokers of the MSK cluster", + "privilege": "UpdateBrokerStorage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest" - }, + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the broker type of an Amazon MSK cluster", + "privilege": "UpdateBrokerType", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog" - }, + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the configuration of the MSK cluster", + "privilege": "UpdateClusterConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vehicle" + "resource_type": "cluster*" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the given campaign", - "privilege": "UpdateCampaign", + "description": "Grants permission to update the MSK cluster to the specified Apache Kafka version", + "privilege": "UpdateClusterKafkaVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a decoder manifest defnition", - "privilege": "UpdateDecoderManifest", + "description": "Grants permission to create a new revision of the MSK configuration", + "privilege": "UpdateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "decodermanifest*" + "resource_type": "configuration*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the fleet", - "privilege": "UpdateFleet", + "description": "Grants permission to update the connectivity settings for the MSK cluster", + "privilege": "UpdateConnectivity", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets" + ], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "kafka:publicAccessEnabled" + ], "dependent_actions": [], - "resource_type": "fleet*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the given model manifest definition", - "privilege": "UpdateModelManifest", + "description": "Grants permission to update the monitoring settings for the MSK cluster", + "privilege": "UpdateMonitoring", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest*" + "resource_type": "cluster*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific signal catalog definition", - "privilege": "UpdateSignalCatalog", + "description": "Grants permission to update the replication info of the MSK replicator", + "privilege": "UpdateReplicationInfo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "signalcatalog*" + "resource_type": "replicator*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the vehicle", - "privilege": "UpdateVehicle", + "description": "Grants permission to update the security settings for the MSK cluster", + "privilege": "UpdateSecurity", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "vehicle*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "decodermanifest" - }, + "dependent_actions": [ + "kms:RetireGrant" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the EBS storage (size or provisioned throughput) associated with MSK brokers or set cluster storage mode to TIERED", + "privilege": "UpdateStorage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "modelmanifest" - }, - { - "condition_keys": [ - "iotfleetwise:UpdateToModelManifestArn", - "iotfleetwise:UpdateToDecoderManifestArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:campaign/${CampaignName}", + "arn": "arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${Uuid}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "campaign" + "resource": "cluster" }, { - "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:decoder-manifest/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "decodermanifest" + "arn": "arn:${Partition}:kafka:${Region}:${Account}:configuration/${ConfigurationName}/${Uuid}", + "condition_keys": [], + "resource": "configuration" }, { - "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:fleet/${FleetId}", + "arn": "arn:${Partition}:kafka:${Region}:${VpcOwnerAccount}:vpc-connection/${ClusterOwnerAccount}/${ClusterName}/${Uuid}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "fleet" + "resource": "vpc-connection" }, { - "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:model-manifest/${Name}", + "arn": "arn:${Partition}:kafka:${Region}:${Account}:replicator/${ReplicatorName}/${Uuid}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "modelmanifest" + "resource": "replicator" }, { - "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:signal-catalog/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "signalcatalog" + "arn": "arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}", + "condition_keys": [], + "resource": "topic" }, { - "arn": "arn:${Partition}:iotfleetwise:${Region}:${Account}:vehicle/${VehicleId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "vehicle" + "arn": "arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}", + "condition_keys": [], + "resource": "group" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}", + "condition_keys": [], + "resource": "transactional-id" } ], - "service_name": "AWS IoT FleetWise" + "service_name": "Amazon Managed Streaming for Apache Kafka" }, { "conditions": [ { - "condition": "iot:JobId", - "description": "Filters access by jobId for iotjobsdata:DescribeJobExecution and iotjobsdata:UpdateJobExecution APIs", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource. The resource tag context key will only apply to the cluster resource, not topics, groups and transactional IDs", "type": "String" } ], - "prefix": "iotjobsdata", + "prefix": "kafka-cluster", "privileges": [ { - "access_level": "Read", - "description": "Grants permission to describe a job execution", - "privilege": "DescribeJobExecution", + "access_level": "Write", + "description": "Grants permission to alter various aspects of the cluster, equivalent to Apache Kafka's ALTER CLUSTER ACL", + "privilege": "AlterCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeCluster" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to alter the dynamic configuration of a cluster, equivalent to Apache Kafka's ALTER_CONFIGS CLUSTER ACL", + "privilege": "AlterClusterDynamicConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeClusterDynamicConfiguration" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to join groups on a cluster, equivalent to Apache Kafka's READ GROUP ACL", + "privilege": "AlterGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeGroup" + ], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to alter topics on a cluster, equivalent to Apache Kafka's ALTER TOPIC ACL", + "privilege": "AlterTopic", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeTopic" + ], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to alter the dynamic configuration of topics on a cluster, equivalent to Apache Kafka's ALTER_CONFIGS TOPIC ACL", + "privilege": "AlterTopicDynamicConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeTopicDynamicConfiguration" + ], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to alter transactional IDs on a cluster, equivalent to Apache Kafka's WRITE TRANSACTIONAL_ID ACL", + "privilege": "AlterTransactionalId", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeTransactionalId", + "kafka-cluster:WriteData" + ], + "resource_type": "transactional-id*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to connect and authenticate to the cluster", + "privilege": "Connect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" - }, + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create topics on a cluster, equivalent to Apache Kafka's CREATE CLUSTER/TOPIC ACL", + "privilege": "CreateTopic", + "resource_types": [ { - "condition_keys": [ - "iot:JobId" + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" + ], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete groups on a cluster, equivalent to Apache Kafka's DELETE GROUP ACL", + "privilege": "DeleteGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeGroup" + ], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete topics on a cluster, equivalent to Apache Kafka's DELETE TOPIC ACL", + "privilege": "DeleteTopic", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeTopic" + ], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe various aspects of the cluster, equivalent to Apache Kafka's DESCRIBE CLUSTER ACL", + "privilege": "DescribeCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the dynamic configuration of a cluster, equivalent to Apache Kafka's DESCRIBE_CONFIGS CLUSTER ACL", + "privilege": "DescribeClusterDynamicConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe groups on a cluster, equivalent to Apache Kafka's DESCRIBE GROUP ACL", + "privilege": "DescribeGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" + ], + "resource_type": "group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe topics on a cluster, equivalent to Apache Kafka's DESCRIBE TOPIC ACL", + "privilege": "DescribeTopic", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" + ], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe the dynamic configuration of topics on a cluster, equivalent to Apache Kafka's DESCRIBE_CONFIGS TOPIC ACL", + "privilege": "DescribeTopicDynamicConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" + ], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe transactional IDs on a cluster, equivalent to Apache Kafka's DESCRIBE TRANSACTIONAL_ID ACL", + "privilege": "DescribeTransactionalId", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kafka-cluster:Connect" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "transactional-id*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the list of all jobs for a thing that are not in a terminal state", - "privilege": "GetPendingJobExecutions", + "description": "Grants permission to read data from topics on a cluster, equivalent to Apache Kafka's READ TOPIC ACL", + "privilege": "ReadData", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" + "dependent_actions": [ + "kafka-cluster:AlterGroup", + "kafka-cluster:Connect", + "kafka-cluster:DescribeTopic" + ], + "resource_type": "topic*" } ] }, { "access_level": "Write", - "description": "Grants permission to get and start the next pending job execution for a thing", - "privilege": "StartNextPendingJobExecution", + "description": "Grants permission to write data to topics on a cluster, equivalent to Apache Kafka's WRITE TOPIC ACL", + "privilege": "WriteData", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeTopic" + ], + "resource_type": "topic*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a job execution", - "privilege": "UpdateJobExecution", + "description": "Grants permission to write data idempotently on a cluster, equivalent to Apache Kafka's IDEMPOTENT_WRITE CLUSTER ACL", + "privilege": "WriteDataIdempotently", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "thing*" - }, - { - "condition_keys": [ - "iot:JobId" + "dependent_actions": [ + "kafka-cluster:Connect", + "kafka-cluster:WriteData" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "cluster*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", + "arn": "arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${ClusterUuid}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}", "condition_keys": [], - "resource": "thing" + "resource": "topic" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}", + "condition_keys": [], + "resource": "group" + }, + { + "arn": "arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}", + "condition_keys": [], + "resource": "transactional-id" } ], - "service_name": "AWS IoT Jobs DataPlane" + "service_name": "Apache Kafka APIs for Amazon MSK clusters" }, { "conditions": [ { - "condition": "iotroborunner:DestinationResourceId", - "description": "Filters access by the destination's identifier", - "type": "String" - }, - { - "condition": "iotroborunner:SiteResourceId", - "description": "Filters access by the site's identifier", + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { - "condition": "iotroborunner:WorkerFleetResourceId", - "description": "Filters access by the worker fleet's identifier", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { - "condition": "iotroborunner:WorkerResourceId", - "description": "Filters access by the workers identifier", - "type": "String" + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" } ], - "prefix": "iotroborunner", + "prefix": "kafkaconnect", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a destination", - "privilege": "CreateDestination", + "description": "Grants permission to create an MSK Connect connector", + "privilege": "CreateConnector", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "SiteResource*" + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "firehose:TagDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "iam:PutRolePolicy", + "logs:CreateLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a site", - "privilege": "CreateSite", + "description": "Grants permission to create an MSK Connect custom plugin", + "privilege": "CreateCustomPlugin", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "s3:GetObject" ], "resource_type": "" } @@ -133966,140 +158894,147 @@ }, { "access_level": "Write", - "description": "Grants permission to create a worker", - "privilege": "CreateWorker", + "description": "Grants permission to create an MSK Connect worker configuration", + "privilege": "CreateWorkerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a worker fleet", - "privilege": "CreateWorkerFleet", + "description": "Grants permission to delete an MSK Connect connector", + "privilege": "DeleteConnector", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "SiteResource*" + "dependent_actions": [ + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries" + ], + "resource_type": "connector*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a destination", - "privilege": "DeleteDestination", + "description": "Grants permission to delete an MSK Connect custom plugin", + "privilege": "DeleteCustomPlugin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DestinationResource*" + "resource_type": "custom plugin*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a site", - "privilege": "DeleteSite", + "description": "Grants permission to delete an MSK Connect worker configuration", + "privilege": "DeleteWorkerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "worker configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a worker", - "privilege": "DeleteWorker", + "access_level": "Read", + "description": "Grants permission to describe an MSK Connect connector", + "privilege": "DescribeConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerResource*" + "resource_type": "connector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a worker fleet", - "privilege": "DeleteWorkerFleet", + "access_level": "Read", + "description": "Grants permission to describe an MSK Connect custom plugin", + "privilege": "DescribeCustomPlugin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "custom plugin*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a destination", - "privilege": "GetDestination", + "description": "Grants permission to describe an MSK Connect worker configuration", + "privilege": "DescribeWorkerConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DestinationResource*" + "resource_type": "worker configuration*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a site", - "privilege": "GetSite", + "description": "Grants permission to list all MSK Connect connectors in this account", + "privilege": "ListConnectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a worker", - "privilege": "GetWorker", + "description": "Grants permission to list all MSK Connect custom plugins in this account", + "privilege": "ListCustomPlugins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerResource*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a worker fleet", - "privilege": "GetWorkerFleet", + "description": "Grants permission to list tags of an MSK Connect resource", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list destinations", - "privilege": "ListDestinations", - "resource_types": [ + "resource_type": "connector" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "custom plugin" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "worker configuration" } ] }, { "access_level": "Read", - "description": "Grants permission to list sites", - "privilege": "ListSites", + "description": "Grants permission to list all MSK Connect worker configurations in this account", + "privilege": "ListWorkerConfigurations", "resource_types": [ { "condition_keys": [], @@ -134109,335 +159044,260 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list worker fleets", - "privilege": "ListWorkerFleets", + "access_level": "Tagging", + "description": "Grants permission to tag an MSK Connect resource", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "SiteResource*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list workers", - "privilege": "ListWorkers", - "resource_types": [ + "resource_type": "connector" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "SiteResource*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a destination", - "privilege": "UpdateDestination", - "resource_types": [ + "resource_type": "custom plugin" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "DestinationResource*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a site", - "privilege": "UpdateSite", - "resource_types": [ + "resource_type": "worker configuration" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "SiteResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a worker", - "privilege": "UpdateWorker", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an MSK Connect resource", + "privilege": "UntagResource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "WorkerResource*" + "resource_type": "connector" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "custom plugin" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "worker configuration" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a worker fleet", - "privilege": "UpdateWorkerFleet", + "description": "Grants permission to update an MSK Connect connector", + "privilege": "UpdateConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WorkerFleetResource*" + "resource_type": "connector*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/destination/${DestinationId}", - "condition_keys": [ - "iotroborunner:DestinationResourceId" - ], - "resource": "DestinationResource" - }, - { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}", + "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:connector/${ConnectorName}/${UUID}", "condition_keys": [ - "iotroborunner:SiteResourceId" + "aws:ResourceTag/${TagKey}" ], - "resource": "SiteResource" + "resource": "connector" }, { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/worker-fleet/${WorkerFleetId}", + "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:custom-plugin/${CustomPluginName}/${UUID}", "condition_keys": [ - "iotroborunner:WorkerFleetResourceId" + "aws:ResourceTag/${TagKey}" ], - "resource": "WorkerFleetResource" + "resource": "custom plugin" }, { - "arn": "arn:${Partition}:iotroborunner:${Region}:${Account}:site/${SiteId}/worker-fleet/${WorkerFleetId}/worker/${WorkerId}", + "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:worker-configuration/${WorkerConfigurationName}/${UUID}", "condition_keys": [ - "iotroborunner:WorkerResourceId" + "aws:ResourceTag/${TagKey}" ], - "resource": "WorkerResource" + "resource": "worker configuration" } ], - "service_name": "AWS IoT RoboRunner" + "service_name": "Amazon Managed Streaming for Kafka Connect" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" - }, - { - "condition": "iotsitewise:assetHierarchyPath", - "description": "Filters access by an asset hierarchy path, which is the string of asset IDs in the asset's hierarchy, each separated by a forward slash", - "type": "String" - }, - { - "condition": "iotsitewise:childAssetId", - "description": "Filters access by the ID of a child asset being associated whith a parent asset", - "type": "String" - }, - { - "condition": "iotsitewise:group", - "description": "Filters access by the ID of an AWS Single Sign-On group", - "type": "String" - }, - { - "condition": "iotsitewise:iam", - "description": "Filters access by the ID of an AWS IAM identity", - "type": "String" - }, - { - "condition": "iotsitewise:isAssociatedWithAssetProperty", - "description": "Filters access by data streams associated with or not associated with asset properties", - "type": "String" - }, - { - "condition": "iotsitewise:portal", - "description": "Filters access by the ID of a portal", - "type": "String" - }, - { - "condition": "iotsitewise:project", - "description": "Filters access by the ID of a project", - "type": "String" - }, - { - "condition": "iotsitewise:propertyAlias", - "description": "Filters access by the property alias", - "type": "String" - }, - { - "condition": "iotsitewise:propertyId", - "description": "Filters access by the ID of an asset property", - "type": "String" - }, - { - "condition": "iotsitewise:user", - "description": "Filters access by the ID of an AWS Single Sign-On user", - "type": "String" } ], - "prefix": "iotsitewise", + "prefix": "kendra", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a child asset with a parent asset through a hierarchy", - "privilege": "AssociateAssets", + "description": "Grants permission to put principal mapping in index", + "privilege": "AssociateEntitiesToExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "experience*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a time series with an asset property", - "privilege": "AssociateTimeSeriesToAssetProperty", + "description": "Defines the specific permissions of users or groups in your AWS SSO identity source with access to your Amazon Kendra experience", + "privilege": "AssociatePersonasToEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "experience*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate assets to a project", - "privilege": "BatchAssociateProjectAssets", + "description": "Grants permission to batch delete document", + "privilege": "BatchDeleteDocument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate assets from a project", - "privilege": "BatchDisassociateProjectAssets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve computed aggregates for multiple asset properties", - "privilege": "BatchGetAssetPropertyAggregates", + "description": "Grants permission to delete a featured results set", + "privilege": "BatchDeleteFeaturedResultsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "featured-results-set*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the latest value for multiple asset properties", - "privilege": "BatchGetAssetPropertyValue", + "description": "Grants permission to do batch get document status", + "privilege": "BatchGetDocumentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the value history for multiple asset properties", - "privilege": "BatchGetAssetPropertyValueHistory", + "access_level": "Write", + "description": "Grants permission to batch put document", + "privilege": "BatchPutDocument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to put property values for asset properties", - "privilege": "BatchPutAssetPropertyValue", + "description": "Grants permission to clear out the suggestions for a given index, generated so far", + "privilege": "ClearQuerySuggestions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an access policy for a portal or a project", - "privilege": "CreateAccessPolicy", + "description": "Grants permission to create an access control configuration", + "privilege": "CreateAccessControlConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "project" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an asset from an asset model", - "privilege": "CreateAsset", + "description": "Grants permission to create a data source", + "privilege": "CreateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model*" + "resource_type": "index*" }, { "condition_keys": [ @@ -134451,40 +159311,45 @@ }, { "access_level": "Write", - "description": "Grants permission to create an asset model", - "privilege": "CreateAssetModel", + "description": "Creates an Amazon Kendra experience such as a search application", + "privilege": "CreateExperience", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to create bulk import job", - "privilege": "CreateBulkImportJob", + "description": "Grants permission to create an Faq", + "privilege": "CreateFaq", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a dashboard in a project", - "privilege": "CreateDashboard", + "description": "Grants permission to create a featured results set", + "privilege": "CreateFeaturedResultsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "index*" }, { "condition_keys": [ @@ -134498,8 +159363,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a gateway", - "privilege": "CreateGateway", + "description": "Grants permission to create an Index", + "privilege": "CreateIndex", "resource_types": [ { "condition_keys": [ @@ -134513,31 +159378,33 @@ }, { "access_level": "Write", - "description": "Grants permission to create a portal", - "privilege": "CreatePortal", + "description": "Grants permission to create a QuerySuggestions BlockList", + "privilege": "CreateQuerySuggestionsBlockList", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "sso:CreateManagedApplicationInstance", - "sso:DescribeRegisteredRegions" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a project in a portal", - "privilege": "CreateProject", + "description": "Grants permission to create a Thesaurus", + "privilege": "CreateThesaurus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal*" + "resource_type": "index*" }, { "condition_keys": [ @@ -134551,697 +159418,680 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an access policy", - "privilege": "DeleteAccessPolicy", + "description": "Grants permission to delete an access control configuration", + "privilege": "DeleteAccessControlConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-policy*" + "resource_type": "access-control-configuration*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an asset", - "privilege": "DeleteAsset", + "description": "Grants permission to delete a data source", + "privilege": "DeleteDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "data-source*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an asset model", - "privilege": "DeleteAssetModel", + "description": "Deletes your Amazon Kendra experience such as a search application", + "privilege": "DeleteExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model*" + "resource_type": "experience*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dashboard", - "privilege": "DeleteDashboard", + "description": "Grants permission to delete an Faq", + "privilege": "DeleteFaq", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "faq*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a gateway", - "privilege": "DeleteGateway", + "description": "Grants permission to delete an Index", + "privilege": "DeleteIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a portal", - "privilege": "DeletePortal", + "description": "Grants permission to delete principal mapping from index", + "privilege": "DeletePrincipalMapping", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "portal*" + "dependent_actions": [], + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-source" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", + "description": "Grants permission to delete a QuerySuggestions BlockList", + "privilege": "DeleteQuerySuggestionsBlockList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a time series", - "privilege": "DeleteTimeSeries", + "description": "Grants permission to delete a Thesaurus", + "privilege": "DeleteThesaurus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "index*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "thesaurus*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an access policy", - "privilege": "DescribeAccessPolicy", + "description": "Grants permission to describe an access control configuration", + "privilege": "DescribeAccessControlConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-policy*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an asset", - "privilege": "DescribeAsset", - "resource_types": [ + "resource_type": "access-control-configuration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an asset model", - "privilege": "DescribeAssetModel", + "description": "Grants permission to describe a data source", + "privilege": "DescribeDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe an asset property", - "privilege": "DescribeAssetProperty", - "resource_types": [ + "resource_type": "data-source*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe bulk import job", - "privilege": "DescribeBulkImportJob", + "description": "Gets information about your Amazon Kendra experience such as a search application", + "privilege": "DescribeExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a dashboard", - "privilege": "DescribeDashboard", - "resource_types": [ + "resource_type": "experience*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the default encryption configuration for the AWS account", - "privilege": "DescribeDefaultEncryptionConfiguration", + "description": "Grants permission to describe an Faq", + "privilege": "DescribeFaq", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a gateway", - "privilege": "DescribeGateway", - "resource_types": [ + "resource_type": "faq*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a capability configuration for a gateway", - "privilege": "DescribeGatewayCapabilityConfiguration", + "description": "Grants permission to describe a featured results set", + "privilege": "DescribeFeaturedResultsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe logging options for the AWS account", - "privilege": "DescribeLoggingOptions", - "resource_types": [ + "resource_type": "featured-results-set*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a portal", - "privilege": "DescribePortal", + "description": "Grants permission to describe an Index", + "privilege": "DescribeIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a project", - "privilege": "DescribeProject", + "description": "Grants permission to describe principal mapping from index", + "privilege": "DescribePrincipalMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the storage configuration for the AWS account", - "privilege": "DescribeStorageConfiguration", - "resource_types": [ + "resource_type": "index*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-source" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a time series", - "privilege": "DescribeTimeSeries", + "description": "Grants permission to describe a QuerySuggestions BlockList", + "privilege": "DescribeQuerySuggestionsBlockList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "index*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "query-suggestions-block-list*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a child asset from a parent asset by a hierarchy", - "privilege": "DisassociateAssets", + "access_level": "Read", + "description": "Grants permission to describe the query suggestions configuration for an index", + "privilege": "DescribeQuerySuggestionsConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a time series from an asset property", - "privilege": "DisassociateTimeSeriesFromAssetProperty", + "access_level": "Read", + "description": "Grants permission to describe a Thesaurus", + "privilege": "DescribeThesaurus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series*" + "resource_type": "thesaurus*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve computed aggregates for an asset property", - "privilege": "GetAssetPropertyAggregates", + "access_level": "Write", + "description": "Prevents users or groups in your AWS SSO identity source from accessing your Amazon Kendra experience", + "privilege": "DisassociateEntitiesFromExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "experience*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the latest value for an asset property", - "privilege": "GetAssetPropertyValue", + "access_level": "Write", + "description": "Removes the specific permissions of users or groups in your AWS SSO identity source with access to your Amazon Kendra experience", + "privilege": "DisassociatePersonasFromEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "experience*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the value history for an asset property", - "privilege": "GetAssetPropertyValueHistory", + "description": "Grants permission to get suggestions for a query prefix", + "privilege": "GetQuerySuggestions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve interpolated values for an asset property", - "privilege": "GetInterpolatedAssetPropertyValues", + "description": "Retrieves search metrics data", + "privilege": "GetSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the access control configurations", + "privilege": "ListAccessControlConfigurations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list all access policies for an identity or a resource", - "privilege": "ListAccessPolicies", + "description": "Grants permission to get Data Source sync job history", + "privilege": "ListDataSourceSyncJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal" + "resource_type": "data-source*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list asset model properties", - "privilege": "ListAssetModelProperties", + "description": "Grants permission to list the data sources", + "privilege": "ListDataSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model*" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list all asset models", - "privilege": "ListAssetModels", + "description": "Lists specific permissions of users and groups with access to your Amazon Kendra experience", + "privilege": "ListEntityPersonas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list asset properties", - "privilege": "ListAssetProperties", - "resource_types": [ + "resource_type": "experience*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list the asset relationship graph for an asset", - "privilege": "ListAssetRelationships", + "description": "Lists users or groups in your AWS SSO identity source that are granted access to your Amazon Kendra experience", + "privilege": "ListExperienceEntities", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all assets", - "privilege": "ListAssets", - "resource_types": [ + "resource_type": "experience*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list all assets associated with an asset through a hierarchy", - "privilege": "ListAssociatedAssets", + "description": "Lists one or more Amazon Kendra experiences. You can create an Amazon Kendra experience such as a search application", + "privilege": "ListExperiences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list bulk import jobs", - "privilege": "ListBulkImportJobs", + "description": "Grants permission to list the Faqs", + "privilege": "ListFaqs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list all dashboards in a project", - "privilege": "ListDashboards", + "description": "Grants permission to list the featured results sets", + "privilege": "ListFeaturedResultsSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "index*" } ] }, { "access_level": "List", - "description": "Grants permission to list all gateways", - "privilege": "ListGateways", + "description": "Grants permission to list groups that are older than an ordering id", + "privilege": "ListGroupsOlderThanOrderingId", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all portals", - "privilege": "ListPortals", - "resource_types": [ + "resource_type": "index*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-source" } ] }, { "access_level": "List", - "description": "Grants permission to list all assets associated with a project", - "privilege": "ListProjectAssets", + "description": "Grants permission to list the indexes", + "privilege": "ListIndices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all projects in a portal", - "privilege": "ListProjects", + "description": "Grants permission to list the QuerySuggestions BlockLists", + "privilege": "ListQuerySuggestionsBlockLists", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal*" + "resource_type": "index*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all tags for a resource", + "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-policy" + "resource_type": "data-source" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "faq" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model" + "resource_type": "featured-results-set" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard" + "resource_type": "index" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway" + "resource_type": "query-suggestions-block-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal" - }, + "resource_type": "thesaurus" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the Thesauri", + "privilege": "ListThesauri", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put principal mapping in index", + "privilege": "PutPrincipalMapping", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "index*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-source" } ] }, { - "access_level": "List", - "description": "Grants permission to list time series", - "privilege": "ListTimeSeries", + "access_level": "Read", + "description": "Grants permission to query documents and faqs", + "privilege": "Query", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to set the default encryption configuration for the AWS account", - "privilege": "PutDefaultEncryptionConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve relevant content from an index", + "privilege": "Retrieve", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to set logging options for the AWS account", - "privilege": "PutLoggingOptions", + "description": "Grants permission to start Data Source sync job", + "privilege": "StartDataSourceSyncJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-source*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to configure storage settings for the AWS account", - "privilege": "PutStorageConfiguration", + "description": "Grants permission to stop Data Source sync job", + "privilege": "StopDataSourceSyncJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "data-source*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to send feedback about a query results", + "privilege": "SubmitFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-policy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "asset" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource with given key value pairs", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model" + "resource_type": "data-source" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard" + "resource_type": "faq" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway" + "resource_type": "featured-results-set" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal" + "resource_type": "index" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "query-suggestions-block-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "thesaurus" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -135250,48 +160100,38 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", + "description": "Grants permission to remove the tag with the given key from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-policy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "asset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "asset-model" + "resource_type": "data-source" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard" + "resource_type": "faq" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway" + "resource_type": "featured-results-set" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal" + "resource_type": "index" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "query-suggestions-block-list" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "time-series" + "resource_type": "thesaurus" }, { "condition_keys": [ @@ -135304,295 +160144,286 @@ }, { "access_level": "Write", - "description": "Grants permission to update an access policy", - "privilege": "UpdateAccessPolicy", + "description": "Grants permission to update an access control configuration", + "privilege": "UpdateAccessControlConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-policy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an asset", - "privilege": "UpdateAsset", - "resource_types": [ + "resource_type": "access-control-configuration*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an asset model", - "privilege": "UpdateAssetModel", + "description": "Grants permission to update a data source", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an AssetModel property routing", - "privilege": "UpdateAssetModelPropertyRouting", - "resource_types": [ + "resource_type": "data-source*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset-model*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an asset property", - "privilege": "UpdateAssetProperty", + "description": "Updates your Amazon Kendra experience such as a search application", + "privilege": "UpdateExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "asset*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a dashboard", - "privilege": "UpdateDashboard", + "description": "Grants permission to update a featured results set", + "privilege": "UpdateFeaturedResultsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dashboard*" + "resource_type": "featured-results-set*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a gateway", - "privilege": "UpdateGateway", + "description": "Grants permission to update an Index", + "privilege": "UpdateIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a capability configuration for a gateway", - "privilege": "UpdateGatewayCapabilityConfiguration", + "description": "Grants permission to update a QuerySuggestions BlockList", + "privilege": "UpdateQuerySuggestionsBlockList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "gateway*" + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "query-suggestions-block-list*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a portal", - "privilege": "UpdatePortal", + "description": "Grants permission to update the query suggestions configuration for an index", + "privilege": "UpdateQuerySuggestionsConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "portal*" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a project", - "privilege": "UpdateProject", + "description": "Grants permission to update a thesaurus", + "privilege": "UpdateThesaurus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "index*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "thesaurus*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}", + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "asset" + "resource": "index" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:asset-model/${AssetModelId}", + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/data-source/${DataSourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "asset-model" + "resource": "data-source" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:time-series/${TimeSeriesId}", + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/faq/${FaqId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "time-series" + "resource": "faq" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:gateway/${GatewayId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "gateway" + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/experience/${ExperienceId}", + "condition_keys": [], + "resource": "experience" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}", + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/thesaurus/${ThesaurusId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "portal" + "resource": "thesaurus" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:project/${ProjectId}", + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/query-suggestions-block-list/${QuerySuggestionsBlockListId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "project" + "resource": "query-suggestions-block-list" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:dashboard/${DashboardId}", + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/featured-results-set/${FeaturedResultsSetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "dashboard" + "resource": "featured-results-set" }, { - "arn": "arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "access-policy" + "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/access-control-configuration/${AccessControlConfigurationId}", + "condition_keys": [], + "resource": "access-control-configuration" } ], - "service_name": "AWS IoT SiteWise" + "service_name": "Amazon Kendra" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "iottwinmaker", + "prefix": "kendra-ranking", "privileges": [ { "access_level": "Write", - "description": "Grants permission to set values for multiple time series properties", - "privilege": "BatchPutPropertyValues", + "description": "Grants permission to create a RescoreExecutionPlan", + "privilege": "CreateRescoreExecutionPlan", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "iottwinmaker:GetComponentType", - "iottwinmaker:GetEntity", - "iottwinmaker:GetWorkspace" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "workspace*" - }, - { - "condition_keys": [], "dependent_actions": [], - "resource_type": "entity" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a componentType", - "privilege": "CreateComponentType", + "description": "Grants permission to delete a RescoreExecutionPlan", + "privilege": "DeleteRescoreExecutionPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "rescore-execution-plan*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an entity", - "privilege": "CreateEntity", + "access_level": "Read", + "description": "Grants permission to describe a RescoreExecutionPlan", + "privilege": "DescribeRescoreExecutionPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" - }, + "resource_type": "rescore-execution-plan*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all RescoreExecutionPlans", + "privilege": "ListRescoreExecutionPlans", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a scene", - "privilege": "CreateScene", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" - }, + "resource_type": "rescore-execution-plan" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Rescore documents with Kendra Intelligent Ranking", + "privilege": "Rescore", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "rescore-execution-plan*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a sync job", - "privilege": "CreateSyncJob", + "access_level": "Tagging", + "description": "Grants permission to tag a resource with given key value pairs", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "rescore-execution-plan" }, { "condition_keys": [ @@ -135605,13 +160436,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a workspace", - "privilege": "CreateWorkspace", + "access_level": "Tagging", + "description": "Grants permission to remove the tag with the given key from a resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "rescore-execution-plan" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -135621,828 +160456,662 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a componentType", - "privilege": "DeleteComponentType", + "description": "Grants permission to update a RescoreExecutionPlan", + "privilege": "UpdateRescoreExecutionPlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType*" - }, + "resource_type": "rescore-execution-plan*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:kendra-ranking:${Region}:${Account}:rescore-execution-plan/${RescoreExecutionPlanId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "rescore-execution-plan" + } + ], + "service_name": "Amazon Kendra Intelligent Ranking" + }, + { + "conditions": [], + "prefix": "kinesis", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to add or update tags for the specified Amazon Kinesis stream. Each stream can have up to 10 tags", + "privilege": "AddTagsToStream", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an entity", - "privilege": "DeleteEntity", + "description": "Grants permission to create a Amazon Kinesis stream", + "privilege": "CreateStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a scene", - "privilege": "DeleteScene", + "description": "Grants permission to decrease the stream's retention period, which is the length of time data records are accessible after they are added to the stream", + "privilege": "DecreaseStreamRetentionPeriod", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scene*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a sync job", - "privilege": "DeleteSyncJob", + "description": "Grants permission to delete a resource policy associated with a specified stream or consumer", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "syncJob*" + "resource_type": "consumer*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workspace", - "privilege": "DeleteWorkspace", + "description": "Grants permission to delete a stream and all its shards and data", + "privilege": "DeleteStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to execute query", - "privilege": "ExecuteQuery", + "access_level": "Write", + "description": "Grants permission to deregister a stream consumer with a Kinesis data stream", + "privilege": "DeregisterStreamConsumer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "consumer*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a componentType", - "privilege": "GetComponentType", + "description": "Grants permission to describe the shard limits and usage for the account", + "privilege": "DescribeLimits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get an entity", - "privilege": "GetEntity", + "description": "Grants permission to describe the specified stream", + "privilege": "DescribeStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to get pricing plan", - "privilege": "GetPricingPlan", + "description": "Grants permission to get the description of a registered stream consumer", + "privilege": "DescribeStreamConsumer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "consumer*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the property values", - "privilege": "GetPropertyValue", + "description": "Grants permission to provide a summarized description of the specified Kinesis data stream without the shard list", + "privilege": "DescribeStreamSummary", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iottwinmaker:GetComponentType", - "iottwinmaker:GetEntity", - "iottwinmaker:GetWorkspace" - ], - "resource_type": "workspace*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the time series value history", - "privilege": "GetPropertyValueHistory", + "access_level": "Write", + "description": "Grants permission to disables enhanced monitoring", + "privilege": "DisableEnhancedMonitoring", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iottwinmaker:GetComponentType", - "iottwinmaker:GetEntity", - "iottwinmaker:GetWorkspace" - ], - "resource_type": "workspace*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to enable enhanced Kinesis data stream monitoring for shard-level metrics", + "privilege": "EnableEnhancedMonitoring", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a scene", - "privilege": "GetScene", + "description": "Grants permission to get data records from a shard", + "privilege": "GetRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scene*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a sync job", - "privilege": "GetSyncJob", + "description": "Grants permission to get a resource policy associated with a specified stream or consumer", + "privilege": "GetResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "syncJob*" + "resource_type": "consumer*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a workspace", - "privilege": "GetWorkspace", + "description": "Grants permission to get a shard iterator. A shard iterator expires five minutes after it is returned to the requester", + "privilege": "GetShardIterator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all componentTypes in a workspace", - "privilege": "ListComponentTypes", + "access_level": "Write", + "description": "Grants permission to increase the stream's retention period, which is the length of time data records are accessible after they are added to the stream", + "privilege": "IncreaseStreamRetentionPeriod", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "List", - "description": "Grants permission to list all entities in a workspace", - "privilege": "ListEntities", + "description": "Grants permission to list the shards in a stream and provides information about each shard", + "privilege": "ListShards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "List", - "description": "Grants permission to list all scenes in a workspace", - "privilege": "ListScenes", + "description": "Grants permission to list the stream consumers registered to receive data from a Kinesis stream using enhanced fan-out, and provides information about each consumer", + "privilege": "ListStreamConsumers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "List", - "description": "Grants permission to list all sync jobs in a workspace", - "privilege": "ListSyncJobs", + "description": "Grants permission to list your streams", + "privilege": "ListStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all sync resources for a sync job", - "privilege": "ListSyncResources", + "access_level": "Read", + "description": "Grants permission to list the tags for the specified Amazon Kinesis stream", + "privilege": "ListTagsForStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "syncJob*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to merge two adjacent shards in a stream and combines them into a single shard to reduce the stream's capacity to ingest and transport data", + "privilege": "MergeShards", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "scene" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "syncJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all workspaces", - "privilege": "ListWorkspaces", + "access_level": "Write", + "description": "Grants permission to write a single data record from a producer into an Amazon Kinesis stream", + "privilege": "PutRecord", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to write multiple data records from a producer into an Amazon Kinesis stream in a single call (also referred to as a PutRecords request)", + "privilege": "PutRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity" - }, + "resource_type": "stream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to attach a resource policy to a specified stream or consumer", + "privilege": "PutResourcePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scene" + "resource_type": "consumer*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "syncJob" - }, + "resource_type": "stream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register a stream consumer with a Kinesis data stream", + "privilege": "RegisterStreamConsumer", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "description": "Grants permission to remove tags from the specified Kinesis data stream. Removed tags are deleted and cannot be recovered after this operation successfully completes", + "privilege": "RemoveTagsFromStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "entity" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "scene" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "syncJob" - }, + "resource_type": "stream*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to split a shard into two new shards in the Kinesis data stream, to increase the stream's capacity to ingest and transport data", + "privilege": "SplitShard", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a componentType", - "privilege": "UpdateComponentType", + "description": "Grants permission to enable or update server-side encryption using an AWS KMS key for a specified stream", + "privilege": "StartStreamEncryption", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "componentType*" + "resource_type": "kmsKey*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an entity", - "privilege": "UpdateEntity", + "description": "Grants permission to disable server-side encryption for a specified stream", + "privilege": "StopStreamEncryption", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "entity*" + "resource_type": "kmsKey*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "stream*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update pricing plan", - "privilege": "UpdatePricingPlan", + "access_level": "Read", + "description": "Grants permission to listen to a specific shard with enhanced fan-out", + "privilege": "SubscribeToShard", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "consumer*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a scene", - "privilege": "UpdateScene", + "description": "Grants permission to update the shard count of the specified stream to the specified number of shards", + "privilege": "UpdateShardCount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "scene*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a workspace", - "privilege": "UpdateWorkspace", + "description": "Grants permission to update the capacity mode of the data stream", + "privilege": "UpdateStreamMode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workspace*" + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workspace" - }, - { - "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/entity/${EntityId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "entity" - }, - { - "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/component-type/${ComponentTypeId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "componentType" + "arn": "arn:${Partition}:kinesis:${Region}:${Account}:stream/${StreamName}", + "condition_keys": [], + "resource": "stream" }, { - "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/scene/${SceneId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "scene" + "arn": "arn:${Partition}:kinesis:${Region}:${Account}:${StreamType}/${StreamName}/consumer/${ConsumerName}:${ConsumerCreationTimpstamp}", + "condition_keys": [], + "resource": "consumer" }, { - "arn": "arn:${Partition}:iottwinmaker:${Region}:${Account}:workspace/${WorkspaceId}/sync-job/${SyncJobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "syncJob" + "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", + "condition_keys": [], + "resource": "kmsKey" } ], - "service_name": "AWS IoT TwinMaker" + "service_name": "Amazon Kinesis Data Streams" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key that is present in the request that the user makes to IoT Wireless", + "description": "Filters access by set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key component of a tag attached to an IoT Wireless resource", + "description": "Filters access by tag-value assoicated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names associated with the resource in the request", + "description": "Filters access by the presence of mandatory tag keys in the request", "type": "ArrayOfString" } ], - "prefix": "iotwireless", + "prefix": "kinesisanalytics", "privileges": [ { "access_level": "Write", - "description": "Grants permission to link partner accounts with AWS account", - "privilege": "AssociateAwsAccountWithPartnerAccount", + "description": "Grants permission to add input to the application", + "privilege": "AddApplicationInput", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate the MulticastGroup with FuotaTask", - "privilege": "AssociateMulticastGroupWithFuotaTask", + "description": "Grants permission to add output to the application", + "privilege": "AddApplicationOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate the wireless device with FuotaTask", - "privilege": "AssociateWirelessDeviceWithFuotaTask", + "description": "Grants permission to add reference data source to the application", + "privilege": "AddApplicationReferenceDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate the WirelessDevice with MulticastGroup", - "privilege": "AssociateWirelessDeviceWithMulticastGroup", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate the wireless device with AWS IoT thing for a given wirelessDeviceId", - "privilege": "AssociateWirelessDeviceWithThing", + "description": "Grants permission to delete the application", + "privilege": "DeleteApplication", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeThing" - ], - "resource_type": "WirelessDevice*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate a WirelessGateway with the IoT Core Identity certificate", - "privilege": "AssociateWirelessGatewayWithCertificate", + "description": "Grants permission to delete the specified output of the application", + "privilege": "DeleteApplicationOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate the wireless gateway with AWS IoT thing for a given wirelessGatewayId", - "privilege": "AssociateWirelessGatewayWithThing", + "description": "Grants permission to delete the specified reference data source of the application", + "privilege": "DeleteApplicationReferenceDataSource", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeThing" - ], - "resource_type": "WirelessGateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel the MulticastGroup session", - "privilege": "CancelMulticastGroupSession", + "access_level": "Read", + "description": "Grants permission to describe the specified application", + "privilege": "DescribeApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Destination resource", - "privilege": "CreateDestination", + "access_level": "Read", + "description": "Grants permission to discover the input schema for the application", + "privilege": "DiscoverInputSchema", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a DeviceProfile resource", - "privilege": "CreateDeviceProfile", + "access_level": "Read", + "description": "Grants permission to Kinesis Data Analytics console to display stream results for Kinesis Data Analytics SQL runtime applications", + "privilege": "GetApplicationState", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a FuotaTask resource", - "privilege": "CreateFuotaTask", + "access_level": "List", + "description": "Grants permission to list applications for the account", + "privilege": "ListApplications", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a MulticastGroup resource", - "privilege": "CreateMulticastGroup", + "access_level": "Read", + "description": "Grants permission to fetch the tags associated with the application", + "privilege": "ListTagsForResource", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a NetworkAnalyzerConfiguration resource", - "privilege": "CreateNetworkAnalyzerConfiguration", + "description": "Grants permission to start the application", + "privilege": "StartApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a ServiceProfile resource", - "privilege": "CreateServiceProfile", + "description": "Grants permission to stop the application", + "privilege": "StopApplication", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a WirelessDevice resource with given Destination", - "privilege": "CreateWirelessDevice", + "access_level": "Tagging", + "description": "Grants permission to add tags to the application", + "privilege": "TagResource", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a WirelessGateway resource", - "privilege": "CreateWirelessGateway", - "resource_types": [ + "resource_type": "application*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -136454,25 +161123,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a task for a given WirelessGateway", - "privilege": "CreateWirelessGatewayTask", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the application", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a WirelessGateway task definition", - "privilege": "CreateWirelessGatewayTaskDefinition", - "resource_types": [ + "resource_type": "application*" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -136482,907 +161143,782 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a Destination", - "privilege": "DeleteDestination", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Destination*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a DeviceProfile", - "privilege": "DeleteDeviceProfile", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DeviceProfile*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the FuotaTask", - "privilege": "DeleteFuotaTask", + "description": "Grants permission to update the application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" + "resource_type": "application*" } ] - }, + } + ], + "resources": [ { - "access_level": "Write", - "description": "Grants permission to delete the MulticastGroup", - "privilege": "DeleteMulticastGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup*" - } - ] - }, + "arn": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + } + ], + "service_name": "Amazon Kinesis Analytics" + }, + { + "conditions": [ { - "access_level": "Write", - "description": "Grants permission to delete the NetworkAnalyzerConfiguration", - "privilege": "DeleteNetworkAnalyzerConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration*" - } - ] + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by set of values for each of the tags", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to delete QueuedMessages", - "privilege": "DeleteQueuedMessages", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value assoicated with the resource", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to delete a ServiceProfile", - "privilege": "DeleteServiceProfile", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ServiceProfile*" - } - ] - }, + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "kinesisanalytics", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a WirelessDevice", - "privilege": "DeleteWirelessDevice", + "description": "Grants permission to add cloudwatch logging option to the application", + "privilege": "AddApplicationCloudWatchLoggingOption", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the wireless device import task", - "privilege": "DeleteWirelessDeviceImportTask", + "description": "Grants permission to add input to the application", + "privilege": "AddApplicationInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a WirelessGateway", - "privilege": "DeleteWirelessGateway", + "description": "Grants permission to add input processing configuration to the application", + "privilege": "AddApplicationInputProcessingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete task for a given WirelessGateway", - "privilege": "DeleteWirelessGatewayTask", + "description": "Grants permission to add output to the application", + "privilege": "AddApplicationOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a WirelessGateway task definition", - "privilege": "DeleteWirelessGatewayTaskDefinition", + "description": "Grants permission to add reference data source to the application", + "privilege": "AddApplicationReferenceDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister wireless device", - "privilege": "DeregisterWirelessDevice", + "description": "Grants permission to add VPC configuration to the application", + "privilege": "AddApplicationVpcConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an AWS account from a partner account", - "privilege": "DisassociateAwsAccountFromPartnerAccount", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the MulticastGroup from FuotaTask", - "privilege": "DisassociateMulticastGroupFromFuotaTask", + "access_level": "Read", + "description": "Grants permission to create and return a URL that you can use to connect to an application's extension", + "privilege": "CreateApplicationPresignedUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the wireless device from FuotaTask", - "privilege": "DisassociateWirelessDeviceFromFuotaTask", + "description": "Grants permission to create a snapshot for an application", + "privilege": "CreateApplicationSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate the wireless device from MulticastGroup", - "privilege": "DisassociateWirelessDeviceFromMulticastGroup", + "description": "Grants permission to delete the application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a wireless device from a AWS IoT thing", - "privilege": "DisassociateWirelessDeviceFromThing", + "description": "Grants permission to delete the specified cloudwatch logging option of the application", + "privilege": "DeleteApplicationCloudWatchLoggingOption", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeThing" - ], - "resource_type": "WirelessDevice*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a WirelessGateway from a IoT Core Identity certificate", - "privilege": "DisassociateWirelessGatewayFromCertificate", + "description": "Grants permission to delete the specified input processing configuration of the application", + "privilege": "DeleteApplicationInputProcessingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cert*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a WirelessGateway from a IoT Core thing", - "privilege": "DisassociateWirelessGatewayFromThing", + "description": "Grants permission to delete the specified output of the application", + "privilege": "DeleteApplicationOutput", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iot:DescribeThing" - ], - "resource_type": "WirelessGateway*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thing*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the Destination", - "privilege": "GetDestination", + "access_level": "Write", + "description": "Grants permission to delete the specified reference data source of the application", + "privilege": "DeleteApplicationReferenceDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the DeviceProfile", - "privilege": "GetDeviceProfile", + "access_level": "Write", + "description": "Grants permission to delete a snapshot for an application", + "privilege": "DeleteApplicationSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DeviceProfile*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get event configuration by resource types", - "privilege": "GetEventConfigurationByResourceTypes", + "access_level": "Write", + "description": "Grants permission to delete the specified VPC configuration of the application", + "privilege": "DeleteApplicationVpcConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the FuotaTask", - "privilege": "GetFuotaTask", + "description": "Grants permission to describe the specified application", + "privilege": "DescribeApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get log levels by resource types", - "privilege": "GetLogLevelsByResourceTypes", + "description": "Grants permission to describe an application snapshot", + "privilege": "DescribeApplicationSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the MulticastGroup", - "privilege": "GetMulticastGroup", + "description": "Grants permission to describe the application version of an application", + "privilege": "DescribeApplicationVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the MulticastGroup session", - "privilege": "GetMulticastGroupSession", + "description": "Grants permission to discover the input schema for the application", + "privilege": "DiscoverInputSchema", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the NetworkAnalyzerConfiguration", - "privilege": "GetNetworkAnalyzerConfiguration", + "description": "Grants permission to list the snapshots for an application", + "privilege": "ListApplicationSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration*" + "resource_type": "application*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the associated PartnerAccount", - "privilege": "GetPartnerAccount", + "description": "Grants permission to list application versions of an application", + "privilege": "ListApplicationVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SidewalkAccount*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get position for a given resource", - "privilege": "GetPosition", + "access_level": "List", + "description": "Grants permission to list applications for the account", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get position configuration for a given resource", - "privilege": "GetPositionConfiguration", + "description": "Grants permission to fetch the tags associated with the application", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get position estimate", - "privilege": "GetPositionEstimate", + "access_level": "Write", + "description": "Grants permission to perform rollback operation on an application", + "privilege": "RollbackApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an event configuration for an identifier", - "privilege": "GetResourceEventConfiguration", + "access_level": "Write", + "description": "Grants permission to start the application", + "privilege": "StartApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resource log level", - "privilege": "GetResourceLogLevel", + "access_level": "Write", + "description": "Grants permission to stop the application", + "privilege": "StopApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get position for a given resource", - "privilege": "GetResourcePosition", + "access_level": "Tagging", + "description": "Grants permission to add tags to the application", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" + "resource_type": "application*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the customer account specific endpoint for CUPS protocol connection or LoRaWAN Network Server (LNS) protocol connection, and optionally server trust certificate in PEM format", - "privilege": "GetServiceEndpoint", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the application", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the ServiceProfile", - "privilege": "GetServiceProfile", + "access_level": "Write", + "description": "Grants permission to update the application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ServiceProfile*" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the WirelessDevice", - "privilege": "GetWirelessDevice", + "access_level": "Write", + "description": "Grants permission to update the maintenance configuration of an application", + "privilege": "UpdateApplicationMaintenanceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "application*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "application" + } + ], + "service_name": "Amazon Kinesis Analytics V2" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters requests based on the allowed set of values for each of the tags", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to get the wireless device import task", - "privilege": "GetWirelessDeviceImportTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag-value assoicated with the stream", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to get statistics info for a given WirelessDevice", - "privilege": "GetWirelessDeviceStatistics", + "condition": "aws:TagKeys", + "description": "Filters requests based on the presence of mandatory tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "kinesisvideo", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to connect as a master to the signaling channel specified by the endpoint", + "privilege": "ConnectAsMaster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the WirelessGateway", - "privilege": "GetWirelessGateway", + "access_level": "Write", + "description": "Grants permission to connect as a viewer to the signaling channel specified by the endpoint", + "privilege": "ConnectAsViewer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the IoT Core Identity certificate id associated with the WirelessGateway", - "privilege": "GetWirelessGatewayCertificate", + "access_level": "Write", + "description": "Grants permission to create a signaling channel", + "privilege": "CreateSignalingChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get Current firmware version and other information for the WirelessGateway", - "privilege": "GetWirelessGatewayFirmwareInformation", - "resource_types": [ + "resource_type": "channel*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "WirelessGateway*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get statistics info for a given WirelessGateway", - "privilege": "GetWirelessGatewayStatistics", + "access_level": "Write", + "description": "Grants permission to create a Kinesis video stream", + "privilege": "CreateStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGateway*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the task for a given WirelessGateway", - "privilege": "GetWirelessGatewayTask", - "resource_types": [ + "resource_type": "stream*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "WirelessGateway*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the given WirelessGateway task definition", - "privilege": "GetWirelessGatewayTaskDefinition", + "access_level": "Write", + "description": "Grants permission to delete the edge configuration of your Kinesis Video Stream", + "privilege": "DeleteEdgeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition*" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list information of available Destinations based on the AWS account", - "privilege": "ListDestinations", + "access_level": "Write", + "description": "Grants permission to delete an existing signaling channel", + "privilege": "DeleteSignalingChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list information of available DeviceProfiles based on the AWS account", - "privilege": "ListDeviceProfiles", + "access_level": "Write", + "description": "Grants permission to delete an existing Kinesis video stream", + "privilege": "DeleteStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of devices by wireless device import task based on the AWS account", - "privilege": "ListDevicesForWirelessDeviceImportTask", + "description": "Grants permission to describe the edge configuration of your Kinesis Video Stream", + "privilege": "DescribeEdgeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask*" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available event configurations based on the AWS account", - "privilege": "ListEventConfigurations", + "description": "Grants permission to describe the image generation configuration of your Kinesis video stream", + "privilege": "DescribeImageGenerationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list information of available FuotaTasks based on the AWS account", - "privilege": "ListFuotaTasks", + "access_level": "List", + "description": "Grants permission to describe the resource mapped to the Kinesis video stream", + "privilege": "DescribeMappedResourceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available MulticastGroups based on the AWS account", - "privilege": "ListMulticastGroups", + "description": "Grants permission to describe the media storage configuration of a signaling channel", + "privilege": "DescribeMediaStorageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available MulticastGroups by FuotaTask based on the AWS account", - "privilege": "ListMulticastGroupsByFuotaTask", + "description": "Grants permission to describe the notification configuration of your Kinesis video stream", + "privilege": "DescribeNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" + "resource_type": "stream*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list information of available NetworkAnalyzerConfigurations based on the AWS account", - "privilege": "ListNetworkAnalyzerConfigurations", + "access_level": "List", + "description": "Grants permission to describe the specified signaling channel", + "privilege": "DescribeSignalingChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the available partner accounts", - "privilege": "ListPartnerAccounts", + "access_level": "List", + "description": "Grants permission to describe the specified Kinesis video stream", + "privilege": "DescribeStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available position configurations based on the AWS account", - "privilege": "ListPositionConfigurations", + "description": "Grants permission to get a media clip from a video stream", + "privilege": "GetClip", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the Queued Messages", - "privilege": "ListQueuedMessages", + "description": "Grants permission to create a URL for MPEG-DASH video streaming", + "privilege": "GetDASHStreamingSessionURL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available ServiceProfiles based on the AWS account", - "privilege": "ListServiceProfiles", + "description": "Grants permission to get an endpoint for a specified stream for either reading or writing media data to Kinesis Video Streams", + "privilege": "GetDataEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list all tags for a given resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to create a URL for HLS video streaming", + "privilege": "GetHLSStreamingSessionURL", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DeviceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FuotaTask" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ServiceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list wireless device import tasks information of based on the AWS account", - "privilege": "ListWirelessDeviceImportTasks", + "description": "Grants permission to get the ICE server configuration", + "privilege": "GetIceServerConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available WirelessDevices based on the AWS account", - "privilege": "ListWirelessDevices", + "description": "Grants permission to get generated images from your Kinesis video stream", + "privilege": "GetImages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available WirelessGateway task definitions based on the AWS account", - "privilege": "ListWirelessGatewayTaskDefinitions", + "description": "Grants permission to return media content of a Kinesis video stream", + "privilege": "GetMedia", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Read", - "description": "Grants permission to list information of available WirelessGateways based on the AWS account", - "privilege": "ListWirelessGateways", + "description": "Grants permission to read and return media data only from persisted storage", + "privilege": "GetMediaForFragmentList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put position configuration for a given resource", - "privilege": "PutPositionConfiguration", + "access_level": "Read", + "description": "Grants permission to get endpoints for a specified combination of protocol and role for a signaling channel", + "privilege": "GetSignalingChannelEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to put resource log level", - "privilege": "PutResourceLogLevel", + "description": "Grants permission to join a storage session for a channel", + "privilege": "JoinStorageSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to reset all resource log levels", - "privilege": "ResetAllResourceLogLevels", + "access_level": "List", + "description": "Grants permission to list an edge agent configurations", + "privilege": "ListEdgeAgentConfigurations", "resource_types": [ { "condition_keys": [], @@ -137392,189 +161928,120 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reset resource log level", - "privilege": "ResetResourceLogLevel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to send data to the MulticastGroup", - "privilege": "SendDataToMulticastGroup", + "access_level": "List", + "description": "Grants permission to list the fragments from archival storage based on the pagination token or selector type with range specified", + "privilege": "ListFragments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "stream*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send the decrypted application data frame to the target device", - "privilege": "SendDataToWirelessDevice", + "access_level": "List", + "description": "Grants permission to list your signaling channels", + "privilege": "ListSignalingChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate the WirelessDevices with MulticastGroup", - "privilege": "StartBulkAssociateWirelessDeviceWithMulticastGroup", + "access_level": "List", + "description": "Grants permission to list your Kinesis video streams", + "privilege": "ListStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to bulk disassociate the WirelessDevices from MulticastGroup", - "privilege": "StartBulkDisassociateWirelessDeviceFromMulticastGroup", + "access_level": "Read", + "description": "Grants permission to fetch the tags associated with your resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start the FuotaTask", - "privilege": "StartFuotaTask", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" + "resource_type": "stream" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the MulticastGroup session", - "privilege": "StartMulticastGroupSession", + "access_level": "Read", + "description": "Grants permission to fetch the tags associated with Kinesis video stream", + "privilege": "ListTagsForStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to start NetworkAnalyzer stream", - "privilege": "StartNetworkAnalyzerStream", + "description": "Grants permission to send media data to a Kinesis video stream", + "privilege": "PutMedia", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the single wireless device import task", - "privilege": "StartSingleWirelessDeviceImportTask", + "description": "Grants permission to send the Alexa SDP offer to the master", + "privilege": "SendAlexaOfferToMaster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the wireless device import task", - "privilege": "StartWirelessDeviceImportTask", + "description": "Grants permission to start edge configuration update of your Kinesis Video Stream", + "privilege": "StartEdgeConfigurationUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a given resource", + "description": "Grants permission to attach set of tags to your resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DeviceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FuotaTask" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ServiceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition" + "resource_type": "stream" }, { "condition_keys": [ @@ -137587,76 +162054,39 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to simulate a provisioned device to send an uplink data with payload of 'Hello'", - "privilege": "TestWirelessDevice", + "access_level": "Tagging", + "description": "Grants permission to attach set of tags to your Kinesis video streams", + "privilege": "TagStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice*" + "resource_type": "stream*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove the given tags from the resource", + "description": "Grants permission to remove one or more tags from your resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DeviceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FuotaTask" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MulticastGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ServiceProfile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessGatewayTaskDefinition" + "resource_type": "stream" }, { "condition_keys": [ @@ -137668,24 +162098,19 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a Destination resource", - "privilege": "UpdateDestination", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from your Kinesis video streams", + "privilege": "UntagStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Destination*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update event configuration by resource types", - "privilege": "UpdateEventConfigurationByResourceTypes", - "resource_types": [ + "resource_type": "stream*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -137693,334 +162118,344 @@ }, { "access_level": "Write", - "description": "Grants permission to update the FuotaTask", - "privilege": "UpdateFuotaTask", + "description": "Grants permission to update the data retention period of your Kinesis video stream", + "privilege": "UpdateDataRetention", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FuotaTask*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to update log levels by resource types", - "privilege": "UpdateLogLevelsByResourceTypes", + "description": "Grants permission to update the image generation configuration of your Kinesis video stream", + "privilege": "UpdateImageGenerationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the MulticastGroup", - "privilege": "UpdateMulticastGroup", + "description": "Grants permission to create or update an mapping between a signaling channel and stream", + "privilege": "UpdateMediaStorageConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the NetworkAnalyzerConfiguration", - "privilege": "UpdateNetworkAnalyzerConfiguration", + "description": "Grants permission to update the notification configuration of your Kinesis video stream", + "privilege": "UpdateNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MulticastGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "NetworkAnalyzerConfiguration*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway*" + "resource_type": "stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a partner account", - "privilege": "UpdatePartnerAccount", + "description": "Grants permission to update an existing signaling channel", + "privilege": "UpdateSignalingChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SidewalkAccount*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update position for a given resource", - "privilege": "UpdatePosition", + "description": "Grants permission to update an existing Kinesis video stream", + "privilege": "UpdateStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" + "resource_type": "stream*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:kinesisvideo:${Region}:${Account}:stream/${StreamName}/${CreationTime}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "stream" }, { - "access_level": "Write", - "description": "Grants permission to update an event configuration for an identifier", - "privilege": "UpdateResourceEventConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SidewalkAccount" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - } - ] + "arn": "arn:${Partition}:kinesisvideo:${Region}:${Account}:channel/${ChannelName}/${CreationTime}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" + } + ], + "service_name": "Amazon Kinesis Video Streams" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access to the specified AWS KMS operations based on both the key and value of the tag in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to update position for a given resource", - "privilege": "UpdateResourcePosition", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access to the specified AWS KMS operations based on tags assigned to the AWS KMS key", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access to the specified AWS KMS operations based on tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "kms:BypassPolicyLockoutSafetyCheck", + "description": "Filters access to the CreateKey and PutKeyPolicy operations based on the value of the BypassPolicyLockoutSafetyCheck parameter in the request", + "type": "Bool" + }, + { + "condition": "kms:CallerAccount", + "description": "Filters access to specified AWS KMS operations based on the AWS account ID of the caller. You can use this condition key to allow or deny access to all IAM users and roles in an AWS account in a single policy statement", + "type": "String" + }, + { + "condition": "kms:CustomerMasterKeySpec", + "description": "The kms:CustomerMasterKeySpec condition key is deprecated. Instead, use the kms:KeySpec condition key", + "type": "String" + }, + { + "condition": "kms:CustomerMasterKeyUsage", + "description": "The kms:CustomerMasterKeyUsage condition key is deprecated. Instead, use the kms:KeyUsage condition key", + "type": "String" + }, + { + "condition": "kms:DataKeyPairSpec", + "description": "Filters access to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext operations based on the value of the KeyPairSpec parameter in the request", + "type": "String" + }, + { + "condition": "kms:EncryptionAlgorithm", + "description": "Filters access to encryption operations based on the value of the encryption algorithm in the request", + "type": "String" + }, + { + "condition": "kms:EncryptionContext:${EncryptionContextKey}", + "description": "Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition evaluates the key and value in each key-value encryption context pair", + "type": "String" + }, + { + "condition": "kms:EncryptionContextKeys", + "description": "Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition key evaluates only the key in each key-value encryption context pair", + "type": "ArrayOfString" + }, + { + "condition": "kms:ExpirationModel", + "description": "Filters access to the ImportKeyMaterial operation based on the value of the ExpirationModel parameter in the request", + "type": "String" + }, + { + "condition": "kms:GrantConstraintType", + "description": "Filters access to the CreateGrant operation based on the grant constraint in the request", + "type": "String" + }, + { + "condition": "kms:GrantIsForAWSResource", + "description": "Filters access to the CreateGrant operation when the request comes from a specified AWS service", + "type": "Bool" + }, + { + "condition": "kms:GrantOperations", + "description": "Filters access to the CreateGrant operation based on the operations in the grant", + "type": "ArrayOfString" + }, + { + "condition": "kms:GranteePrincipal", + "description": "Filters access to the CreateGrant operation based on the grantee principal in the grant", + "type": "String" + }, + { + "condition": "kms:KeyOrigin", + "description": "Filters access to an API operation based on the Origin property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key", + "type": "String" + }, + { + "condition": "kms:KeySpec", + "description": "Filters access to an API operation based on the KeySpec property of the AWS KMS key that is created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", + "type": "String" + }, + { + "condition": "kms:KeyUsage", + "description": "Filters access to an API operation based on the KeyUsage property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", + "type": "String" + }, + { + "condition": "kms:MacAlgorithm", + "description": "Filters access to the GenerateMac and VerifyMac operations based on the MacAlgorithm parameter in the request", + "type": "String" + }, + { + "condition": "kms:MessageType", + "description": "Filters access to the Sign and Verify operations based on the value of the MessageType parameter in the request", + "type": "String" + }, + { + "condition": "kms:MultiRegion", + "description": "Filters access to an API operation based on the MultiRegion property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", + "type": "Bool" }, { - "access_level": "Write", - "description": "Grants permission to update a WirelessDevice resource", - "privilege": "UpdateWirelessDevice", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDevice*" - } - ] + "condition": "kms:MultiRegionKeyType", + "description": "Filters access to an API operation based on the MultiRegionKeyType property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to update a wireless device import task", - "privilege": "UpdateWirelessDeviceImportTask", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessDeviceImportTask*" - } - ] + "condition": "kms:PrimaryRegion", + "description": "Filters access to the UpdatePrimaryRegion operation based on the value of the PrimaryRegion parameter in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to update a WirelessGateway resource", - "privilege": "UpdateWirelessGateway", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WirelessGateway*" - } - ] - } - ], - "resources": [ + "condition": "kms:ReEncryptOnSameKey", + "description": "Filters access to the ReEncrypt operation when it uses the same AWS KMS key that was used for the Encrypt operation", + "type": "Bool" + }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDevice/${WirelessDeviceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "WirelessDevice" + "condition": "kms:RecipientAttestation:ImageSha384", + "description": "Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the image hash in the attestation document in the request", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessGateway/${WirelessGatewayId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "WirelessGateway" + "condition": "kms:RecipientAttestation:PCR", + "description": "Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the platform configuration registers (PCRs) in the attestation document in the request", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:DeviceProfile/${DeviceProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "DeviceProfile" + "condition": "kms:ReplicaRegion", + "description": "Filters access to the ReplicateKey operation based on the value of the ReplicaRegion parameter in the request", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:ServiceProfile/${ServiceProfileId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ServiceProfile" + "condition": "kms:RequestAlias", + "description": "Filters access to cryptographic operations, DescribeKey, and GetPublicKey based on the alias in the request", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:Destination/${DestinationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Destination" + "condition": "kms:ResourceAliases", + "description": "Filters access to specified AWS KMS operations based on aliases associated with the AWS KMS key", + "type": "ArrayOfString" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:SidewalkAccount/${SidewalkAccountId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "SidewalkAccount" + "condition": "kms:RetiringPrincipal", + "description": "Filters access to the CreateGrant operation based on the retiring principal in the grant", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessGatewayTaskDefinition/${WirelessGatewayTaskDefinitionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "WirelessGatewayTaskDefinition" + "condition": "kms:RotationPeriodInDays", + "description": "Filters access to the EnableKeyRotation operation based on the value of the RotationPeriodInDays parameter in the request", + "type": "Numeric" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:FuotaTask/${FuotaTaskId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "FuotaTask" + "condition": "kms:ScheduleKeyDeletionPendingWindowInDays", + "description": "Filters access to the ScheduleKeyDeletion operation based on the value of the PendingWindowInDays parameter in the request", + "type": "Numeric" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:MulticastGroup/${MulticastGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "MulticastGroup" + "condition": "kms:SigningAlgorithm", + "description": "Filters access to the Sign and Verify operations based on the signing algorithm in the request", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:NetworkAnalyzerConfiguration/${NetworkAnalyzerConfigurationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "NetworkAnalyzerConfiguration" + "condition": "kms:ValidTo", + "description": "Filters access to the ImportKeyMaterial operation based on the value of the ValidTo parameter in the request. You can use this condition key to allow users to import key material only when it expires by the specified date", + "type": "Date" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName}", - "condition_keys": [], - "resource": "thing" + "condition": "kms:ViaService", + "description": "Filters access when a request made on the principal's behalf comes from a specified AWS service", + "type": "String" }, { - "arn": "arn:${Partition}:iot:${Region}:${Account}:cert/${Certificate}", - "condition_keys": [], - "resource": "cert" + "condition": "kms:WrappingAlgorithm", + "description": "Filters access to the GetParametersForImport operation based on the value of the WrappingAlgorithm parameter in the request", + "type": "String" }, { - "arn": "arn:${Partition}:iotwireless:${Region}:${Account}:WirelessDeviceImportTask/${WirelessDeviceImportTaskId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "WirelessDeviceImportTask" + "condition": "kms:WrappingKeySpec", + "description": "Filters access to the GetParametersForImport operation based on the value of the WrappingKeySpec parameter in the request", + "type": "String" } ], - "service_name": "AWS IoT Wireless" - }, - { - "conditions": [], - "prefix": "iq", + "prefix": "kms", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept an incoming voice/video call", - "privilege": "AcceptCall", + "description": "Controls permission to cancel the scheduled deletion of an AWS KMS key", + "privilege": "CancelKeyDeletion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "call*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to approve a payment request", - "privilege": "ApprovePaymentRequest", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "paymentRequest*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to approve a proposal", - "privilege": "ApproveProposal", + "description": "Controls permission to connect or reconnect a custom key store to its associated AWS CloudHSM cluster or external key manager outside of AWS", + "privilege": "ConnectCustomKeyStore", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount" + ], "dependent_actions": [], - "resource_type": "proposal*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to archive a conversation", - "privilege": "ArchiveConversation", + "description": "Controls permission to create an alias for an AWS KMS key. Aliases are optional friendly names that you can associate with KMS keys", + "privilege": "CreateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "conversation*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to complete a proposal", - "privilege": "CompleteProposal", - "resource_types": [ + "resource_type": "alias*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to respond to a request or send a direct message to initiate a conversation", - "privilege": "CreateConversation", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], "resource_type": "" } @@ -138028,35 +162463,43 @@ }, { "access_level": "Write", - "description": "Grants permission to create an expert profile", - "privilege": "CreateExpert", + "description": "Controls permission to create a custom key store that is backed by an AWS CloudHSM cluster or an external key manager outside of AWS", + "privilege": "CreateCustomKeyStore", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "kms:CallerAccount" + ], + "dependent_actions": [ + "cloudhsm:DescribeClusters", + "iam:CreateServiceLinkedRole" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a listing", - "privilege": "CreateListing", + "access_level": "Permissions management", + "description": "Controls permission to add a grant to an AWS KMS key. You can use grants to add permissions without changing the key policy or IAM policy", + "privilege": "CreateGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a milestone proposal", - "privilege": "CreateMilestoneProposal", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:GrantConstraintType", + "kms:GranteePrincipal", + "kms:GrantIsForAWSResource", + "kms:GrantOperations", + "kms:RetiringPrincipal", + "kms:ViaService" + ], "dependent_actions": [], "resource_type": "" } @@ -138064,35 +162507,52 @@ }, { "access_level": "Write", - "description": "Grants permission to create a payment request", - "privilege": "CreatePaymentRequest", + "description": "Controls permission to create an AWS KMS key that can be used to protect data keys and other sensitive information", + "privilege": "CreateKey", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "kms:BypassPolicyLockoutSafetyCheck", + "kms:CallerAccount", + "kms:KeySpec", + "kms:KeyUsage", + "kms:KeyOrigin", + "kms:MultiRegion", + "kms:MultiRegionKeyType", + "kms:ViaService" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "kms:PutKeyPolicy", + "kms:TagResource" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to submit new requests", - "privilege": "CreateProject", + "description": "Controls permission to decrypt ciphertext that was encrypted under an AWS KMS key", + "privilege": "Decrypt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to submit new requests", - "privilege": "CreateRequest", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:RecipientAttestation:ImageSha384", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], "resource_type": "" } @@ -138100,35 +162560,38 @@ }, { "access_level": "Write", - "description": "Grants permission to create a scheduled proposal", - "privilege": "CreateScheduledProposal", + "description": "Controls permission to delete an alias. Aliases are optional friendly names that you can associate with AWS KMS keys", + "privilege": "DeleteAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a seller profile", - "privilege": "CreateSeller", - "resource_types": [ + "resource_type": "alias*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an upfront proposal", - "privilege": "CreateUpfrontProposal", + "description": "Controls permission to delete a custom key store", + "privilege": "DeleteCustomKeyStore", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount" + ], "dependent_actions": [], "resource_type": "" } @@ -138136,541 +162599,527 @@ }, { "access_level": "Write", - "description": "Grants permission to decline an incoming voice/video call", - "privilege": "DeclineCall", + "description": "Controls permission to delete cryptographic material that you imported into an AWS KMS key. This action makes the key unusable", + "privilege": "DeleteImportedKeyMaterial", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "call*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an existing attachment", - "privilege": "DeleteAttachment", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable individual public profile page", - "privilege": "DisableIndividualPublicProfile", + "access_level": "Read", + "description": "Controls permission to view detailed information about custom key stores in the account and region", + "privilege": "DescribeCustomKeyStores", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount" + ], "dependent_actions": [], - "resource_type": "expert*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to download existing attachment", - "privilege": "DownloadAttachment", + "description": "Controls permission to view detailed information about an AWS KMS key", + "privilege": "DescribeKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable individual public profile page", - "privilege": "EnableIndividualPublicProfile", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "expert*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to end a voice/video call", - "privilege": "EndCall", + "description": "Controls permission to disable an AWS KMS key, which prevents it from being used in cryptographic operations", + "privilege": "DisableKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "call*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read buyer information", - "privilege": "GetBuyer", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "buyer*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read details of a voice/video call", - "privilege": "GetCall", + "access_level": "Write", + "description": "Controls permission to disable automatic rotation of a customer managed AWS KMS key", + "privilege": "DisableKeyRotation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "call*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read the chat environment details about a conversation", - "privilege": "GetChatInfo", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read chat messages in a conversation", - "privilege": "GetChatMessages", + "access_level": "Write", + "description": "Controls permission to disconnect the custom key store from its associated AWS CloudHSM cluster or external key manager outside of AWS", + "privilege": "DisconnectCustomKeyStore", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to request a websocket token for the conversation notifications", - "privilege": "GetChatToken", + "access_level": "Write", + "description": "Controls permission to change the state of an AWS KMS key to enabled. This allows the KMS key to be used in cryptographic operations", + "privilege": "EnableKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "token*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read chat messages in a company conversation", - "privilege": "GetCompanyChatMessages", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read a company profile", - "privilege": "GetCompanyProfile", + "access_level": "Write", + "description": "Controls permission to enable automatic rotation of the cryptographic material in an AWS KMS key", + "privilege": "EnableKeyRotation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "company*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read details of a conversation", - "privilege": "GetConversation", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:RotationPeriodInDays", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read expert information", - "privilege": "GetExpert", + "access_level": "Write", + "description": "Controls permission to use the specified AWS KMS key to encrypt data and data keys", + "privilege": "Encrypt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "expert*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read a listing", - "privilege": "GetListing", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "listing*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read a seller profile information", - "privilege": "GetMarketplaceSeller", + "access_level": "Write", + "description": "Controls permission to use the AWS KMS key to generate data keys. You can use the data keys to encrypt data outside of AWS KMS", + "privilege": "GenerateDataKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "seller*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to read a payment request", - "privilege": "GetPaymentRequest", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:RecipientAttestation:ImageSha384", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "paymentRequest*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read a proposal", - "privilege": "GetProposal", + "access_level": "Write", + "description": "Controls permission to use the AWS KMS key to generate data key pairs", + "privilege": "GenerateDataKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a created request", - "privilege": "GetRequest", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:DataKeyPairSpec", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "request*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to read a review for an expert", - "privilege": "GetReview", + "access_level": "Write", + "description": "Controls permission to use the AWS KMS key to generate data key pairs. Unlike the GenerateDataKeyPair operation, this operation returns an encrypted private key without a plaintext copy", + "privilege": "GenerateDataKeyPairWithoutPlaintext", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "seller*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to hide a request", - "privilege": "HideRequest", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:DataKeyPairSpec", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "request*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a voice/video call", - "privilege": "InitiateCall", + "description": "Controls permission to use the AWS KMS key to generate a data key. Unlike the GenerateDataKey operation, this operation returns an encrypted data key without a plaintext version of the data key", + "privilege": "GenerateDataKeyWithoutPlaintext", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:RequestAlias", + "kms:ViaService" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to link an AWS certification to individual profile", - "privilege": "LinkAwsCertification", + "description": "Controls permission to use the AWS KMS key to generate message authentication codes", + "privilege": "GenerateMac", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "expert*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list existing attachments", - "privilege": "ListAttachments", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:MacAlgorithm", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list existing conversations", - "privilege": "ListConversations", + "access_level": "Write", + "description": "Controls permission to get a cryptographically secure random byte string from AWS KMS", + "privilege": "GenerateRandom", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "kms:RecipientAttestation:ImageSha384" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list access logs of expert activity", - "privilege": "ListExpertAccessLogs", + "description": "Controls permission to view the key policy for the specified AWS KMS key", + "privilege": "GetKeyPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list listings", - "privilege": "ListListings", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "listing*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list payment requests", - "privilege": "ListPaymentRequests", + "description": "Controls permission to view the key rotation status for an AWS KMS key", + "privilege": "GetKeyRotationStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "paymentRequest" + "resource_type": "key*" }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "paymentSchedule" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list proposals", - "privilege": "ListProposals", + "description": "Controls permission to get data that is required to import cryptographic material into a customer managed key, including a public key and import token", + "privilege": "GetParametersForImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list requests that are created", - "privilege": "ListRequests", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService", + "kms:WrappingAlgorithm", + "kms:WrappingKeySpec" + ], "dependent_actions": [], - "resource_type": "request*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list reviews for an expert", - "privilege": "ListReviews", + "description": "Controls permission to download the public key of an asymmetric AWS KMS key", + "privilege": "GetPublicKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "seller*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to mark a message as read in a conversation", - "privilege": "MarkChatMessageRead", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reject a payment request", - "privilege": "RejectPaymentRequest", + "description": "Controls permission to import cryptographic material into an AWS KMS key", + "privilege": "ImportKeyMaterial", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "paymentRequest*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reject a proposal", - "privilege": "RejectProposal", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ExpirationModel", + "kms:ValidTo", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "proposal*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to send a message in a conversation as a company", - "privilege": "SendCompanyChatMessage", + "access_level": "List", + "description": "Controls permission to view the aliases that are defined in the account. Aliases are optional friendly names that you can associate with AWS KMS keys", + "privilege": "ListAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to send a message in a conversation as an individual", - "privilege": "SendIndividualChatMessage", + "access_level": "List", + "description": "Controls permission to view all grants for an AWS KMS key", + "privilege": "ListGrants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "conversation*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to unarchive a conversation", - "privilege": "UnarchiveConversation", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:GrantIsForAWSResource", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "conversation*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to unlink an AWS certification from individual profile", - "privilege": "UnlinkAwsCertification", + "access_level": "List", + "description": "Controls permission to view the names of key policies for an AWS KMS key", + "privilege": "ListKeyPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "expert*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a company profile", - "privilege": "UpdateCompanyProfile", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "company*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add more participants into a conversation", - "privilege": "UpdateConversationMembers", + "access_level": "List", + "description": "Controls permission to view the list of completed key rotations for an AWS KMS key", + "privilege": "ListKeyRotations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "conversation*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an expert information", - "privilege": "UpdateExpert", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "expert*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a listing", - "privilege": "UpdateListing", + "access_level": "List", + "description": "Controls permission to view the key ID and Amazon Resource Name (ARN) of all AWS KMS keys in the account", + "privilege": "ListKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "listing*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a request", - "privilege": "UpdateRequest", + "access_level": "List", + "description": "Controls permission to view all tags that are attached to an AWS KMS key", + "privilege": "ListResourceTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "request*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to upload an attachment", - "privilege": "UploadAttachment", + "access_level": "List", + "description": "Controls permission to view grants in which the specified principal is the retiring principal. Other principals might be able to retire the grant and this principal might be able to retire other grants", + "privilege": "ListRetirableGrants", "resource_types": [ { "condition_keys": [], @@ -138680,289 +163129,273 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to withdraw a payment request", - "privilege": "WithdrawPaymentRequest", + "access_level": "Permissions management", + "description": "Controls permission to replace the key policy for the specified AWS KMS key", + "privilege": "PutKeyPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "paymentRequest*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:BypassPolicyLockoutSafetyCheck", + "kms:CallerAccount", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to withdraw a proposal", - "privilege": "WithdrawProposal", + "description": "Controls permission to decrypt data as part of the process that decrypts and reencrypts the data within AWS KMS", + "privilege": "ReEncryptFrom", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:ReEncryptOnSameKey", + "kms:RequestAlias", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to write a review for an expert", - "privilege": "WriteReview", + "description": "Controls permission to encrypt data as part of the process that decrypts and reencrypts the data within AWS KMS", + "privilege": "ReEncryptTo", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "seller*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:EncryptionAlgorithm", + "kms:EncryptionContext:${EncryptionContextKey}", + "kms:EncryptionContextKeys", + "kms:ReEncryptOnSameKey", + "kms:RequestAlias", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iq:${Region}::conversation/${ConversationId}", - "condition_keys": [], - "resource": "conversation" - }, - { - "arn": "arn:${Partition}:iq:${Region}::buyer/${BuyerId}", - "condition_keys": [], - "resource": "buyer" - }, - { - "arn": "arn:${Partition}:iq:${Region}::expert/${ExpertId}", - "condition_keys": [], - "resource": "expert" - }, - { - "arn": "arn:${Partition}:iq:${Region}::call/${CallId}", - "condition_keys": [], - "resource": "call" - }, - { - "arn": "arn:${Partition}:iq:${Region}::token/${TokenId}", - "condition_keys": [], - "resource": "token" - }, - { - "arn": "arn:${Partition}:iq:${Region}::proposal/${ConversationId}/${ProposalId}", - "condition_keys": [], - "resource": "proposal" - }, - { - "arn": "arn:${Partition}:iq:${Region}::paymentRequest/${ConversationId}/${ProposalId}/${PaymentRequestId}", - "condition_keys": [], - "resource": "paymentRequest" - }, - { - "arn": "arn:${Partition}:iq:${Region}::paymentSchedule/${ConversationId}/${ProposalId}/${VersionId}", - "condition_keys": [], - "resource": "paymentSchedule" - }, - { - "arn": "arn:${Partition}:iq:${Region}::seller/${SellerAwsAccountId}", - "condition_keys": [], - "resource": "seller" - }, - { - "arn": "arn:${Partition}:iq:${Region}::company/${CompanyId}", - "condition_keys": [], - "resource": "company" - }, - { - "arn": "arn:${Partition}:iq:${Region}::request/${RequestId}", - "condition_keys": [], - "resource": "request" - }, - { - "arn": "arn:${Partition}:iq:${Region}::listing/${ListingId}", - "condition_keys": [], - "resource": "listing" - }, - { - "arn": "arn:${Partition}:iq:${Region}::attachment/${AttachmentId}", - "condition_keys": [], - "resource": "attachment" }, - { - "arn": "arn:${Partition}:iq-permission:${Region}::permission/${PermissionRequestId}", - "condition_keys": [], - "resource": "permission" - } - ], - "service_name": "AWS IQ" - }, - { - "conditions": [], - "prefix": "iq-permission", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to approve a permission request", - "privilege": "ApproveAccessGrant", + "description": "Controls permission to replicate a multi-Region primary key", + "privilege": "ReplicateKey", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "kms:CreateKey", + "kms:PutKeyPolicy", + "kms:TagResource" + ], + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:ReplicaRegion", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to approve a permission request", - "privilege": "ApprovePermissionRequest", + "access_level": "Permissions management", + "description": "Controls permission to retire a grant. The RetireGrant operation is typically called by the grant user after they complete the tasks that the grant allowed them to perform", + "privilege": "RetireGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "key*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a permission request", - "privilege": "CreatePermissionRequest", + "access_level": "Permissions management", + "description": "Controls permission to revoke a grant, which denies permission for all operations that depend on the grant", + "privilege": "RevokeGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a permission request", - "privilege": "GetPermissionRequest", - "resource_types": [ + "resource_type": "key*" + }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:GrantIsForAWSResource", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list permission requests", - "privilege": "ListPermissionRequests", + "access_level": "Write", + "description": "Controls permission to invoke on-demand rotation of the cryptographic material in an AWS KMS key", + "privilege": "RotateKeyOnDemand", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reject a permission request", - "privilege": "RejectPermissionRequest", + "description": "Controls permission to schedule deletion of an AWS KMS key", + "privilege": "ScheduleKeyDeletion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:ScheduleKeyDeletionPendingWindowInDays", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to revoke a permission request which was previously approved", - "privilege": "RevokePermissionRequest", + "description": "Controls permission to produce a digital signature for a message", + "privilege": "Sign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "kms:CallerAccount", + "kms:MessageType", + "kms:RequestAlias", + "kms:SigningAlgorithm", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to withdraw a permission request that has not been approved or declined", - "privilege": "WithdrawPermissionRequest", + "description": "Controls access to internal APIs that synchronize multi-Region keys", + "privilege": "SynchronizeMultiRegionKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "permission*" + "resource_type": "key*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:iq-permission:${Region}::permission/${PermissionRequestId}", - "condition_keys": [], - "resource": "permission" - } - ], - "service_name": "AWS IQ Permissions" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags associated with the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "ivs", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to get multiple channels simultaneously by channel ARN", - "privilege": "BatchGetChannel", + "access_level": "Tagging", + "description": "Controls permission to create or update tags that are attached to an AWS KMS key", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "kms:CallerAccount", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get multiple stream keys simultaneously by stream key ARN", - "privilege": "BatchGetStreamKey", + "access_level": "Tagging", + "description": "Controls permission to delete tags that are attached to an AWS KMS key", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "kms:CallerAccount", + "kms:ViaService" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new channel and an associated stream key", - "privilege": "CreateChannel", + "description": "Controls permission to associate an alias with a different AWS KMS key. An alias is an optional friendly name that you can associate with a KMS key", + "privilege": "UpdateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "alias*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "key*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "kms:CallerAccount", + "kms:ViaService" ], "dependent_actions": [], "resource_type": "" @@ -138971,18 +163404,12 @@ }, { "access_level": "Write", - "description": "Grants permission to create a participant token", - "privilege": "CreateParticipantToken", + "description": "Controls permission to change the properties of a custom key store", + "privilege": "UpdateCustomKeyStore", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stage*" - }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "kms:CallerAccount" ], "dependent_actions": [], "resource_type": "" @@ -138991,18 +163418,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a a new recording configuration", - "privilege": "CreateRecordingConfiguration", + "description": "Controls permission to delete or change the description of an AWS KMS key", + "privilege": "UpdateKeyDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recording-Configuration*" + "resource_type": "key*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "kms:CallerAccount", + "kms:ViaService" ], "dependent_actions": [], "resource_type": "" @@ -139011,18 +163438,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create a stage", - "privilege": "CreateStage", + "description": "Controls permission to update the primary Region of a multi-Region primary key", + "privilege": "UpdatePrimaryRegion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "key*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "kms:CallerAccount", + "kms:PrimaryRegion", + "kms:ViaService" ], "dependent_actions": [], "resource_type": "" @@ -139031,18 +163459,21 @@ }, { "access_level": "Write", - "description": "Grants permission to create a stream key", - "privilege": "CreateStreamKey", + "description": "Controls permission to use the specified AWS KMS key to verify digital signatures", + "privilege": "Verify", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "key*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "kms:CallerAccount", + "kms:MessageType", + "kms:RequestAlias", + "kms:SigningAlgorithm", + "kms:ViaService" ], "dependent_actions": [], "resource_type": "" @@ -139051,1117 +163482,1045 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a channel and channel's stream keys", - "privilege": "DeleteChannel", + "description": "Controls permission to use the AWS KMS key to verify message authentication codes", + "privilege": "VerifyMac", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "key*" }, { - "condition_keys": [], + "condition_keys": [ + "kms:CallerAccount", + "kms:MacAlgorithm", + "kms:RequestAlias", + "kms:ViaService" + ], "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:kms:${Region}:${Account}:alias/${Alias}", + "condition_keys": [], + "resource": "alias" }, { - "access_level": "Write", - "description": "Grants permission to delete the playback key pair for a specified ARN", - "privilege": "DeletePlaybackKeyPair", + "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "kms:KeyOrigin", + "kms:KeySpec", + "kms:KeyUsage", + "kms:MultiRegion", + "kms:MultiRegionKeyType", + "kms:ResourceAliases" + ], + "resource": "key" + } + ], + "service_name": "AWS Key Management Service" + }, + { + "conditions": [], + "prefix": "lakeformation", + "privileges": [ + { + "access_level": "Tagging", + "description": "Grants permission to attach Lake Formation tags to catalog resources", + "privilege": "AddLFTagsToResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Playback-Key-Pair*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a recording configuration for the specified ARN", - "privilege": "DeleteRecordingConfiguration", + "access_level": "Permissions management", + "description": "Grants permission to data lake permissions to one or more principals in a batch", + "privilege": "BatchGrantPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recording-Configuration*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the stage for a specified ARN", - "privilege": "DeleteStage", + "access_level": "Permissions management", + "description": "Grants permission to revoke data lake permissions from one or more principals in a batch", + "privilege": "BatchRevokePermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the stream key for a specified ARN", - "privilege": "DeleteStreamKey", + "description": "Grants permission to cancel the given transaction", + "privilege": "CancelTransaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disconnect a participant from for the specified stage ARN", - "privilege": "DisconnectParticipant", + "description": "Grants permission to commit the given transaction", + "privilege": "CommitTransaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the channel configuration for a specified channel ARN", - "privilege": "GetChannel", + "access_level": "Write", + "description": "Grants permission to create a Lake Formation data cell filter", + "privilege": "CreateDataCellsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get participant information for a specified stage ARN, session, and participant", - "privilege": "GetParticipant", + "access_level": "Write", + "description": "Grants permission to create a Lake Formation tag", + "privilege": "CreateLFTag", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the playback keypair information for a specified ARN", - "privilege": "GetPlaybackKeyPair", + "access_level": "Write", + "description": "Grants permission to create an IAM Identity Center connection with Lake Formation to allow IAM Identity Center users and groups to access Data Catalog resources", + "privilege": "CreateLakeFormationIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Playback-Key-Pair*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the recording configuration for the specified ARN", - "privilege": "GetRecordingConfiguration", + "access_level": "Write", + "description": "Enforce Lake Formation permissions for the given databases, tables, and principals", + "privilege": "CreateLakeFormationOptIn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recording-Configuration*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get stage information for a specified ARN", - "privilege": "GetStage", + "access_level": "Write", + "description": "Grants permission to delete a Lake Formation data cell filter", + "privilege": "DeleteDataCellsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get stage session information for a specified stage ARN and session", - "privilege": "GetStageSession", + "access_level": "Write", + "description": "Grants permission to delete a Lake Formation tag", + "privilege": "DeleteLFTag", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the active (live) stream on a specified channel", - "privilege": "GetStream", + "access_level": "Write", + "description": "Grants permission to delete an IAM Identity Center connection with Lake Formation", + "privilege": "DeleteLakeFormationIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get stream-key information for a specified ARN", - "privilege": "GetStreamKey", + "access_level": "Write", + "description": "Remove the Lake Formation permissions enforcement of the given databases, tables, and principals", + "privilege": "DeleteLakeFormationOptIn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the stream session on a specified channel", - "privilege": "GetStreamSession", + "access_level": "Write", + "description": "Grants permission to delete the specified objects if the transaction is canceled", + "privilege": "DeleteObjectsOnCancel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to import the public key", - "privilege": "ImportPlaybackKeyPair", + "description": "Grants permission to deregister a registered location", + "privilege": "DeregisterResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Playback-Key-Pair*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about channels", - "privilege": "ListChannels", + "access_level": "Read", + "description": "Grants permission to describe the IAM Identity Center connection with Lake Formation", + "privilege": "DescribeLakeFormationIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list participant events for a specified stage ARN, session, and participant", - "privilege": "ListParticipantEvents", + "access_level": "Read", + "description": "Grants permission to describe a registered location", + "privilege": "DescribeResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list participants for a specified stage ARN and session", - "privilege": "ListParticipants", + "access_level": "Read", + "description": "Grants permission to get status of the given transaction", + "privilege": "DescribeTransaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about playback key pairs", - "privilege": "ListPlaybackKeyPairs", + "access_level": "Write", + "description": "Grants permission to extend the timeout of the given transaction", + "privilege": "ExtendTransaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Playback-Key-Pair*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about recording configurations", - "privilege": "ListRecordingConfigurations", + "access_level": "Write", + "description": "Grants permission to virtual data lake access", + "privilege": "GetDataAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recording-Configuration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list stage sessions for a specified stage ARN", - "privilege": "ListStageSessions", + "access_level": "Read", + "description": "Grants permission to retrieve a Lake Formation data cell filter", + "privilege": "GetDataCellsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about stages", - "privilege": "ListStages", + "access_level": "Read", + "description": "Grants permission to retrieve data lake settings such as the list of data lake administrators and database and table default permissions", + "privilege": "GetDataLakeSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about stream keys", - "privilege": "ListStreamKeys", + "access_level": "Read", + "description": "Grants permission to retrieve permissions attached to resources in the given path", + "privilege": "GetEffectivePermissionsForPath", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stream-Key*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about streams sessions on a specified channel", - "privilege": "ListStreamSessions", + "access_level": "Read", + "description": "Grants permission to retrieve a Lake Formation tag", + "privilege": "GetLFTag", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about live streams", - "privilege": "ListStreams", + "access_level": "Read", + "description": "Grants permission to retrieve the state of the given query", + "privilege": "GetQueryState", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Channel*" + "dependent_actions": [ + "lakeformation:StartQueryPlanning" + ], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about the tags for a specified ARN", - "privilege": "ListTagsForResource", + "description": "Grants permission to retrieve the statistics for the given query", + "privilege": "GetQueryStatistics", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Playback-Key-Pair" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Recording-Configuration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stage" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stream-Key" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "dependent_actions": [ + "lakeformation:StartQueryPlanning" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to insert metadata into an RTMP stream for a specified channel", - "privilege": "PutMetadata", + "access_level": "Read", + "description": "Grants permission to retrieve lakeformation tags on a catalog resource", + "privilege": "GetResourceLFTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect a streamer on a specified channel", - "privilege": "StopStream", + "access_level": "Read", + "description": "Grants permission to retrieve objects from a table", + "privilege": "GetTableObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags for a resource with a specified ARN", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to retrieve the results for the given work units", + "privilege": "GetWorkUnitResults", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Playback-Key-Pair" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Recording-Configuration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stage" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Stream-Key" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "dependent_actions": [ + "lakeformation:GetWorkUnits", + "lakeformation:StartQueryPlanning" ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags for a resource with a specified ARN", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to retrieve the work units for the given query", + "privilege": "GetWorkUnits", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Playback-Key-Pair" - }, + "dependent_actions": [ + "lakeformation:StartQueryPlanning" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to data lake permissions to a principal", + "privilege": "GrantPermissions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Recording-Configuration" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list cell filters", + "privilege": "ListDataCellsFilter", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list Lake Formation tags", + "privilege": "ListLFTags", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stream-Key" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a channel's configuration", - "privilege": "UpdateChannel", + "access_level": "List", + "description": "Retrieve the current list of resources and principals that are opt in to enforce Lake Formation permissions", + "privilege": "ListLakeFormationOptIns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a stage's configuration", - "privilege": "UpdateStage", + "access_level": "List", + "description": "Grants permission to list permissions filtered by principal or resource", + "privilege": "ListPermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Stage*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:ivs:${Region}:${Account}:channel/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Channel" - }, - { - "arn": "arn:${Partition}:ivs:${Region}:${Account}:stream-key/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Stream-Key" - }, - { - "arn": "arn:${Partition}:ivs:${Region}:${Account}:playback-key/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Playback-Key-Pair" - }, - { - "arn": "arn:${Partition}:ivs:${Region}:${Account}:recording-configuration/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Recording-Configuration" - }, - { - "arn": "arn:${Partition}:ivs:${Region}:${Account}:stage/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Stage" - } - ], - "service_name": "Amazon Interactive Video Service" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags associated with the request", - "type": "String" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "ivschat", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an encrypted token that is used to establish an individual WebSocket connection to a room", - "privilege": "CreateChatToken", + "access_level": "List", + "description": "Grants permission to List registered locations", + "privilege": "ListResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a logging configuration that allows clients to record room messages", - "privilege": "CreateLoggingConfiguration", + "access_level": "List", + "description": "Grants permission to list all the storage optimizers for the Governed table", + "privilege": "ListTableStorageOptimizers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a room that allows clients to connect and pass messages", - "privilege": "CreateRoom", + "access_level": "List", + "description": "Grants permission to list all transactions in the system", + "privilege": "ListTransactions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the logging configuration for a specified logging configuration ARN", - "privilege": "DeleteLoggingConfiguration", + "access_level": "Permissions management", + "description": "Grants permission to overwrite data lake settings such as the list of data lake administrators and database and table default permissions", + "privilege": "PutDataLakeSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send an event to a specific room which directs clients to delete a specific message", - "privilege": "DeleteMessage", + "description": "Grants permission to register a new location to be managed by Lake Formation", + "privilege": "RegisterResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the room for a specified room ARN", - "privilege": "DeleteRoom", + "access_level": "Tagging", + "description": "Grants permission to remove lakeformation tags from catalog resources", + "privilege": "RemoveLFTagsFromResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect all connections using a specified user ID from a room", - "privilege": "DisconnectUser", + "access_level": "Permissions management", + "description": "Grants permission to revoke data lake permissions from a principal", + "privilege": "RevokePermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the logging configuration for a specified logging configuration ARN", - "privilege": "GetLoggingConfiguration", + "description": "Grants permission to list catalog databases with Lake Formation tags", + "privilege": "SearchDatabasesByLFTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the room configuration for a specified room ARN", - "privilege": "GetRoom", + "description": "Grants permission to list catalog tables with Lake Formation tags", + "privilege": "SearchTablesByLFTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about logging configurations", - "privilege": "ListLoggingConfigurations", + "access_level": "Write", + "description": "Grants permission to initiate the planning of the given query", + "privilege": "StartQueryPlanning", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get summary information about rooms", - "privilege": "ListRooms", + "access_level": "Write", + "description": "Grants permission to start a new transaction", + "privilege": "StartTransaction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the tags for a specified ARN", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a Lake Formation data cell filter", + "privilege": "UpdateDataCellsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send an event to a room", - "privilege": "SendEvent", + "description": "Grants permission to update a Lake Formation tag", + "privilege": "UpdateLFTag", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags for a resource with a specified ARN", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update the IAM Identity Center connection parameters", + "privilege": "UpdateLakeFormationIdentityCenterConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Room" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags for a resource with a specified ARN", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update a registered location", + "privilege": "UpdateResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Room" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the logging configuration for a specified logging configuration ARN", - "privilege": "UpdateLoggingConfiguration", + "description": "Grants permission to add or delete the specified objects to or from a table", + "privilege": "UpdateTableObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Logging-Configuration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the room configuration for a specified room ARN", - "privilege": "UpdateRoom", + "description": "Grants permission to update the configuration of the storage optimizer for the Governed table", + "privilege": "UpdateTableStorageOptimizer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Room*" + "resource_type": "" } ] } ], - "resources": [ - { - "arn": "arn:${Partition}:ivschat:${Region}:${Account}:room/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Room" - }, - { - "arn": "arn:${Partition}:ivschat:${Region}:${Account}:logging-configuration/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Logging-Configuration" - } - ], - "service_name": "Amazon Interactive Video Service Chat" + "resources": [], + "service_name": "AWS Lake Formation" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" }, { - "condition": "kafka:publicAccessEnabled", - "description": "Filters access by the presence of public access enabled in the request", - "type": "Bool" + "condition": "lambda:CodeSigningConfigArn", + "description": "Filters access by the ARN of an AWS Lambda code signing config", + "type": "ARN" + }, + { + "condition": "lambda:EventSourceToken", + "description": "Filters access by the ID from a non-AWS event source configured for the AWS Lambda function", + "type": "String" + }, + { + "condition": "lambda:FunctionArn", + "description": "Filters access by the ARN of an AWS Lambda function", + "type": "ARN" + }, + { + "condition": "lambda:FunctionUrlAuthType", + "description": "Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations", + "type": "String" + }, + { + "condition": "lambda:Layer", + "description": "Filters access by the ARN of a version of an AWS Lambda layer", + "type": "ArrayOfString" + }, + { + "condition": "lambda:Principal", + "description": "Filters access by restricting the AWS service or account that can invoke a function", + "type": "String" + }, + { + "condition": "lambda:SecurityGroupIds", + "description": "Filters access by the ID of security groups configured for the AWS Lambda function", + "type": "ArrayOfString" + }, + { + "condition": "lambda:SourceFunctionArn", + "description": "Filters access by the ARN of the AWS Lambda function from which the request originated", + "type": "ARN" + }, + { + "condition": "lambda:SubnetIds", + "description": "Filters access by the ID of subnets configured for the AWS Lambda function", + "type": "ArrayOfString" + }, + { + "condition": "lambda:VpcIds", + "description": "Filters access by the ID of the VPC configured for the AWS Lambda function", + "type": "String" } ], - "prefix": "kafka", + "prefix": "lambda", "privileges": [ { - "access_level": "Write", - "description": "Grants permission to associate one or more Scram Secrets with an Amazon MSK cluster", - "privilege": "BatchAssociateScramSecret", + "access_level": "Permissions management", + "description": "Grants permission to add permissions to the resource-based policy of a version of an AWS Lambda layer", + "privilege": "AddLayerVersionPermission", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:CreateGrant", - "kms:RetireGrant" + "dependent_actions": [], + "resource_type": "layerVersion*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to give an AWS service or another account permission to use an AWS Lambda function", + "privilege": "AddPermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:Principal", + "lambda:FunctionUrlAuthType" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate one or more Scram Secrets from an Amazon MSK cluster", - "privilege": "BatchDisassociateScramSecret", + "description": "Grants permission to create an alias for a Lambda function version", + "privilege": "CreateAlias", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:RetireGrant" - ], + "dependent_actions": [], + "resource_type": "function*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS Lambda code signing config", + "privilege": "CreateCodeSigningConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an MSK cluster", - "privilege": "CreateCluster", + "description": "Grants permission to create a mapping between an event source and an AWS Lambda function", + "privilege": "CreateEventSourceMapping", "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "kms:CreateGrant", - "kms:DescribeKey" + "lambda:FunctionArn" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an MSK cluster", - "privilege": "CreateClusterV2", + "description": "Grants permission to create an AWS Lambda function", + "privilege": "CreateFunction", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "function*" + }, { "condition_keys": [ + "lambda:Layer", + "lambda:VpcIds", + "lambda:SubnetIds", + "lambda:SecurityGroupIds", + "lambda:CodeSigningConfigArn", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [ - "ec2:CreateTags", - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy", - "kms:CreateGrant", - "kms:DescribeKey" + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a function url configuration for a Lambda function", + "privilege": "CreateFunctionUrlConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:FunctionUrlAuthType", + "lambda:FunctionArn" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an MSK configuration", - "privilege": "CreateConfiguration", + "description": "Grants permission to delete an AWS Lambda function alias", + "privilege": "DeleteAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a MSK VPC connection", - "privilege": "CreateVpcConnection", + "description": "Grants permission to delete an AWS Lambda code signing config", + "privilege": "DeleteCodeSigningConfig", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:CreateTags", - "ec2:CreateVpcEndpoint", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code signing config*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an MSK cluster", - "privilege": "DeleteCluster", + "description": "Grants permission to delete an AWS Lambda event source mapping", + "privilege": "DeleteEventSourceMapping", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteVpcEndpoints", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints" + "dependent_actions": [], + "resource_type": "eventSourceMapping*" + }, + { + "condition_keys": [ + "lambda:FunctionArn" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a cluster resource-based policy", - "privilege": "DeleteClusterPolicy", + "description": "Grants permission to delete an AWS Lambda function", + "privilege": "DeleteFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified MSK configuration", - "privilege": "DeleteConfiguration", + "description": "Grants permission to detach a code signing config from an AWS Lambda function", + "privilege": "DeleteFunctionCodeSigningConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a MSK VPC connection", - "privilege": "DeleteVpcConnection", + "description": "Grants permission to remove a concurrent execution limit from an AWS Lambda function", + "privilege": "DeleteFunctionConcurrency", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteVpcEndpoints", - "ec2:DescribeVpcEndpoints" - ], - "resource_type": "vpc-connection*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an MSK cluster", - "privilege": "DescribeCluster", + "access_level": "Write", + "description": "Grants permission to delete the configuration for asynchronous invocation for an AWS Lambda function, version, or alias", + "privilege": "DeleteFunctionEventInvokeConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the cluster operation that is specified by the given ARN", - "privilege": "DescribeClusterOperation", + "access_level": "Write", + "description": "Grants permission to delete function url configuration for a Lambda function", + "privilege": "DeleteFunctionUrlConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:FunctionUrlAuthType", + "lambda:FunctionArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an MSK cluster", - "privilege": "DescribeClusterV2", + "access_level": "Write", + "description": "Grants permission to delete a version of an AWS Lambda layer", + "privilege": "DeleteLayerVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "layerVersion*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an MSK configuration", - "privilege": "DescribeConfiguration", + "access_level": "Write", + "description": "Grants permission to delete the provisioned concurrency configuration for an AWS Lambda function", + "privilege": "DeleteProvisionedConcurrencyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "function alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function version" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an MSK configuration revision", - "privilege": "DescribeConfigurationRevision", + "access_level": "Permissions management", + "description": "Grants permission to disable replication for a Lambda@Edge function", + "privilege": "DisableReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configuration*" + "resource_type": "function*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a MSK VPC connection", - "privilege": "DescribeVpcConnection", + "access_level": "Permissions management", + "description": "Grants permission to enable replication for a Lambda@Edge function", + "privilege": "EnableReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vpc-connection*" + "resource_type": "function*" } ] }, { "access_level": "Read", - "description": "Grants permission to get connection details for the brokers in an MSK cluster", - "privilege": "GetBootstrapBrokers", + "description": "Grants permission to view details about an account's limits and usage in an AWS Region", + "privilege": "GetAccountSettings", "resource_types": [ { "condition_keys": [], @@ -140172,215 +164531,217 @@ }, { "access_level": "Read", - "description": "Grants permission to describe a cluster resource-based policy", - "privilege": "GetClusterPolicy", + "description": "Grants permission to view details about an AWS Lambda function alias", + "privilege": "GetAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of the Apache Kafka versions to which you can update an MSK cluster", - "privilege": "GetCompatibleKafkaVersions", + "access_level": "Read", + "description": "Grants permission to view details about an AWS Lambda code signing config", + "privilege": "GetCodeSigningConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "code signing config*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all MSK VPC connections created for a cluster", - "privilege": "ListClientVpcConnections", + "access_level": "Read", + "description": "Grants permission to view details about an AWS Lambda event source mapping", + "privilege": "GetEventSourceMapping", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to return a list of all the operations that have been performed on the specified MSK cluster", - "privilege": "ListClusterOperations", - "resource_types": [ + "resource_type": "eventSourceMapping*" + }, { - "condition_keys": [], + "condition_keys": [ + "lambda:FunctionArn" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all MSK clusters in this account", - "privilege": "ListClusters", + "access_level": "Read", + "description": "Grants permission to view details about an AWS Lambda function", + "privilege": "GetFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all MSK clusters in this account", - "privilege": "ListClustersV2", + "access_level": "Read", + "description": "Grants permission to view the code signing config arn attached to an AWS Lambda function", + "privilege": "GetFunctionCodeSigningConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all revisions for an MSK configuration in this account", - "privilege": "ListConfigurationRevisions", + "access_level": "Read", + "description": "Grants permission to view details about the reserved concurrency configuration for a function", + "privilege": "GetFunctionConcurrency", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all MSK configurations in this account", - "privilege": "ListConfigurations", + "access_level": "Read", + "description": "Grants permission to view details about the version-specific settings of an AWS Lambda function or version", + "privilege": "GetFunctionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all Apache Kafka versions supported by Amazon MSK", - "privilege": "ListKafkaVersions", + "access_level": "Read", + "description": "Grants permission to view the configuration for asynchronous invocation for a function, version, or alias", + "privilege": "GetFunctionEventInvokeConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to list brokers in an MSK cluster", - "privilege": "ListNodes", + "access_level": "Read", + "description": "Grants permission to read function url configuration for a Lambda function", + "privilege": "GetFunctionUrlConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:FunctionUrlAuthType", + "lambda:FunctionArn" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Scram Secrets associated with an Amazon MSK cluster", - "privilege": "ListScramSecrets", + "access_level": "Read", + "description": "Grants permission to view details about a version of an AWS Lambda layer. Note this action also supports GetLayerVersionByArn API", + "privilege": "GetLayerVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "layerVersion*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags of an MSK resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to view the resource-based policy for a version of an AWS Lambda layer", + "privilege": "GetLayerVersionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "layerVersion*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all MSK VPC connections that this account uses", - "privilege": "ListVpcConnections", + "access_level": "Read", + "description": "Grants permission to view the resource-based policy for an AWS Lambda function, version, or alias", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update the resource-based policy for a cluster", - "privilege": "PutClusterPolicy", + "access_level": "Read", + "description": "Grants permission to view the provisioned concurrency configuration for an AWS Lambda function's alias or version", + "privilege": "GetProvisionedConcurrencyConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "function alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function version" } ] }, { - "access_level": "Write", - "description": "Grants permission to reboot broker", - "privilege": "RebootBroker", + "access_level": "Read", + "description": "Grants permission to view the runtime management configuration of an AWS Lambda function", + "privilege": "GetRuntimeManagementConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to reject a MSK VPC connection", - "privilege": "RejectClientVpcConnection", + "description": "Grants permission to invoke a function asynchronously (Deprecated)", + "privilege": "InvokeAsync", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "function*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag an MSK resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to invoke an AWS Lambda function", + "privilege": "InvokeFunction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vpc-connection" + "resource_type": "function*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "lambda:EventSourceToken" ], "dependent_actions": [], "resource_type": "" @@ -140388,23 +164749,20 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an MSK resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to invoke an AWS Lambda function through url", + "privilege": "InvokeFunctionUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vpc-connection" + "resource_type": "function*" }, { "condition_keys": [ - "aws:TagKeys" + "lambda:FunctionUrlAuthType", + "lambda:FunctionArn", + "lambda:EventSourceToken" ], "dependent_actions": [], "resource_type": "" @@ -140412,21 +164770,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the number of brokers of the MSK cluster", - "privilege": "UpdateBrokerCount", + "access_level": "List", + "description": "Grants permission to retrieve a list of aliases for an AWS Lambda function", + "privilege": "ListAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the storage size of the brokers of the MSK cluster", - "privilege": "UpdateBrokerStorage", + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS Lambda code signing configs", + "privilege": "ListCodeSigningConfigs", "resource_types": [ { "condition_keys": [], @@ -140436,9 +164794,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the broker type of an Amazon MSK cluster", - "privilege": "UpdateBrokerType", + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS Lambda event source mappings", + "privilege": "ListEventSourceMappings", "resource_types": [ { "condition_keys": [], @@ -140448,33 +164806,40 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of the MSK cluster", - "privilege": "UpdateClusterConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve a list of configurations for asynchronous invocation for a function", + "privilege": "ListFunctionEventInvokeConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the MSK cluster to the specified Apache Kafka version", - "privilege": "UpdateClusterKafkaVersion", + "access_level": "List", + "description": "Grants permission to read function url configurations for a function", + "privilege": "ListFunctionUrlConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:FunctionUrlAuthType" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new revision of the MSK configuration", - "privilege": "UpdateConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS Lambda functions, with the version-specific configuration of each function", + "privilege": "ListFunctions", "resource_types": [ { "condition_keys": [], @@ -140484,26 +164849,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the connectivity settings for the MSK cluster", - "privilege": "UpdateConnectivity", + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS Lambda functions by the code signing config assigned", + "privilege": "ListFunctionsByCodeSigningConfig", "resource_types": [ { - "condition_keys": [ - "kafka:publicAccessEnabled" - ], - "dependent_actions": [ - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "code signing config*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the monitoring settings for the MSK cluster", - "privilege": "UpdateMonitoring", + "access_level": "List", + "description": "Grants permission to retrieve a list of versions of an AWS Lambda layer", + "privilege": "ListLayerVersions", "resource_types": [ { "condition_keys": [], @@ -140513,436 +164873,429 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the security settings for the MSK cluster", - "privilege": "UpdateSecurity", + "access_level": "List", + "description": "Grants permission to retrieve a list of AWS Lambda layers, with details about the latest version of each layer", + "privilege": "ListLayers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kms:RetireGrant" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the EBS storage (size or provisioned throughput) associated with MSK brokers or set cluster storage mode to TIERED", - "privilege": "UpdateStorage", + "access_level": "List", + "description": "Grants permission to retrieve a list of provisioned concurrency configurations for an AWS Lambda function", + "privilege": "ListProvisionedConcurrencyConfigs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "function*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${Uuid}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster" - }, - { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:configuration/${ConfigurationName}/${Uuid}", - "condition_keys": [], - "resource": "configuration" - }, - { - "arn": "arn:${Partition}:kafka:${Region}:${VpcOwnerAccount}:vpc-connection/${ClusterOwnerAccount}/${ClusterName}/${Uuid}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "vpc-connection" }, { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}", - "condition_keys": [], - "resource": "topic" + "access_level": "Read", + "description": "Grants permission to retrieve a list of tags for an AWS Lambda function", + "privilege": "ListTags", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function*" + } + ] }, { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}", - "condition_keys": [], - "resource": "group" + "access_level": "List", + "description": "Grants permission to retrieve a list of versions for an AWS Lambda function", + "privilege": "ListVersionsByFunction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function*" + } + ] }, - { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}", - "condition_keys": [], - "resource": "transactional-id" - } - ], - "service_name": "Amazon Managed Streaming for Apache Kafka" - }, - { - "conditions": [ - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource. The resource tag context key will only apply to the cluster resource, not topics, groups and transactional IDs", - "type": "String" - } - ], - "prefix": "kafka-cluster", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to alter various aspects of the cluster, equivalent to Apache Kafka's ALTER CLUSTER ACL", - "privilege": "AlterCluster", + "description": "Grants permission to create an AWS Lambda layer", + "privilege": "PublishLayerVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeCluster" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "layer*" } ] }, { "access_level": "Write", - "description": "Grants permission to alter the dynamic configuration of a cluster, equivalent to Apache Kafka's ALTER_CONFIGS CLUSTER ACL", - "privilege": "AlterClusterDynamicConfiguration", + "description": "Grants permission to create an AWS Lambda function version", + "privilege": "PublishVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeClusterDynamicConfiguration" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to join groups on a cluster, equivalent to Apache Kafka's READ GROUP ACL", - "privilege": "AlterGroup", + "description": "Grants permission to attach a code signing config to an AWS Lambda function", + "privilege": "PutFunctionCodeSigningConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeGroup" + "dependent_actions": [], + "resource_type": "code signing config*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:CodeSigningConfigArn" ], - "resource_type": "group*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to alter topics on a cluster, equivalent to Apache Kafka's ALTER TOPIC ACL", - "privilege": "AlterTopic", + "description": "Grants permission to configure reserved concurrency for an AWS Lambda function", + "privilege": "PutFunctionConcurrency", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeTopic" - ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to alter the dynamic configuration of topics on a cluster, equivalent to Apache Kafka's ALTER_CONFIGS TOPIC ACL", - "privilege": "AlterTopicDynamicConfiguration", + "description": "Grants permission to configures options for asynchronous invocation on an AWS Lambda function, version, or alias", + "privilege": "PutFunctionEventInvokeConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeTopicDynamicConfiguration" - ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to alter transactional IDs on a cluster, equivalent to Apache Kafka's WRITE TRANSACTIONAL_ID ACL", - "privilege": "AlterTransactionalId", + "description": "Grants permission to configure provisioned concurrency for an AWS Lambda function's alias or version", + "privilege": "PutProvisionedConcurrencyConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeTransactionalId", - "kafka-cluster:WriteData" - ], - "resource_type": "transactional-id*" + "dependent_actions": [], + "resource_type": "function alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function version" } ] }, { "access_level": "Write", - "description": "Grants permission to connect and authenticate to the cluster", - "privilege": "Connect", + "description": "Grants permission to update the runtime management configuration of an AWS Lambda function", + "privilege": "PutRuntimeManagementConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "function*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create topics on a cluster, equivalent to Apache Kafka's CREATE CLUSTER/TOPIC ACL", - "privilege": "CreateTopic", + "access_level": "Permissions management", + "description": "Grants permission to remove a statement from the permissions policy for a version of an AWS Lambda layer", + "privilege": "RemoveLayerVersionPermission", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" - ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "layerVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete groups on a cluster, equivalent to Apache Kafka's DELETE GROUP ACL", - "privilege": "DeleteGroup", + "access_level": "Permissions management", + "description": "Grants permission to revoke function-use permission from an AWS service or another account", + "privilege": "RemovePermission", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeGroup" + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:Principal", + "lambda:FunctionUrlAuthType" ], - "resource_type": "group*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete topics on a cluster, equivalent to Apache Kafka's DELETE TOPIC ACL", - "privilege": "DeleteTopic", + "access_level": "Tagging", + "description": "Grants permission to add tags to an AWS Lambda function", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeTopic" + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe various aspects of the cluster, equivalent to Apache Kafka's DESCRIBE CLUSTER ACL", - "privilege": "DescribeCluster", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an AWS Lambda function", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "aws:TagKeys" ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the dynamic configuration of a cluster, equivalent to Apache Kafka's DESCRIBE_CONFIGS CLUSTER ACL", - "privilege": "DescribeClusterDynamicConfiguration", + "access_level": "Write", + "description": "Grants permission to update the configuration of an AWS Lambda function's alias", + "privilege": "UpdateAlias", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe groups on a cluster, equivalent to Apache Kafka's DESCRIBE GROUP ACL", - "privilege": "DescribeGroup", + "access_level": "Write", + "description": "Grants permission to update an AWS Lambda code signing config", + "privilege": "UpdateCodeSigningConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" - ], - "resource_type": "group*" + "dependent_actions": [], + "resource_type": "code signing config*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe topics on a cluster, equivalent to Apache Kafka's DESCRIBE TOPIC ACL", - "privilege": "DescribeTopic", + "access_level": "Write", + "description": "Grants permission to update the configuration of an AWS Lambda event source mapping", + "privilege": "UpdateEventSourceMapping", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" + "dependent_actions": [], + "resource_type": "eventSourceMapping*" + }, + { + "condition_keys": [ + "lambda:FunctionArn" ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the dynamic configuration of topics on a cluster, equivalent to Apache Kafka's DESCRIBE_CONFIGS TOPIC ACL", - "privilege": "DescribeTopicDynamicConfiguration", + "access_level": "Write", + "description": "Grants permission to update the code of an AWS Lambda function", + "privilege": "UpdateFunctionCode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" - ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe transactional IDs on a cluster, equivalent to Apache Kafka's DESCRIBE TRANSACTIONAL_ID ACL", - "privilege": "DescribeTransactionalId", + "access_level": "Write", + "description": "Grants permission to update the code signing config of an AWS Lambda function", + "privilege": "UpdateFunctionCodeSigningConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect" - ], - "resource_type": "transactional-id*" + "dependent_actions": [], + "resource_type": "code signing config*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "function*" } ] }, { - "access_level": "Read", - "description": "Grants permission to read data from topics on a cluster, equivalent to Apache Kafka's READ TOPIC ACL", - "privilege": "ReadData", + "access_level": "Write", + "description": "Grants permission to modify the version-specific settings of an AWS Lambda function", + "privilege": "UpdateFunctionConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:AlterGroup", - "kafka-cluster:Connect", - "kafka-cluster:DescribeTopic" + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:Layer", + "lambda:VpcIds", + "lambda:SubnetIds", + "lambda:SecurityGroupIds" ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to write data to topics on a cluster, equivalent to Apache Kafka's WRITE TOPIC ACL", - "privilege": "WriteData", + "description": "Grants permission to modify the configuration for asynchronous invocation for an AWS Lambda function, version, or alias", + "privilege": "UpdateFunctionEventInvokeConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:DescribeTopic" - ], - "resource_type": "topic*" + "dependent_actions": [], + "resource_type": "function*" } ] }, { "access_level": "Write", - "description": "Grants permission to write data idempotently on a cluster, equivalent to Apache Kafka's IDEMPOTENT_WRITE CLUSTER ACL", - "privilege": "WriteDataIdempotently", + "description": "Grants permission to update a function url configuration for a Lambda function", + "privilege": "UpdateFunctionUrlConfig", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "kafka-cluster:Connect", - "kafka-cluster:WriteData" + "dependent_actions": [], + "resource_type": "function*" + }, + { + "condition_keys": [ + "lambda:FunctionUrlAuthType", + "lambda:FunctionArn" ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${ClusterUuid}", + "arn": "arn:${Partition}:lambda:${Region}:${Account}:code-signing-config:${CodeSigningConfigId}", + "condition_keys": [], + "resource": "code signing config" + }, + { + "arn": "arn:${Partition}:lambda:${Region}:${Account}:event-source-mapping:${UUID}", + "condition_keys": [], + "resource": "eventSourceMapping" + }, + { + "arn": "arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "cluster" + "resource": "function" }, { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:topic/${ClusterName}/${ClusterUuid}/${TopicName}", - "condition_keys": [], - "resource": "topic" + "arn": "arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Alias}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "function alias" }, { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:group/${ClusterName}/${ClusterUuid}/${GroupName}", + "arn": "arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Version}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "function version" + }, + { + "arn": "arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName}", "condition_keys": [], - "resource": "group" + "resource": "layer" }, { - "arn": "arn:${Partition}:kafka:${Region}:${Account}:transactional-id/${ClusterName}/${ClusterUuid}/${TransactionalId}", + "arn": "arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName}:${LayerVersion}", "condition_keys": [], - "resource": "transactional-id" + "resource": "layerVersion" } ], - "service_name": "Apache Kafka APIs for Amazon MSK clusters" + "service_name": "AWS Lambda" }, { "conditions": [], - "prefix": "kafkaconnect", + "prefix": "launchwizard", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an MSK Connect connector", - "privilege": "CreateConnector", + "description": "Grants permission to create an additional node", + "privilege": "CreateAdditionalNode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "firehose:TagDeliveryStream", - "iam:AttachRolePolicy", - "iam:CreateServiceLinkedRole", - "iam:PassRole", - "iam:PutRolePolicy", - "logs:CreateLogDelivery", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "logs:GetLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an MSK Connect custom plugin", - "privilege": "CreateCustomPlugin", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an MSK Connect worker configuration", - "privilege": "CreateWorkerConfiguration", + "description": "Grants permission to create an application settings set", + "privilege": "CreateSettingsSet", "resource_types": [ { "condition_keys": [], @@ -140953,23 +165306,20 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an MSK Connect connector", - "privilege": "DeleteConnector", + "description": "Grants permission to delete an additional node", + "privilege": "DeleteAdditionalNode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries" - ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an MSK Connect custom plugin", - "privilege": "DeleteCustomPlugin", + "description": "Grants permission to delete an application", + "privilege": "DeleteApp", "resource_types": [ { "condition_keys": [], @@ -140979,45 +165329,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe an MSK Connect connector", - "privilege": "DescribeConnector", + "access_level": "Write", + "description": "Grants permission to delete a deployment", + "privilege": "DeleteDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an MSK Connect custom plugin", - "privilege": "DescribeCustomPlugin", + "access_level": "Write", + "description": "Grants permission to delete a settings set", + "privilege": "DeleteSettingsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "custom plugin*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an MSK Connect worker configuration", - "privilege": "DescribeWorkerConfiguration", + "description": "Grants permission to describe an additional node", + "privilege": "DescribeAdditionalNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "worker configuration*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list all MSK Connect connectors in this account", - "privilege": "ListConnectors", + "description": "Grants permission to describe provisioning applications", + "privilege": "DescribeProvisionedApp", "resource_types": [ { "condition_keys": [], @@ -141028,8 +165378,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list all MSK Connect custom plugins in this account", - "privilege": "ListCustomPlugins", + "description": "Grants permission to describe provisioning events", + "privilege": "DescribeProvisioningEvents", "resource_types": [ { "condition_keys": [], @@ -141040,8 +165390,8 @@ }, { "access_level": "Read", - "description": "Grants permission to list all MSK Connect worker configurations in this account", - "privilege": "ListWorkerConfigurations", + "description": "Grants permission to describe an application settings set", + "privilege": "DescribeSettingsSet", "resource_types": [ { "condition_keys": [], @@ -141051,9 +165401,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an MSK Connect connector", - "privilege": "UpdateConnector", + "access_level": "Read", + "description": "Grants permission to get a deployment", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], @@ -141061,240 +165411,242 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:connector/${ConnectorName}/${UUID}", - "condition_keys": [], - "resource": "connector" }, { - "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:custom-plugin/${CustomPluginName}/${UUID}", - "condition_keys": [], - "resource": "custom plugin" + "access_level": "Read", + "description": "Grants permission to get infrastructure suggestion", + "privilege": "GetInfrastructureSuggestion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:kafkaconnect:${Region}:${Account}:worker-configuration/${WorkerConfigurationName}/${UUID}", - "condition_keys": [], - "resource": "worker configuration" - } - ], - "service_name": "Amazon Managed Streaming for Kafka Connect" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "access_level": "Read", + "description": "Grants permission to get customer's ip address", + "privilege": "GetIpAddress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "access_level": "Read", + "description": "Grants permission to get resource cost estimate", + "privilege": "GetResourceCostEstimate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "kendra", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to put principal mapping in index", - "privilege": "AssociateEntitiesToExperience", + "access_level": "Read", + "description": "Grants permission to get recommendation for a resource", + "privilege": "GetResourceRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a settings set", + "privilege": "GetSettingsSet", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Defines the specific permissions of users or groups in your AWS SSO identity source with access to your Amazon Kendra experience", - "privilege": "AssociatePersonasToEntities", + "access_level": "Read", + "description": "Grants permission to get a workload", + "privilege": "GetWorkload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a workload's asset", + "privilege": "GetWorkloadAsset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch delete document", - "privilege": "BatchDeleteDocument", + "access_level": "Read", + "description": "Grants permission to get workload assets", + "privilege": "GetWorkloadAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a featured results set", - "privilege": "BatchDeleteFeaturedResultsSet", + "access_level": "List", + "description": "Grants permission to list additional nodes", + "privilege": "ListAdditionalNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "featured-results-set*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the allowed resources", + "privilege": "ListAllowedResources", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to do batch get document status", - "privilege": "BatchGetDocumentStatus", + "access_level": "List", + "description": "Grants permission to list the events that occured during a deployment", + "privilege": "ListDeploymentEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch put document", - "privilege": "BatchPutDocument", + "access_level": "List", + "description": "Grants permission to list deployments", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to clear out the suggestions for a given index, generated so far", - "privilege": "ClearQuerySuggestions", + "access_level": "List", + "description": "Grants permission to list provisioning applications", + "privilege": "ListProvisionedApps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an access control configuration", - "privilege": "CreateAccessControlConfiguration", + "access_level": "List", + "description": "Grants permission to list the cost estimates of resources", + "privilege": "ListResourceCostEstimates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a data source", - "privilege": "CreateDataSource", + "access_level": "List", + "description": "Grants permission to list settings sets", + "privilege": "ListSettingsSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list deployment options of a given workload", + "privilege": "ListWorkloadDeploymentOptions", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates an Amazon Kendra experience such as a search application", - "privilege": "CreateExperience", + "access_level": "List", + "description": "Grants permission to list the deployment patterns of a workload", + "privilege": "ListWorkloadDeploymentPatterns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Faq", - "privilege": "CreateFaq", + "access_level": "List", + "description": "Grants permission to list workloads", + "privilege": "ListWorkloads", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a featured results set", - "privilege": "CreateFeaturedResultsSet", + "description": "Grants permission to create a settings set", + "privilege": "PutSettingsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an Index", - "privilege": "CreateIndex", + "description": "Grants permission to start a provisioning", + "privilege": "StartProvisioning", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -141302,525 +165654,470 @@ }, { "access_level": "Write", - "description": "Grants permission to create a QuerySuggestions BlockList", - "privilege": "CreateQuerySuggestionsBlockList", + "description": "Grants permission to update an application settings set", + "privilege": "UpdateSettingsSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Launch Wizard" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access based on the tags in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to a Lex resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access based on the set of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "lex:associatedIntents", + "description": "Enables you to control access based on the intents included in the request", + "type": "ArrayOfString" + }, + { + "condition": "lex:associatedSlotTypes", + "description": "Enables you to control access based on the slot types included in the request", + "type": "ArrayOfString" }, + { + "condition": "lex:channelType", + "description": "Enables you to control access based on the channel type included in the request", + "type": "String" + } + ], + "prefix": "lex", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a Thesaurus", - "privilege": "CreateThesaurus", + "description": "Creates a new version based on the $LATEST version of the specified bot", + "privilege": "CreateBotVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot version*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an access control configuration", - "privilege": "DeleteAccessControlConfiguration", + "description": "Creates a new version based on the $LATEST version of the specified intent", + "privilege": "CreateIntentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-control-configuration*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "intent version*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a data source", - "privilege": "DeleteDataSource", + "description": "Creates a new version based on the $LATEST version of the specified slot type", + "privilege": "CreateSlotTypeVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "slottype version*" } ] }, { "access_level": "Write", - "description": "Deletes your Amazon Kendra experience such as a search application", - "privilege": "DeleteExperience", + "description": "Deletes all versions of a bot", + "privilege": "DeleteBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Faq", - "privilege": "DeleteFaq", + "description": "Deletes an alias for a specific bot", + "privilege": "DeleteBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "faq*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Index", - "privilege": "DeleteIndex", + "description": "Deletes the association between a Amazon Lex bot alias and a messaging platform", + "privilege": "DeleteBotChannelAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete principal mapping from index", - "privilege": "DeletePrincipalMapping", + "description": "Deletes a specific version of a bot", + "privilege": "DeleteBotVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "bot version*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a QuerySuggestions BlockList", - "privilege": "DeleteQuerySuggestionsBlockList", + "description": "Deletes all versions of an intent", + "privilege": "DeleteIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "query-suggestions-block-list*" + "resource_type": "intent version*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Thesaurus", - "privilege": "DeleteThesaurus", + "description": "Deletes a specific version of an intent", + "privilege": "DeleteIntentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thesaurus*" + "resource_type": "intent version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an access control configuration", - "privilege": "DescribeAccessControlConfiguration", + "access_level": "Write", + "description": "Removes session information for a specified bot, alias, and user ID", + "privilege": "DeleteSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-control-configuration*" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a data source", - "privilege": "DescribeDataSource", + "access_level": "Write", + "description": "Deletes all versions of a slot type", + "privilege": "DeleteSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "slottype version*" } ] }, { - "access_level": "Read", - "description": "Gets information about your Amazon Kendra experience such as a search application", - "privilege": "DescribeExperience", + "access_level": "Write", + "description": "Deletes a specific version of a slot type", + "privilege": "DeleteSlotTypeVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "slottype version*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an Faq", - "privilege": "DescribeFaq", + "access_level": "Write", + "description": "Deletes the information Amazon Lex maintains for utterances on a specific bot and userId", + "privilege": "DeleteUtterances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "faq*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a featured results set", - "privilege": "DescribeFeaturedResultsSet", + "description": "Returns information for a specific bot. In addition to the bot name, the bot version or alias is required", + "privilege": "GetBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "featured-results-set*" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an Index", - "privilege": "DescribeIndex", + "description": "Returns information about a Amazon Lex bot alias", + "privilege": "GetBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot alias*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe principal mapping from index", - "privilege": "DescribePrincipalMapping", + "access_level": "List", + "description": "Returns a list of aliases for a given Amazon Lex bot", + "privilege": "GetBotAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a QuerySuggestions BlockList", - "privilege": "DescribeQuerySuggestionsBlockList", + "description": "Returns information about the association between a Amazon Lex bot and a messaging platform", + "privilege": "GetBotChannelAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "query-suggestions-block-list*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the query suggestions configuration for an index", - "privilege": "DescribeQuerySuggestionsConfig", + "access_level": "List", + "description": "Returns a list of all of the channels associated with a single bot", + "privilege": "GetBotChannelAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a Thesaurus", - "privilege": "DescribeThesaurus", + "access_level": "List", + "description": "Returns information for all versions of a specific bot", + "privilege": "GetBotVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "thesaurus*" + "resource_type": "bot version*" } ] }, { - "access_level": "Write", - "description": "Prevents users or groups in your AWS SSO identity source from accessing your Amazon Kendra experience", - "privilege": "DisassociateEntitiesFromExperience", + "access_level": "List", + "description": "Returns information for the $LATEST version of all bots, subject to filters provided by the client", + "privilege": "GetBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Removes the specific permissions of users or groups in your AWS SSO identity source with access to your Amazon Kendra experience", - "privilege": "DisassociatePersonasFromEntities", + "access_level": "Read", + "description": "Returns information about a built-in intent", + "privilege": "GetBuiltinIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get suggestions for a query prefix", - "privilege": "GetQuerySuggestions", + "description": "Gets a list of built-in intents that meet the specified criteria", + "privilege": "GetBuiltinIntents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Retrieves search metrics data", - "privilege": "GetSnapshots", + "description": "Gets a list of built-in slot types that meet the specified criteria", + "privilege": "GetBuiltinSlotTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the access control configurations", - "privilege": "ListAccessControlConfigurations", + "access_level": "Read", + "description": "Exports Amazon Lex Resource in a requested format", + "privilege": "GetExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version*" } ] }, { - "access_level": "List", - "description": "Grants permission to get Data Source sync job history", - "privilege": "ListDataSourceSyncJobs", + "access_level": "Read", + "description": "Gets information about an import job started with StartImport", + "privilege": "GetImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the data sources", - "privilege": "ListDataSources", + "access_level": "Read", + "description": "Returns information for a specific intent. In addition to the intent name, you must also specify the intent version", + "privilege": "GetIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "intent version*" } ] }, { "access_level": "List", - "description": "Lists specific permissions of users and groups with access to your Amazon Kendra experience", - "privilege": "ListEntityPersonas", + "description": "Returns information for all versions of a specific intent", + "privilege": "GetIntentVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "intent version*" } ] }, { "access_level": "List", - "description": "Lists users or groups in your AWS SSO identity source that are granted access to your Amazon Kendra experience", - "privilege": "ListExperienceEntities", + "description": "Returns information for the $LATEST version of all intents, subject to filters provided by the client", + "privilege": "GetIntents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "experience*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view an ongoing or completed migration", + "privilege": "GetMigration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Lists one or more Amazon Kendra experiences. You can create an Amazon Kendra experience such as a search application", - "privilege": "ListExperiences", + "description": "Grants permission to view list of migrations from Amazon Lex v1 to Amazon Lex v2", + "privilege": "GetMigrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Faqs", - "privilege": "ListFaqs", + "access_level": "Read", + "description": "Returns session information for a specified bot, alias, and user ID", + "privilege": "GetSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" } ] }, { - "access_level": "List", - "description": "Grants permission to list the featured results sets", - "privilege": "ListFeaturedResultsSets", + "access_level": "Read", + "description": "Returns information about a specific version of a slot type. In addition to specifying the slot type name, you must also specify the slot type version", + "privilege": "GetSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "slottype version*" } ] }, { "access_level": "List", - "description": "Grants permission to list groups that are older than an ordering id", - "privilege": "ListGroupsOlderThanOrderingId", + "description": "Returns information for all versions of a specific slot type", + "privilege": "GetSlotTypeVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "slottype version*" } ] }, { "access_level": "List", - "description": "Grants permission to list the indexes", - "privilege": "ListIndices", + "description": "Returns information for the $LATEST version of all slot types, subject to filters provided by the client", + "privilege": "GetSlotTypes", "resource_types": [ { "condition_keys": [], @@ -141831,235 +166128,367 @@ }, { "access_level": "List", - "description": "Grants permission to list the QuerySuggestions BlockLists", - "privilege": "ListQuerySuggestionsBlockLists", + "description": "Returns a view of aggregate utterance data for versions of a bot for a recent time period", + "privilege": "GetUtterancesView", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for a resource", + "description": "Lists tags for a Lex resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "faq" + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "featured-results-set" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" - }, + "resource_type": "channel" + } + ] + }, + { + "access_level": "Write", + "description": "Sends user input (text or speech) to Amazon Lex", + "privilege": "PostContent", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "query-suggestions-block-list" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thesaurus" + "resource_type": "bot version" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Thesauri", - "privilege": "ListThesauri", + "access_level": "Write", + "description": "Sends user input (text-only) to Amazon Lex", + "privilege": "PostText", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot version" } ] }, { "access_level": "Write", - "description": "Grants permission to put principal mapping in index", - "privilege": "PutPrincipalMapping", + "description": "Creates or updates the $LATEST version of a Amazon Lex conversational bot", + "privilege": "PutBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to query documents and faqs", - "privilege": "Query", + "access_level": "Write", + "description": "Creates or updates an alias for the specific bot", + "privilege": "PutBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot alias*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve relevant content from an index", - "privilege": "Retrieve", + "access_level": "Write", + "description": "Creates or updates the $LATEST version of an intent", + "privilege": "PutIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "intent version*" } ] }, { "access_level": "Write", - "description": "Grants permission to start Data Source sync job", - "privilege": "StartDataSourceSyncJob", + "description": "Creates a new session or modifies an existing session with an Amazon Lex bot", + "privilege": "PutSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version" } ] }, { "access_level": "Write", - "description": "Grants permission to stop Data Source sync job", - "privilege": "StopDataSourceSyncJob", + "description": "Creates or updates the $LATEST version of a slot type", + "privilege": "PutSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" - }, + "resource_type": "slottype version*" + } + ] + }, + { + "access_level": "Write", + "description": "Starts a job to import a resource to Amazon Lex", + "privilege": "StartImport", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send feedback about a query results", - "privilege": "SubmitFeedback", + "description": "Grants permission to migrate a bot from Amazon Lex v1 to Amazon Lex v2", + "privilege": "StartMigration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot version*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource with given key value pairs", + "description": "Adds or overwrites tags to a Lex resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "faq" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "featured-results-set" + "resource_type": "channel" }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Removes tags from a Lex resource", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "query-suggestions-block-list" + "resource_type": "bot alias" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thesaurus" + "resource_type": "channel" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "bot" }, { - "access_level": "Tagging", - "description": "Grants permission to remove the tag with the given key from a resource", - "privilege": "UntagResource", + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "bot version" + }, + { + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotAlias}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "bot alias" + }, + { + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot-channel:${BotName}:${BotAlias}:${ChannelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" + }, + { + "arn": "arn:${Partition}:lex:${Region}:${Account}:intent:${IntentName}:${IntentVersion}", + "condition_keys": [], + "resource": "intent version" + }, + { + "arn": "arn:${Partition}:lex:${Region}:${Account}:slottype:${SlotName}:${SlotVersion}", + "condition_keys": [], + "resource": "slottype version" + } + ], + "service_name": "Amazon Lex" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to a Lex resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the set of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "lex", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create new items in an existing custom vocabulary", + "privilege": "BatchCreateCustomVocabularyItem", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source" - }, + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete existing items in an existing custom vocabulary", + "privilege": "BatchDeleteCustomVocabularyItem", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "faq" - }, + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update existing items in an existing custom vocabulary", + "privilege": "BatchUpdateCustomVocabularyItem", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "featured-results-set" - }, + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to build an existing bot locale in a bot", + "privilege": "BuildBotLocale", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index" - }, + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new bot and a test bot alias pointing to the DRAFT bot version", + "privilege": "CreateBot", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "query-suggestions-block-list" + "resource_type": "bot*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thesaurus" + "resource_type": "bot alias*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -142068,245 +166497,158 @@ }, { "access_level": "Write", - "description": "Grants permission to update an access control configuration", - "privilege": "UpdateAccessControlConfiguration", + "description": "Grants permission to create a new bot alias in a bot", + "privilege": "CreateBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "access-control-configuration*" + "resource_type": "bot alias*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a data source", - "privilege": "UpdateDataSource", + "description": "Grants permission to create a bot channel in an existing bot", + "privilege": "CreateBotChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "data-source*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Updates your Amazon Kendra experience such as a search application", - "privilege": "UpdateExperience", + "description": "Grants permission to create a new bot locale in an existing bot", + "privilege": "CreateBotLocale", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a featured results set", - "privilege": "UpdateFeaturedResultsSet", + "description": "Grants permission to create bot replica for a bot", + "privilege": "CreateBotReplica", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "featured-results-set*" - }, + "resource_type": "bot*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new version of an existing bot", + "privilege": "CreateBotVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an Index", - "privilege": "UpdateIndex", + "description": "Grants permission to create a new custom vocabulary in an existing bot locale", + "privilege": "CreateCustomVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a QuerySuggestions BlockList", - "privilege": "UpdateQuerySuggestionsBlockList", + "description": "Grants permission to create an export for an existing resource", + "privilege": "CreateExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "query-suggestions-block-list*" + "resource_type": "test set" } ] }, { "access_level": "Write", - "description": "Grants permission to update the query suggestions configuration for an index", - "privilege": "UpdateQuerySuggestionsConfig", + "description": "Grants permission to create a new intent in an existing bot locale", + "privilege": "CreateIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a thesaurus", - "privilege": "UpdateThesaurus", + "description": "Grants permission to create a new resource policy for a Lex resource", + "privilege": "CreateResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "index*" + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "thesaurus*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "index" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/data-source/${DataSourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "data-source" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/faq/${FaqId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "faq" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/experience/${ExperienceId}", - "condition_keys": [], - "resource": "experience" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/thesaurus/${ThesaurusId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "thesaurus" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/query-suggestions-block-list/${QuerySuggestionsBlockListId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "query-suggestions-block-list" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/featured-results-set/${FeaturedResultsSetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "featured-results-set" - }, - { - "arn": "arn:${Partition}:kendra:${Region}:${Account}:index/${IndexId}/access-control-configuration/${AccessControlConfigurationId}", - "condition_keys": [], - "resource": "access-control-configuration" - } - ], - "service_name": "Amazon Kendra" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "kendra-ranking", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a RescoreExecutionPlan", - "privilege": "CreateRescoreExecutionPlan", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a RescoreExecutionPlan", - "privilege": "DeleteRescoreExecutionPlan", + "description": "Grants permission to create a new slot in an intent", + "privilege": "CreateSlot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rescore-execution-plan*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a RescoreExecutionPlan", - "privilege": "DescribeRescoreExecutionPlan", + "access_level": "Write", + "description": "Grants permission to create a new slot type in an existing bot locale", + "privilege": "CreateSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rescore-execution-plan*" + "resource_type": "bot*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all RescoreExecutionPlans", - "privilege": "ListRescoreExecutionPlans", + "access_level": "Write", + "description": "Grants permission to import a new test-set", + "privilege": "CreateTestSet", "resource_types": [ { "condition_keys": [], @@ -142316,1108 +166658,1054 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create a test set discrepancy report", + "privilege": "CreateTestSetDiscrepancyReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rescore-execution-plan" + "resource_type": "test set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to Rescore documents with Kendra Intelligent Ranking", - "privilege": "Rescore", + "access_level": "Write", + "description": "Grants permission to create an upload url for import file", + "privilege": "CreateUploadUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rescore-execution-plan*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource with given key value pairs", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete an existing bot", + "privilege": "DeleteBot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "rescore-execution-plan" + "dependent_actions": [ + "lex:DeleteBotAlias", + "lex:DeleteBotChannel", + "lex:DeleteBotLocale", + "lex:DeleteBotVersion", + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType" + ], + "resource_type": "bot*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the tag with the given key from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete an existing bot alias in a bot", + "privilege": "DeleteBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rescore-execution-plan" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a RescoreExecutionPlan", - "privilege": "UpdateRescoreExecutionPlan", + "description": "Grants permission to delete an existing bot channel", + "privilege": "DeleteBotChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "rescore-execution-plan*" + "resource_type": "bot*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kendra-ranking:${Region}:${Account}:rescore-execution-plan/${RescoreExecutionPlanId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "rescore-execution-plan" - } - ], - "service_name": "Amazon Kendra Intelligent Ranking" - }, - { - "conditions": [], - "prefix": "kinesis", - "privileges": [ + }, { - "access_level": "Tagging", - "description": "Grants permission to add or update tags for the specified Amazon Kinesis stream. Each stream can have up to 10 tags", - "privilege": "AddTagsToStream", + "access_level": "Write", + "description": "Grants permission to delete an existing bot locale in a bot", + "privilege": "DeleteBotLocale", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream*" + "dependent_actions": [ + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType" + ], + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a Amazon Kinesis stream", - "privilege": "CreateStream", + "description": "Grants permission to delete an existing bot replica", + "privilege": "DeleteBotReplica", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to decrease the stream's retention period, which is the length of time data records are accessible after they are added to the stream", - "privilege": "DecreaseStreamRetentionPeriod", + "description": "Grants permission to delete an existing bot version", + "privilege": "DeleteBotVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a stream and all its shards and data", - "privilege": "DeleteStream", + "description": "Grants permission to delete an existing custom vocabulary in a bot locale", + "privilege": "DeleteCustomVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister a stream consumer with a Kinesis data stream", - "privilege": "DeregisterStreamConsumer", + "description": "Grants permission to delete an existing export", + "privilege": "DeleteExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "consumer*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe the shard limits and usage for the account", - "privilege": "DescribeLimits", - "resource_types": [ + "resource_type": "bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "test set" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the specified stream", - "privilege": "DescribeStream", + "access_level": "Write", + "description": "Grants permission to delete an existing import", + "privilege": "DeleteImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test set" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the description of a registered stream consumer", - "privilege": "DescribeStreamConsumer", + "access_level": "Write", + "description": "Grants permission to delete an existing intent in a bot locale", + "privilege": "DeleteIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "consumer*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to provide a summarized description of the specified Kinesis data stream without the shard list", - "privilege": "DescribeStreamSummary", + "access_level": "Write", + "description": "Grants permission to delete an existing resource policy for a Lex resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" } ] }, { "access_level": "Write", - "description": "Grants permission to disables enhanced monitoring", - "privilege": "DisableEnhancedMonitoring", + "description": "Grants permission to delete session information for a bot alias and user ID", + "privilege": "DeleteSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable enhanced Kinesis data stream monitoring for shard-level metrics", - "privilege": "EnableEnhancedMonitoring", + "description": "Grants permission to delete an existing slot in an intent", + "privilege": "DeleteSlot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get data records from a shard", - "privilege": "GetRecords", + "access_level": "Write", + "description": "Grants permission to delete an existing slot type in a bot locale", + "privilege": "DeleteSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a shard iterator. A shard iterator expires five minutes after it is returned to the requester", - "privilege": "GetShardIterator", + "access_level": "Write", + "description": "Grants permission to delete an existing test set", + "privilege": "DeleteTestSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "test set*" } ] }, { "access_level": "Write", - "description": "Grants permission to increase the stream's retention period, which is the length of time data records are accessible after they are added to the stream", - "privilege": "IncreaseStreamRetentionPeriod", + "description": "Grants permission to delete utterance data for a bot", + "privilege": "DeleteUtterances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the shards in a stream and provides information about each shard", - "privilege": "ListShards", + "access_level": "Read", + "description": "Grants permission to retrieve an existing bot", + "privilege": "DescribeBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the stream consumers registered to receive data from a Kinesis stream using enhanced fan-out, and provides information about each consumer", - "privilege": "ListStreamConsumers", + "access_level": "Read", + "description": "Grants permission to retrieve an existing bot alias", + "privilege": "DescribeBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot alias*" } ] }, { - "access_level": "List", - "description": "Grants permission to list your streams", - "privilege": "ListStreams", + "access_level": "Read", + "description": "Grants permission to retrieve an existing bot channel", + "privilege": "DescribeBotChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for the specified Amazon Kinesis stream", - "privilege": "ListTagsForStream", + "description": "Grants permission to retrieve an existing bot locale", + "privilege": "DescribeBotLocale", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to merge two adjacent shards in a stream and combines them into a single shard to reduce the stream's capacity to ingest and transport data", - "privilege": "MergeShards", + "access_level": "Read", + "description": "Grants permission to retrieve metadata information about a bot recommendation", + "privilege": "DescribeBotRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to write a single data record from a producer into an Amazon Kinesis stream", - "privilege": "PutRecord", + "access_level": "Read", + "description": "Grants permission to retrieve an existing bot replica", + "privilege": "DescribeBotReplica", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to write multiple data records from a producer into an Amazon Kinesis stream in a single call (also referred to as a PutRecords request)", - "privilege": "PutRecords", + "access_level": "Read", + "description": "Grants permission to retrieve metadata information for a bot resource generation", + "privilege": "DescribeBotResourceGeneration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register a stream consumer with a Kinesis data stream", - "privilege": "RegisterStreamConsumer", + "access_level": "Read", + "description": "Grants permission to retrieve an existing bot version", + "privilege": "DescribeBotVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from the specified Kinesis data stream. Removed tags are deleted and cannot be recovered after this operation successfully completes", - "privilege": "RemoveTagsFromStream", + "access_level": "Read", + "description": "Grants permission to retrieve an existing custom vocabulary", + "privilege": "DescribeCustomVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to split a shard into two new shards in the Kinesis data stream, to increase the stream's capacity to ingest and transport data", - "privilege": "SplitShard", + "access_level": "Read", + "description": "Grants permission to retrieve metadata of an existing custom vocabulary", + "privilege": "DescribeCustomVocabularyMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or update server-side encryption using an AWS KMS key for a specified stream", - "privilege": "StartStreamEncryption", + "access_level": "Read", + "description": "Grants permission to retrieve an existing export", + "privilege": "DescribeExport", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "kmsKey*" + "dependent_actions": [ + "lex:DescribeBot", + "lex:DescribeBotLocale", + "lex:DescribeIntent", + "lex:DescribeSlot", + "lex:DescribeSlotType", + "lex:ListBotLocales", + "lex:ListIntents", + "lex:ListSlotTypes", + "lex:ListSlots" + ], + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "test set" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable server-side encryption for a specified stream", - "privilege": "StopStreamEncryption", + "access_level": "Read", + "description": "Grants permission to retrieve an existing import", + "privilege": "DescribeImport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "kmsKey*" + "resource_type": "bot" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "test set" } ] }, { "access_level": "Read", - "description": "Grants permission to listen to a specific shard with enhanced fan-out", - "privilege": "SubscribeToShard", + "description": "Grants permission to retrieve an existing intent", + "privilege": "DescribeIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "consumer*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the shard count of the specified stream to the specified number of shards", - "privilege": "UpdateShardCount", + "access_level": "Read", + "description": "Grants permission to retrieve an existing resource policy for a Lex resource", + "privilege": "DescribeResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the capacity mode of the data stream", - "privilege": "UpdateStreamMode", + "access_level": "Read", + "description": "Grants permission to retrieve an existing slot", + "privilege": "DescribeSlot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kinesis:${Region}:${Account}:stream/${StreamName}", - "condition_keys": [], - "resource": "stream" - }, - { - "arn": "arn:${Partition}:kinesis:${Region}:${Account}:${StreamType}/${StreamName}/consumer/${ConsumerName}:${ConsumerCreationTimpstamp}", - "condition_keys": [], - "resource": "consumer" - }, - { - "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", - "condition_keys": [], - "resource": "kmsKey" - } - ], - "service_name": "Amazon Kinesis Data Streams" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value assoicated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "kinesisanalytics", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add input to the application", - "privilege": "AddApplicationInput", + "access_level": "Read", + "description": "Grants permission to retrieve an existing slot type", + "privilege": "DescribeSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add output to the application", - "privilege": "AddApplicationOutput", + "access_level": "Read", + "description": "Grants permission to retrieve test execution metadata", + "privilege": "DescribeTestExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "test set*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add reference data source to the application", - "privilege": "AddApplicationReferenceDataSource", + "access_level": "Read", + "description": "Grants permission to retrieve an existing test set", + "privilege": "DescribeTestSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "test set*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an application", - "privilege": "CreateApplication", + "access_level": "Read", + "description": "Grants permission to retrieve test set discrepancy report metadata", + "privilege": "DescribeTestSetDiscrepancyReport", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "test set*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the application", - "privilege": "DeleteApplication", + "access_level": "Read", + "description": "Grants permission to retrieve test set generation metadata", + "privilege": "DescribeTestSetGeneration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "test set" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified output of the application", - "privilege": "DeleteApplicationOutput", + "access_level": "Read", + "description": "Grants permission to generate supported fields or elements for a bot", + "privilege": "GenerateBotElement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified reference data source of the application", - "privilege": "DeleteApplicationReferenceDataSource", + "access_level": "Read", + "description": "Grants permission to retrieve session information for a bot alias and user ID", + "privilege": "GetSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot alias*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the specified application", - "privilege": "DescribeApplication", + "description": "Grants permission to retrieve artifacts URL for a test execution", + "privilege": "GetTestExecutionArtifactsUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "test set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to discover the input schema for the application", - "privilege": "DiscoverInputSchema", + "access_level": "List", + "description": "Grants permission to list utterances and statistics for a bot", + "privilege": "ListAggregatedUtterances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to Kinesis Data Analytics console to display stream results for Kinesis Data Analytics SQL runtime applications", - "privilege": "GetApplicationState", + "access_level": "List", + "description": "Grants permission to list alias replicas in a bot replica", + "privilege": "ListBotAliasReplicas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { "access_level": "List", - "description": "Grants permission to list applications for the account", - "privilege": "ListApplications", + "description": "Grants permission to list bot aliases in an bot", + "privilege": "ListBotAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the tags associated with the application", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list bot channels", + "privilege": "ListBotChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the application", - "privilege": "StartApplication", + "access_level": "List", + "description": "Grants permission to list bot locales in a bot", + "privilege": "ListBotLocales", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop the application", - "privilege": "StopApplication", + "access_level": "List", + "description": "Grants permission to get a list of bot recommendations that meet the specified criteria", + "privilege": "ListBotRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to the application", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list replicas of a bot", + "privilege": "ListBotReplicas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the application", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list the resource generations for a bot", + "privilege": "ListBotResourceGenerations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the application", - "privilege": "UpdateApplication", + "access_level": "List", + "description": "Grants permission to list version replicas in a bot replica", + "privilege": "ListBotVersionReplicas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - } - ], - "service_name": "Amazon Kinesis Analytics" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value assoicated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "kinesisanalytics", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add cloudwatch logging option to the application", - "privilege": "AddApplicationCloudWatchLoggingOption", + "access_level": "List", + "description": "Grants permission to list existing bot versions", + "privilege": "ListBotVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add input to the application", - "privilege": "AddApplicationInput", + "access_level": "List", + "description": "Grants permission to list existing bots", + "privilege": "ListBots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add input processing configuration to the application", - "privilege": "AddApplicationInputProcessingConfiguration", + "access_level": "List", + "description": "Grants permission to list built-in intents", + "privilege": "ListBuiltInIntents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add output to the application", - "privilege": "AddApplicationOutput", + "access_level": "List", + "description": "Grants permission to list built-in slot types", + "privilege": "ListBuiltInSlotTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add reference data source to the application", - "privilege": "AddApplicationReferenceDataSource", + "access_level": "List", + "description": "Grants permission to list items of an existing custom vocabulary", + "privilege": "ListCustomVocabularyItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add VPC configuration to the application", - "privilege": "AddApplicationVpcConfiguration", + "access_level": "List", + "description": "Grants permission to list existing exports", + "privilege": "ListExports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an application", - "privilege": "CreateApplication", + "access_level": "List", + "description": "Grants permission to list existing imports", + "privilege": "ListImports", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to create and return a URL that you can use to connect to an application's extension", - "privilege": "CreateApplicationPresignedUrl", + "access_level": "List", + "description": "Grants permission to list intent analytics metrics for a bot", + "privilege": "ListIntentMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a snapshot for an application", - "privilege": "CreateApplicationSnapshot", + "access_level": "List", + "description": "Grants permission to list intent path analytics for a bot", + "privilege": "ListIntentPaths", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the application", - "privilege": "DeleteApplication", + "access_level": "List", + "description": "Grants permission to list intentStage analytics metrics for a bot", + "privilege": "ListIntentStageMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified cloudwatch logging option of the application", - "privilege": "DeleteApplicationCloudWatchLoggingOption", + "access_level": "List", + "description": "Grants permission to list intents in a bot", + "privilege": "ListIntents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified input processing configuration of the application", - "privilege": "DeleteApplicationInputProcessingConfiguration", + "access_level": "List", + "description": "Grants permission to get a list of recommended intents provided by the bot recommendation", + "privilege": "ListRecommendedIntents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified output of the application", - "privilege": "DeleteApplicationOutput", + "access_level": "List", + "description": "Grants permission to list session analytics data for a bot", + "privilege": "ListSessionAnalyticsData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified reference data source of the application", - "privilege": "DeleteApplicationReferenceDataSource", + "access_level": "List", + "description": "Grants permission to list session analytics metrics for a bot", + "privilege": "ListSessionMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a snapshot for an application", - "privilege": "DeleteApplicationSnapshot", + "access_level": "List", + "description": "Grants permission to list slot types in a bot", + "privilege": "ListSlotTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified VPC configuration of the application", - "privilege": "DeleteApplicationVpcConfiguration", + "access_level": "List", + "description": "Grants permission to list slots in an intent", + "privilege": "ListSlots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe the specified application", - "privilege": "DescribeApplication", + "description": "Grants permission to lists tags for a Lex resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test set" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an application snapshot", - "privilege": "DescribeApplicationSnapshot", + "description": "Grants permission to retrieve test results data for a test execution", + "privilege": "ListTestExecutionResultItems", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "application*" + "dependent_actions": [ + "lex:ListTestSetRecords" + ], + "resource_type": "test set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the application version of an application", - "privilege": "DescribeApplicationVersion", + "access_level": "List", + "description": "Grants permission to list test executions", + "privilege": "ListTestExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to discover the input schema for the application", - "privilege": "DiscoverInputSchema", + "description": "Grants permission to retrieve records inside an existing test set", + "privilege": "ListTestSetRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "test set*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the snapshots for an application", - "privilege": "ListApplicationSnapshots", + "access_level": "List", + "description": "Grants permission to list test sets", + "privilege": "ListTestSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list application versions of an application", - "privilege": "ListApplicationVersions", + "access_level": "Write", + "description": "Grants permission to create a new session or modify an existing session for a bot alias and user ID", + "privilege": "PutSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot alias*" } ] }, { - "access_level": "List", - "description": "Grants permission to list applications for the account", - "privilege": "ListApplications", + "access_level": "Write", + "description": "Grants permission to send user input (text-only) to an bot alias", + "privilege": "RecognizeText", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the tags associated with the application", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to send user input (text or speech) to an bot alias", + "privilege": "RecognizeUtterance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot alias*" } ] }, { - "access_level": "Write", - "description": "Grants permission to perform rollback operation on an application", - "privilege": "RollbackApplication", + "access_level": "List", + "description": "Grants permission to search for associated transcripts that meet the specified criteria", + "privilege": "SearchAssociatedTranscripts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to start the application", - "privilege": "StartApplication", + "description": "Grants permission to start a bot recommendation for an existing bot locale", + "privilege": "StartBotRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the application", - "privilege": "StopApplication", + "description": "Grants permission to start a resource generation for an existing bot locale", + "privilege": "StartBotResourceGeneration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to the application", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to stream user input (speech/text/DTMF) to a bot alias", + "privilege": "StartConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "bot alias*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the application", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to start a new import with the uploaded import file", + "privilege": "StartImport", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "lex:CreateBot", + "lex:CreateBotLocale", + "lex:CreateCustomVocabulary", + "lex:CreateIntent", + "lex:CreateSlot", + "lex:CreateSlotType", + "lex:CreateTestSet", + "lex:DeleteBotLocale", + "lex:DeleteCustomVocabulary", + "lex:DeleteIntent", + "lex:DeleteSlot", + "lex:DeleteSlotType", + "lex:UpdateBot", + "lex:UpdateBotLocale", + "lex:UpdateCustomVocabulary", + "lex:UpdateIntent", + "lex:UpdateSlot", + "lex:UpdateSlotType", + "lex:UpdateTestSet" + ], + "resource_type": "bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test set" }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -143426,98 +167714,64 @@ }, { "access_level": "Write", - "description": "Grants permission to update the application", - "privilege": "UpdateApplication", + "description": "Grants permission to start a test execution using a test set", + "privilege": "StartTestExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "test set*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the maintenance configuration of an application", - "privilege": "UpdateApplicationMaintenanceConfiguration", + "description": "Grants permission to generate a test set", + "privilege": "StartTestSetGeneration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application*" + "resource_type": "test set" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "application" - } - ], - "service_name": "Amazon Kinesis Analytics V2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters requests based on the allowed set of values for each of the tags", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the stream", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters requests based on the presence of mandatory tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "kinesisvideo", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to connect as a master to the signaling channel specified by the endpoint", - "privilege": "ConnectAsMaster", + "description": "Grants permission to stop a bot recommendation for an existing bot locale", + "privilege": "StopBotRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "bot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to connect as a viewer to the signaling channel specified by the endpoint", - "privilege": "ConnectAsViewer", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite tags of a Lex resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a signaling channel", - "privilege": "CreateSignalingChannel", - "resource_types": [ + "resource_type": "bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test set" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -143525,18 +167779,27 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a Kinesis video stream", - "privilege": "CreateStream", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a Lex resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bot alias" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "test set" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -143546,248 +167809,263 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the edge configuration of your Kinesis Video Stream", - "privilege": "DeleteEdgeConfiguration", + "description": "Grants permission to update an existing bot", + "privilege": "UpdateBot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing signaling channel", - "privilege": "DeleteSignalingChannel", + "description": "Grants permission to update an existing bot alias", + "privilege": "UpdateBotAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "bot alias*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing Kinesis video stream", - "privilege": "DeleteStream", + "description": "Grants permission to update an existing bot locale", + "privilege": "UpdateBotLocale", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the edge configuration of your Kinesis Video Stream", - "privilege": "DescribeEdgeConfiguration", + "access_level": "Write", + "description": "Grants permission to update an existing bot recommendation request", + "privilege": "UpdateBotRecommendation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the image generation configuration of your Kinesis video stream", - "privilege": "DescribeImageGenerationConfiguration", + "access_level": "Write", + "description": "Grants permission to update an existing custom vocabulary", + "privilege": "UpdateCustomVocabulary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the resource mapped to the Kinesis video stream", - "privilege": "DescribeMappedResourceConfiguration", + "access_level": "Write", + "description": "Grants permission to update an existing export", + "privilege": "UpdateExport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the media storage configuration of a signaling channel", - "privilege": "DescribeMediaStorageConfiguration", + "access_level": "Write", + "description": "Grants permission to update an existing intent", + "privilege": "UpdateIntent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the notification configuration of your Kinesis video stream", - "privilege": "DescribeNotificationConfiguration", + "access_level": "Write", + "description": "Grants permission to update an existing resource policy for a Lex resource", + "privilege": "UpdateResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe the specified signaling channel", - "privilege": "DescribeSignalingChannel", - "resource_types": [ + "resource_type": "bot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "bot alias" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified Kinesis video stream", - "privilege": "DescribeStream", + "access_level": "Write", + "description": "Grants permission to update an existing slot", + "privilege": "UpdateSlot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a media clip from a video stream", - "privilege": "GetClip", + "access_level": "Write", + "description": "Grants permission to update an existing slot type", + "privilege": "UpdateSlotType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "bot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to create a URL for MPEG-DASH video streaming", - "privilege": "GetDASHStreamingSessionURL", + "access_level": "Write", + "description": "Grants permission to update an existing test set", + "privilege": "UpdateTestSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "test set*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot/${BotId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "bot" }, { - "access_level": "Read", - "description": "Grants permission to get an endpoint for a specified stream for either reading or writing media data to Kinesis Video Streams", - "privilege": "GetDataEndpoint", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream*" - } - ] + "arn": "arn:${Partition}:lex:${Region}:${Account}:bot-alias/${BotId}/${BotAliasId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "bot alias" }, { - "access_level": "Read", - "description": "Grants permission to create a URL for HLS video streaming", - "privilege": "GetHLSStreamingSessionURL", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream*" - } - ] + "arn": "arn:${Partition}:lex:${Region}:${Account}:test-set/${TestSetId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "test set" + } + ], + "service_name": "Amazon Lex V2" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to get the ICE server configuration", - "privilege": "GetIceServerConfig", + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "license-manager:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + } + ], + "prefix": "license-manager", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept a grant", + "privilege": "AcceptGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "grant*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get generated images from your Kinesis video stream", - "privilege": "GetImages", + "access_level": "Write", + "description": "Grants permission to check in license entitlements back to pool", + "privilege": "CheckInLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return media content of a Kinesis video stream", - "privilege": "GetMedia", + "access_level": "Write", + "description": "Grants permission to check out license entitlements for borrow use case", + "privilege": "CheckoutBorrowLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "license*" } ] }, { - "access_level": "Read", - "description": "Grants permission to read and return media data only from persisted storage", - "privilege": "GetMediaForFragmentList", + "access_level": "Write", + "description": "Grants permission to check out license entitlements", + "privilege": "CheckoutLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get endpoints for a specified combination of protocol and role for a signaling channel", - "privilege": "GetSignalingChannelEndpoint", + "access_level": "Write", + "description": "Grants permission to create a new grant for license", + "privilege": "CreateGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "license*" } ] }, { "access_level": "Write", - "description": "Grants permission to join a storage session for a channel", - "privilege": "JoinStorageSession", + "description": "Grants permission to create new version of grant", + "privilege": "CreateGrantVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "grant*" } ] }, { - "access_level": "List", - "description": "Grants permission to list an edge agent configurations", - "privilege": "ListEdgeAgentConfigurations", + "access_level": "Write", + "description": "Grants permission to create a new license", + "privilege": "CreateLicense", "resource_types": [ { "condition_keys": [], @@ -143797,21 +168075,24 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the fragments from archival storage based on the pagination token or selector type with range specified", - "privilege": "ListFragments", + "access_level": "Write", + "description": "Grants permission to create a new license configuration", + "privilege": "CreateLicenseConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list your signaling channels", - "privilege": "ListSignalingChannels", + "access_level": "Write", + "description": "Grants permission to create a license conversion task for a resource", + "privilege": "CreateLicenseConversionTaskForResource", "resource_types": [ { "condition_keys": [], @@ -143821,863 +168102,442 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list your Kinesis video streams", - "privilege": "ListStreams", + "access_level": "Write", + "description": "Grants permission to create a report generator for a license configuration", + "privilege": "CreateLicenseManagerReportGenerator", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the tags associated with your resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create new version of license", + "privilege": "CreateLicenseVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream" + "resource_type": "license*" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch the tags associated with Kinesis video stream", - "privilege": "ListTagsForStream", + "access_level": "Write", + "description": "Grants permission to create a new token for license", + "privilege": "CreateToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "license*" } ] }, { "access_level": "Write", - "description": "Grants permission to send media data to a Kinesis video stream", - "privilege": "PutMedia", + "description": "Grants permission to delete a grant", + "privilege": "DeleteGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "grant*" } ] }, { "access_level": "Write", - "description": "Grants permission to send the Alexa SDP offer to the master", - "privilege": "SendAlexaOfferToMaster", + "description": "Grants permission to delete a license", + "privilege": "DeleteLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "license*" } ] }, { "access_level": "Write", - "description": "Grants permission to start edge configuration update of your Kinesis Video Stream", - "privilege": "StartEdgeConfigurationUpdate", + "description": "Grants permission to permanently delete a license configuration", + "privilege": "DeleteLicenseConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "license-configuration*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach set of tags to your resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a report generator", + "privilege": "DeleteLicenseManagerReportGenerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "report-generator*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach set of tags to your Kinesis video streams", - "privilege": "TagStream", + "access_level": "Write", + "description": "Grants permission to delete token", + "privilege": "DeleteToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from your resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to extend consumption period of already checkout license entitlements", + "privilege": "ExtendLicenseConsumption", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stream" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from your Kinesis video streams", - "privilege": "UntagStream", + "access_level": "Read", + "description": "Grants permission to get access token", + "privilege": "GetAccessToken", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the data retention period of your Kinesis video stream", - "privilege": "UpdateDataRetention", + "access_level": "Read", + "description": "Grants permission to get a grant", + "privilege": "GetGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "grant*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the image generation configuration of your Kinesis video stream", - "privilege": "UpdateImageGenerationConfiguration", + "access_level": "Read", + "description": "Grants permission to get a license", + "privilege": "GetLicense", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "license*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update an mapping between a signaling channel and stream", - "privilege": "UpdateMediaStorageConfiguration", + "access_level": "Read", + "description": "Grants permission to get a license configuration", + "privilege": "GetLicenseConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "license-configuration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the notification configuration of your Kinesis video stream", - "privilege": "UpdateNotificationConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve a license conversion task", + "privilege": "GetLicenseConversionTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing signaling channel", - "privilege": "UpdateSignalingChannel", + "access_level": "Read", + "description": "Grants permission to get a report generator", + "privilege": "GetLicenseManagerReportGenerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "report-generator*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Kinesis video stream", - "privilege": "UpdateStream", + "access_level": "Read", + "description": "Grants permission to get a license usage", + "privilege": "GetLicenseUsage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stream*" + "resource_type": "license*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kinesisvideo:${Region}:${Account}:stream/${StreamName}/${CreationTime}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "stream" - }, - { - "arn": "arn:${Partition}:kinesisvideo:${Region}:${Account}:channel/${ChannelName}/${CreationTime}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - } - ], - "service_name": "Amazon Kinesis Video Streams" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access to the specified AWS KMS operations based on both the key and value of the tag in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access to the specified AWS KMS operations based on tags assigned to the AWS KMS key", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access to the specified AWS KMS operations based on tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "kms:BypassPolicyLockoutSafetyCheck", - "description": "Filters access to the CreateKey and PutKeyPolicy operations based on the value of the BypassPolicyLockoutSafetyCheck parameter in the request", - "type": "Bool" - }, - { - "condition": "kms:CallerAccount", - "description": "Filters access to specified AWS KMS operations based on the AWS account ID of the caller. You can use this condition key to allow or deny access to all IAM users and roles in an AWS account in a single policy statement", - "type": "String" - }, - { - "condition": "kms:CustomerMasterKeySpec", - "description": "The kms:CustomerMasterKeySpec condition key is deprecated. Instead, use the kms:KeySpec condition key", - "type": "String" - }, - { - "condition": "kms:CustomerMasterKeyUsage", - "description": "The kms:CustomerMasterKeyUsage condition key is deprecated. Instead, use the kms:KeyUsage condition key", - "type": "String" - }, - { - "condition": "kms:DataKeyPairSpec", - "description": "Filters access to GenerateDataKeyPair and GenerateDataKeyPairWithoutPlaintext operations based on the value of the KeyPairSpec parameter in the request", - "type": "String" - }, - { - "condition": "kms:EncryptionAlgorithm", - "description": "Filters access to encryption operations based on the value of the encryption algorithm in the request", - "type": "String" - }, - { - "condition": "kms:EncryptionContext:${EncryptionContextKey}", - "description": "Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition evaluates the key and value in each key-value encryption context pair", - "type": "String" - }, - { - "condition": "kms:EncryptionContextKeys", - "description": "Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition key evaluates only the key in each key-value encryption context pair", - "type": "ArrayOfString" - }, - { - "condition": "kms:ExpirationModel", - "description": "Filters access to the ImportKeyMaterial operation based on the value of the ExpirationModel parameter in the request", - "type": "String" - }, - { - "condition": "kms:GrantConstraintType", - "description": "Filters access to the CreateGrant operation based on the grant constraint in the request", - "type": "String" - }, - { - "condition": "kms:GrantIsForAWSResource", - "description": "Filters access to the CreateGrant operation when the request comes from a specified AWS service", - "type": "Bool" - }, - { - "condition": "kms:GrantOperations", - "description": "Filters access to the CreateGrant operation based on the operations in the grant", - "type": "ArrayOfString" - }, - { - "condition": "kms:GranteePrincipal", - "description": "Filters access to the CreateGrant operation based on the grantee principal in the grant", - "type": "String" - }, - { - "condition": "kms:KeyOrigin", - "description": "Filters access to an API operation based on the Origin property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key", - "type": "String" - }, - { - "condition": "kms:KeySpec", - "description": "Filters access to an API operation based on the KeySpec property of the AWS KMS key that is created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", - "type": "String" - }, - { - "condition": "kms:KeyUsage", - "description": "Filters access to an API operation based on the KeyUsage property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", - "type": "String" - }, - { - "condition": "kms:MacAlgorithm", - "description": "Filters access to the GenerateMac and VerifyMac operations based on the MacAlgorithm parameter in the request", - "type": "String" - }, - { - "condition": "kms:MessageType", - "description": "Filters access to the Sign and Verify operations based on the value of the MessageType parameter in the request", - "type": "String" - }, - { - "condition": "kms:MultiRegion", - "description": "Filters access to an API operation based on the MultiRegion property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", - "type": "Bool" - }, - { - "condition": "kms:MultiRegionKeyType", - "description": "Filters access to an API operation based on the MultiRegionKeyType property of the AWS KMS key created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a KMS key resource", - "type": "String" - }, - { - "condition": "kms:PrimaryRegion", - "description": "Filters access to the UpdatePrimaryRegion operation based on the value of the PrimaryRegion parameter in the request", - "type": "String" - }, - { - "condition": "kms:ReEncryptOnSameKey", - "description": "Filters access to the ReEncrypt operation when it uses the same AWS KMS key that was used for the Encrypt operation", - "type": "Bool" - }, - { - "condition": "kms:RecipientAttestation:ImageSha384", - "description": "Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the image hash in the attestation document in the request", - "type": "String" - }, - { - "condition": "kms:RecipientAttestation:PCR", - "description": "Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the platform configuration registers (PCRs) in the attestation document in the request", - "type": "String" - }, - { - "condition": "kms:ReplicaRegion", - "description": "Filters access to the ReplicateKey operation based on the value of the ReplicaRegion parameter in the request", - "type": "String" - }, - { - "condition": "kms:RequestAlias", - "description": "Filters access to cryptographic operations, DescribeKey, and GetPublicKey based on the alias in the request", - "type": "String" - }, - { - "condition": "kms:ResourceAliases", - "description": "Filters access to specified AWS KMS operations based on aliases associated with the AWS KMS key", - "type": "ArrayOfString" - }, - { - "condition": "kms:RetiringPrincipal", - "description": "Filters access to the CreateGrant operation based on the retiring principal in the grant", - "type": "String" - }, - { - "condition": "kms:ScheduleKeyDeletionPendingWindowInDays", - "description": "Filters access to the ScheduleKeyDeletion operation based on the value of the PendingWindowInDays parameter in the request", - "type": "Numeric" - }, - { - "condition": "kms:SigningAlgorithm", - "description": "Filters access to the Sign and Verify operations based on the signing algorithm in the request", - "type": "String" - }, - { - "condition": "kms:ValidTo", - "description": "Filters access to the ImportKeyMaterial operation based on the value of the ValidTo parameter in the request. You can use this condition key to allow users to import key material only when it expires by the specified date", - "type": "Date" - }, - { - "condition": "kms:ViaService", - "description": "Filters access when a request made on the principal's behalf comes from a specified AWS service", - "type": "String" - }, - { - "condition": "kms:WrappingAlgorithm", - "description": "Filters access to the GetParametersForImport operation based on the value of the WrappingAlgorithm parameter in the request", - "type": "String" }, { - "condition": "kms:WrappingKeySpec", - "description": "Filters access to the GetParametersForImport operation based on the value of the WrappingKeySpec parameter in the request", - "type": "String" - } - ], - "prefix": "kms", - "privileges": [ - { - "access_level": "Write", - "description": "Controls permission to cancel the scheduled deletion of an AWS KMS key", - "privilege": "CancelKeyDeletion", + "access_level": "List", + "description": "Grants permission to get service settings", + "privilege": "GetServiceSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to connect or reconnect a custom key store to its associated AWS CloudHSM cluster", - "privilege": "ConnectCustomKeyStore", + "access_level": "List", + "description": "Grants permission to list associations for a selected license configuration", + "privilege": "ListAssociationsForLicenseConfiguration", "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration*" } ] }, { - "access_level": "Write", - "description": "Controls permission to create an alias for an AWS KMS key. Aliases are optional friendly names that you can associate with KMS keys", - "privilege": "CreateAlias", + "access_level": "List", + "description": "Grants permission to list distributed grants", + "privilege": "ListDistributedGrants", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to create a custom key store that is associated with an AWS CloudHSM cluster that you own and manage", - "privilege": "CreateCustomKeyStore", + "access_level": "List", + "description": "Grants permission to list the license configuration operations that failed", + "privilege": "ListFailuresForLicenseConfigurationOperations", "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount" - ], - "dependent_actions": [ - "cloudhsm:DescribeClusters", - "iam:CreateServiceLinkedRole" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "license-configuration*" } ] }, { - "access_level": "Permissions management", - "description": "Controls permission to add a grant to an AWS KMS key. You can use grants to add permissions without changing the key policy or IAM policy", - "privilege": "CreateGrant", + "access_level": "Read", + "description": "Grants permission to list license configurations", + "privilege": "ListLicenseConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:GrantConstraintType", - "kms:GranteePrincipal", - "kms:GrantIsForAWSResource", - "kms:GrantOperations", - "kms:RetiringPrincipal", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to create an AWS KMS key that can be used to protect data keys and other sensitive information", - "privilege": "CreateKey", + "access_level": "List", + "description": "Grants permission to list license conversion tasks", + "privilege": "ListLicenseConversionTasks", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "kms:BypassPolicyLockoutSafetyCheck", - "kms:CallerAccount", - "kms:KeySpec", - "kms:KeyUsage", - "kms:KeyOrigin", - "kms:MultiRegion", - "kms:MultiRegionKeyType", - "kms:ViaService" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "kms:PutKeyPolicy", - "kms:TagResource" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to decrypt ciphertext that was encrypted under an AWS KMS key", - "privilege": "Decrypt", + "access_level": "List", + "description": "Grants permission to list report generators", + "privilege": "ListLicenseManagerReportGenerators", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:RecipientAttestation:ImageSha384", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration" } ] }, { - "access_level": "Write", - "description": "Controls permission to delete an alias. Aliases are optional friendly names that you can associate with AWS KMS keys", - "privilege": "DeleteAlias", + "access_level": "List", + "description": "Grants permission to list license specifications associated with a selected resource", + "privilege": "ListLicenseSpecificationsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to delete a custom key store", - "privilege": "DeleteCustomKeyStore", + "access_level": "List", + "description": "Grants permission to list license versions", + "privilege": "ListLicenseVersions", "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "license*" } ] }, { - "access_level": "Write", - "description": "Controls permission to delete cryptographic material that you imported into an AWS KMS key. This action makes the key unusable", - "privilege": "DeleteImportedKeyMaterial", + "access_level": "Read", + "description": "Grants permission to list licenses", + "privilege": "ListLicenses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Controls permission to view detailed information about custom key stores in the account and region", - "privilege": "DescribeCustomKeyStores", + "access_level": "List", + "description": "Grants permission to list received grants", + "privilege": "ListReceivedGrants", "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Controls permission to view detailed information about an AWS KMS key", - "privilege": "DescribeKey", + "access_level": "List", + "description": "Grants permission to list received grants for organization", + "privilege": "ListReceivedGrantsForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to disable an AWS KMS key, which prevents it from being used in cryptographic operations", - "privilege": "DisableKey", + "access_level": "List", + "description": "Grants permission to list received licenses", + "privilege": "ListReceivedLicenses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to disable automatic rotation of a customer managed AWS KMS key", - "privilege": "DisableKeyRotation", + "access_level": "List", + "description": "Grants permission to list received licenses for organization", + "privilege": "ListReceivedLicensesForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to disconnect the custom key store from its associated AWS CloudHSM cluster", - "privilege": "DisconnectCustomKeyStore", + "access_level": "List", + "description": "Grants permission to list resource inventory", + "privilege": "ListResourceInventory", "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to change the state of an AWS KMS key to enabled. This allows the KMS key to be used in cryptographic operations", - "privilege": "EnableKey", + "access_level": "Read", + "description": "Grants permission to list tags for a selected resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration*" } ] }, { - "access_level": "Write", - "description": "Controls permission to enable automatic rotation of the cryptographic material in an AWS KMS key", - "privilege": "EnableKeyRotation", + "access_level": "List", + "description": "Grants permission to list tokens", + "privilege": "ListTokens", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Controls permission to use the specified AWS KMS key to encrypt data and data keys", - "privilege": "Encrypt", + "access_level": "List", + "description": "Grants permission to list usage records for selected license configuration", + "privilege": "ListUsageForLicenseConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration*" } ] }, { "access_level": "Write", - "description": "Controls permission to use the AWS KMS key to generate data keys. You can use the data keys to encrypt data outside of AWS KMS", - "privilege": "GenerateDataKey", + "description": "Grants permission to reject a grant", + "privilege": "RejectGrant", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:RecipientAttestation:ImageSha384", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "grant*" } ] }, { - "access_level": "Write", - "description": "Controls permission to use the AWS KMS key to generate data key pairs", - "privilege": "GenerateDataKeyPair", + "access_level": "Tagging", + "description": "Grants permission to tag a selected resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "license-configuration*" }, { "condition_keys": [ - "kms:CallerAccount", - "kms:DataKeyPairSpec", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:RequestAlias", - "kms:ViaService" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -144685,199 +168545,158 @@ ] }, { - "access_level": "Write", - "description": "Controls permission to use the AWS KMS key to generate data key pairs. Unlike the GenerateDataKeyPair operation, this operation returns an encrypted private key without a plaintext copy", - "privilege": "GenerateDataKeyPairWithoutPlaintext", + "access_level": "Tagging", + "description": "Grants permission to untag a selected resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:DataKeyPairSpec", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration*" } ] }, { "access_level": "Write", - "description": "Controls permission to use the AWS KMS key to generate a data key. Unlike the GenerateDataKey operation, this operation returns an encrypted data key without a plaintext version of the data key", - "privilege": "GenerateDataKeyWithoutPlaintext", + "description": "Grants permission to update an existing license configuration", + "privilege": "UpdateLicenseConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration*" } ] }, { "access_level": "Write", - "description": "Controls permission to use the AWS KMS key to generate message authentication codes", - "privilege": "GenerateMac", + "description": "Grants permission to update a report generator for a license configuration", + "privilege": "UpdateLicenseManagerReportGenerator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:MacAlgorithm", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "report-generator*" } ] }, { "access_level": "Write", - "description": "Controls permission to get a cryptographically secure random byte string from AWS KMS", - "privilege": "GenerateRandom", + "description": "Grants permission to updates license specifications for a selected resource", + "privilege": "UpdateLicenseSpecificationsForResource", "resource_types": [ { - "condition_keys": [ - "kms:RecipientAttestation:ImageSha384" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "license-configuration*" } ] }, { - "access_level": "Read", - "description": "Controls permission to view the key policy for the specified AWS KMS key", - "privilege": "GetKeyPolicy", + "access_level": "Permissions management", + "description": "Grants permission to updates service settings", + "privilege": "UpdateServiceSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:license-manager:${Region}:${Account}:license-configuration:${LicenseConfigurationId}", + "condition_keys": [ + "license-manager:ResourceTag/${TagKey}" + ], + "resource": "license-configuration" + }, + { + "arn": "arn:${Partition}:license-manager::${Account}:license:${LicenseId}", + "condition_keys": [], + "resource": "license" }, + { + "arn": "arn:${Partition}:license-manager::${Account}:grant:${GrantId}", + "condition_keys": [], + "resource": "grant" + }, + { + "arn": "arn:${Partition}:license-manager:${Region}:${Account}:report-generator:${ReportGeneratorId}", + "condition_keys": [ + "license-manager:ResourceTag/${TagKey}" + ], + "resource": "report-generator" + } + ], + "service_name": "AWS License Manager" + }, + { + "conditions": [], + "prefix": "license-manager-linux-subscriptions", + "privileges": [ { "access_level": "Read", - "description": "Controls permission to determine whether automatic key rotation is enabled on the AWS KMS key", - "privilege": "GetKeyRotationStatus", + "description": "Grants permission to get the service settings for Linux subscriptions in AWS License Manager", + "privilege": "GetServiceSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Controls permission to get data that is required to import cryptographic material into a customer managed key, including a public key and import token", - "privilege": "GetParametersForImport", + "description": "Grants permission to list all instances with Linux subscriptions in AWS License Manager", + "privilege": "ListLinuxSubscriptionInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService", - "kms:WrappingAlgorithm", - "kms:WrappingKeySpec" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Controls permission to download the public key of an asymmetric AWS KMS key", - "privilege": "GetPublicKey", + "description": "Grants permission to list all Linux subscriptions in AWS License Manager", + "privilege": "ListLinuxSubscriptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Controls permission to import cryptographic material into an AWS KMS key", - "privilege": "ImportKeyMaterial", + "description": "Grants permission to update the service settings for Linux subscriptions in AWS License Manager", + "privilege": "UpdateServiceSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ExpirationModel", - "kms:ValidTo", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS License Manager Linux Subscriptions Manager" + }, + { + "conditions": [], + "prefix": "license-manager-user-subscriptions", + "privileges": [ { - "access_level": "List", - "description": "Controls permission to view the aliases that are defined in the account. Aliases are optional friendly names that you can associate with AWS KMS keys", - "privilege": "ListAliases", + "access_level": "Write", + "description": "Grants permission to associate a subscribed user to an instance launched with license manager user subscriptions products", + "privilege": "AssociateUser", "resource_types": [ { "condition_keys": [], @@ -144887,50 +168706,33 @@ ] }, { - "access_level": "List", - "description": "Controls permission to view all grants for an AWS KMS key", - "privilege": "ListGrants", + "access_level": "Write", + "description": "Grants permission to deregister Microsoft Active Directory with license-manager-user-subscriptions for a product", + "privilege": "DeregisterIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:GrantIsForAWSResource", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Controls permission to view the names of key policies for an AWS KMS key", - "privilege": "ListKeyPolicies", + "access_level": "Write", + "description": "Grants permission to disassociate a subscribed user from an instance launched with license manager user subscriptions products", + "privilege": "DisassociateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Controls permission to view the key ID and Amazon Resource Name (ARN) of all AWS KMS keys in the account", - "privilege": "ListKeys", + "description": "Grants permission to list all the identity providers on license manager user subscriptions", + "privilege": "ListIdentityProviders", "resource_types": [ { "condition_keys": [], @@ -144941,182 +168743,119 @@ }, { "access_level": "List", - "description": "Controls permission to view all tags that are attached to an AWS KMS key", - "privilege": "ListResourceTags", + "description": "Grants permission to list all the instances launched with license manager user subscription products", + "privilege": "ListInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Controls permission to view grants in which the specified principal is the retiring principal. Other principals might be able to retire the grant and this principal might be able to retire other grants", - "privilege": "ListRetirableGrants", + "description": "Grants permission to lists all the product subscriptions for a product and identity provider", + "privilege": "ListProductSubscriptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Controls permission to replace the key policy for the specified AWS KMS key", - "privilege": "PutKeyPolicy", + "access_level": "List", + "description": "Grants permission to list all the users associated to an instance launched for a product", + "privilege": "ListUserAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:BypassPolicyLockoutSafetyCheck", - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Controls permission to decrypt data as part of the process that decrypts and reencrypts the data within AWS KMS", - "privilege": "ReEncryptFrom", + "description": "Grants permission to registers Microsoft Active Directory with license-manager-user-subscriptions for a product", + "privilege": "RegisterIdentityProvider", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:ReEncryptOnSameKey", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Controls permission to encrypt data as part of the process that decrypts and reencrypts the data within AWS KMS", - "privilege": "ReEncryptTo", + "description": "Grants permission to start product subscription for a user on a registered active directory for a product", + "privilege": "StartProductSubscription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:EncryptionAlgorithm", - "kms:EncryptionContext:${EncryptionContextKey}", - "kms:EncryptionContextKeys", - "kms:ReEncryptOnSameKey", - "kms:RequestAlias", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Controls permission to replicate a multi-Region primary key", - "privilege": "ReplicateKey", + "description": "Grants permission to stop product subscription for a user on a registered active directory for a product", + "privilege": "StopProductSubscription", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "kms:CreateKey", - "kms:PutKeyPolicy", - "kms:TagResource" - ], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ReplicaRegion", - "kms:ViaService" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Controls permission to retire a grant. The RetireGrant operation is typically called by the grant user after they complete the tasks that the grant allowed them to perform", - "privilege": "RetireGrant", + "access_level": "Write", + "description": "Grants permission to update the identity provider configuration", + "privilege": "UpdateIdentityProviderSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS License Manager User Subscriptions" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" }, { - "access_level": "Permissions management", - "description": "Controls permission to revoke a grant, which denies permission for all operations that depend on the grant", - "privilege": "RevokeGrant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:GrantIsForAWSResource", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "lightsail", + "privileges": [ { "access_level": "Write", - "description": "Controls permission to schedule deletion of an AWS KMS key", - "privilege": "ScheduleKeyDeletion", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key*" - }, + "description": "Grants permission to create a static IP address that can be attached to an instance", + "privilege": "AllocateStaticIp", + "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount", - "kms:ScheduleKeyDeletionPendingWindowInDays", - "kms:ViaService" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -145124,156 +168863,107 @@ }, { "access_level": "Write", - "description": "Controls permission to produce a digital signature for a message", - "privilege": "Sign", + "description": "Grants permission to attach an SSL/TLS certificate to your Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "AttachCertificateToDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "Certificate*" }, { - "condition_keys": [ - "kms:CallerAccount", - "kms:MessageType", - "kms:RequestAlias", - "kms:SigningAlgorithm", - "kms:ViaService" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Distribution*" } ] }, { "access_level": "Write", - "description": "Controls access to internal APIs that synchronize multi-Region keys", - "privilege": "SynchronizeMultiRegionKey", + "description": "Grants permission to attach a disk to an instance", + "privilege": "AttachDisk", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "Disk*" } ] }, { - "access_level": "Tagging", - "description": "Controls permission to create or update tags that are attached to an AWS KMS key", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to attach one or more instances to a load balancer", + "privilege": "AttachInstancesToLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "LoadBalancer*" } ] }, { - "access_level": "Tagging", - "description": "Controls permission to delete tags that are attached to an AWS KMS key", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to attach a TLS certificate to a load balancer", + "privilege": "AttachLoadBalancerTlsCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "LoadBalancer*" } ] }, { "access_level": "Write", - "description": "Controls permission to associate an alias with a different AWS KMS key. An alias is an optional friendly name that you can associate with a KMS key", - "privilege": "UpdateAlias", + "description": "Grants permission to attach a static IP address to an instance", + "privilege": "AttachStaticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" + "resource_type": "Instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "StaticIp*" } ] }, { "access_level": "Write", - "description": "Controls permission to change the properties of a custom key store", - "privilege": "UpdateCustomKeyStore", + "description": "Grants permission to close a public port of an instance", + "privilege": "CloseInstancePublicPorts", "resource_types": [ { - "condition_keys": [ - "kms:CallerAccount" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { "access_level": "Write", - "description": "Controls permission to delete or change the description of an AWS KMS key", - "privilege": "UpdateKeyDescription", + "description": "Grants permission to copy a snapshot from one AWS Region to another in Amazon Lightsail", + "privilege": "CopySnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:ViaService" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Controls permission to update the primary Region of a multi-Region primary key", - "privilege": "UpdatePrimaryRegion", + "description": "Grants permission to create an Amazon Lightsail bucket", + "privilege": "CreateBucket", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key*" - }, { "condition_keys": [ - "kms:CallerAccount", - "kms:PrimaryRegion", - "kms:ViaService" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -145282,80 +168972,38 @@ }, { "access_level": "Write", - "description": "Controls permission to use the specified AWS KMS key to verify digital signatures", - "privilege": "Verify", + "description": "Grants permission to create a new access key for the specified bucket", + "privilege": "CreateBucketAccessKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "kms:CallerAccount", - "kms:MessageType", - "kms:RequestAlias", - "kms:SigningAlgorithm", - "kms:ViaService" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Bucket*" } ] }, { "access_level": "Write", - "description": "Controls permission to use the AWS KMS key to verify message authentication codes", - "privilege": "VerifyMac", + "description": "Grants permission to create an SSL/TLS certificate", + "privilege": "CreateCertificate", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "key*" - }, { "condition_keys": [ - "kms:CallerAccount", - "kms:MacAlgorithm", - "kms:RequestAlias", - "kms:ViaService" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "lightsail:CreateDomainEntry", + "lightsail:GetDomains" ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:kms:${Region}:${Account}:alias/${Alias}", - "condition_keys": [], - "resource": "alias" }, { - "arn": "arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "kms:KeyOrigin", - "kms:KeySpec", - "kms:KeyUsage", - "kms:MultiRegion", - "kms:MultiRegionKeyType", - "kms:ResourceAliases" - ], - "resource": "key" - } - ], - "service_name": "AWS Key Management Service" - }, - { - "conditions": [], - "prefix": "lakeformation", - "privileges": [ - { - "access_level": "Tagging", - "description": "Grants permission to attach Lake Formation tags to catalog resources", - "privilege": "AddLFTagsToResource", + "access_level": "Write", + "description": "Grants permission to create a new Amazon EC2 instance from an exported Amazon Lightsail snapshot", + "privilege": "CreateCloudFormationStack", "resource_types": [ { "condition_keys": [], @@ -145365,9 +169013,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to data lake permissions to one or more principals in a batch", - "privilege": "BatchGrantPermissions", + "access_level": "Write", + "description": "Grants permission to create an email or SMS text message contact method", + "privilege": "CreateContactMethod", "resource_types": [ { "condition_keys": [], @@ -145377,12 +169025,15 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to revoke data lake permissions from one or more principals in a batch", - "privilege": "BatchRevokePermissions", + "access_level": "Write", + "description": "Grants permission to create an Amazon Lightsail container service", + "privilege": "CreateContainerService", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -145390,20 +169041,20 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel the given transaction", - "privilege": "CancelTransaction", + "description": "Grants permission to create a deployment for your Amazon Lightsail container service", + "privilege": "CreateContainerServiceDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ContainerService*" } ] }, { "access_level": "Write", - "description": "Grants permission to commit the given transaction", - "privilege": "CommitTransaction", + "description": "Grants permission to create a temporary set of log in credentials that you can use to log in to the Docker process on your local machine", + "privilege": "CreateContainerServiceRegistryLogin", "resource_types": [ { "condition_keys": [], @@ -145414,11 +169065,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Lake Formation data cell filter", - "privilege": "CreateDataCellsFilter", + "description": "Grants permission to create a disk", + "privilege": "CreateDisk", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -145426,35 +169080,59 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Lake Formation tag", - "privilege": "CreateLFTag", + "description": "Grants permission to create a disk from snapshot", + "privilege": "CreateDiskFromSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "DiskSnapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Lake Formation data cell filter", - "privilege": "DeleteDataCellsFilter", + "description": "Grants permission to create a disk snapshot", + "privilege": "CreateDiskSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Disk" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Lake Formation tag", - "privilege": "DeleteLFTag", + "description": "Grants permission to create an Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "CreateDistribution", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -145462,59 +169140,82 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the specified objects if the transaction is canceled", - "privilege": "DeleteObjectsOnCancel", + "description": "Grants permission to create a domain resource for the specified domain name", + "privilege": "CreateDomain", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "route53:DeleteHostedZone", + "route53:GetHostedZone", + "route53:ListHostedZonesByName", + "route53domains:GetDomainDetail", + "route53domains:GetOperationDetail", + "route53domains:ListDomains", + "route53domains:ListOperations", + "route53domains:UpdateDomainNameservers" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister a registered location", - "privilege": "DeregisterResource", + "description": "Grants permission to create one or more DNS record entries for a domain resource: Address (A), canonical name (CNAME), mail exchanger (MX), name server (NS), start of authority (SOA), service locator (SRV), or text (TXT)", + "privilege": "CreateDomainEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a registered location", - "privilege": "DescribeResource", + "access_level": "Write", + "description": "Grants permission to create URLs that are used to access an instance's graphical user interface (GUI) session", + "privilege": "CreateGUISessionAccessDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get status of the given transaction", - "privilege": "DescribeTransaction", + "access_level": "Write", + "description": "Grants permission to create an instance snapshot", + "privilege": "CreateInstanceSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to extend the timeout of the given transaction", - "privilege": "ExtendTransaction", + "description": "Grants permission to create one or more instances", + "privilege": "CreateInstances", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -145522,108 +169223,138 @@ }, { "access_level": "Write", - "description": "Grants permission to virtual data lake access", - "privilege": "GetDataAccess", + "description": "Grants permission to create one or more instances based on an instance snapshot", + "privilege": "CreateInstancesFromSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "InstanceSnapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Lake Formation data cell filter", - "privilege": "GetDataCellsFilter", + "access_level": "Write", + "description": "Grants permission to create a key pair used to authenticate and connect to an instance", + "privilege": "CreateKeyPair", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve data lake settings such as the list of data lake administrators and database and table default permissions", - "privilege": "GetDataLakeSettings", + "access_level": "Write", + "description": "Grants permission to create a load balancer", + "privilege": "CreateLoadBalancer", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "lightsail:CreateDomainEntry", + "lightsail:GetDomains" + ], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve permissions attached to resources in the given path", - "privilege": "GetEffectivePermissionsForPath", + "access_level": "Write", + "description": "Grants permission to create a load balancer TLS certificate", + "privilege": "CreateLoadBalancerTlsCertificate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "lightsail:CreateDomainEntry", + "lightsail:GetDomains" + ], + "resource_type": "LoadBalancer*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Lake Formation tag", - "privilege": "GetLFTag", + "access_level": "Write", + "description": "Grants permission to create a new relational database", + "privilege": "CreateRelationalDatabase", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the state of the given query", - "privilege": "GetQueryState", + "access_level": "Write", + "description": "Grants permission to create a new relational database from a snapshot", + "privilege": "CreateRelationalDatabaseFromSnapshot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lakeformation:StartQueryPlanning" + "dependent_actions": [], + "resource_type": "RelationalDatabaseSnapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the statistics for the given query", - "privilege": "GetQueryStatistics", + "access_level": "Write", + "description": "Grants permission to create a relational database snapshot", + "privilege": "CreateRelationalDatabaseSnapshot", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "lakeformation:StartQueryPlanning" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve lakeformation tags on a catalog resource", - "privilege": "GetResourceLFTags", + "access_level": "Write", + "description": "Grants permission to delete an alarm", + "privilege": "DeleteAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Alarm*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve objects from a table", - "privilege": "GetTableObjects", + "access_level": "Write", + "description": "Grants permission to delete an automatic snapshot of an instance or disk", + "privilege": "DeleteAutoSnapshot", "resource_types": [ { "condition_keys": [], @@ -145633,50 +169364,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the results for the given work units", - "privilege": "GetWorkUnitResults", + "access_level": "Write", + "description": "Grants permission to delete an Amazon Lightsail bucket", + "privilege": "DeleteBucket", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lakeformation:GetWorkUnits", - "lakeformation:StartQueryPlanning" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "Bucket*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the work units for the given query", - "privilege": "GetWorkUnits", + "access_level": "Write", + "description": "Grants permission to delete an access key for the specified Amazon Lightsail bucket", + "privilege": "DeleteBucketAccessKey", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lakeformation:StartQueryPlanning" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "Bucket*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to data lake permissions to a principal", - "privilege": "GrantPermissions", + "access_level": "Write", + "description": "Grants permission to delete an SSL/TLS certificate", + "privilege": "DeleteCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Certificate*" } ] }, { - "access_level": "List", - "description": "Grants permission to list cell filters", - "privilege": "ListDataCellsFilter", + "access_level": "Write", + "description": "Grants permission to delete a contact method", + "privilege": "DeleteContactMethod", "resource_types": [ { "condition_keys": [], @@ -145686,338 +169412,261 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list Lake Formation tags", - "privilege": "ListLFTags", + "access_level": "Write", + "description": "Grants permission to delete a container image that is registered to your Amazon Lightsail container service", + "privilege": "DeleteContainerImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ContainerService*" } ] }, { - "access_level": "List", - "description": "Grants permission to list permissions filtered by principal or resource", - "privilege": "ListPermissions", + "access_level": "Write", + "description": "Grants permission to delete your Amazon Lightsail container service", + "privilege": "DeleteContainerService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ContainerService*" } ] }, { - "access_level": "List", - "description": "Grants permission to List registered locations", - "privilege": "ListResources", + "access_level": "Write", + "description": "Grants permission to delete a disk", + "privilege": "DeleteDisk", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Disk*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the storage optimizers for the Governed table", - "privilege": "ListTableStorageOptimizers", + "access_level": "Write", + "description": "Grants permission to delete a disk snapshot", + "privilege": "DeleteDiskSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DiskSnapshot*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all transactions in the system", - "privilege": "ListTransactions", + "access_level": "Write", + "description": "Grants permission to delete your Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "DeleteDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Distribution*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to overwrite data lake settings such as the list of data lake administrators and database and table default permissions", - "privilege": "PutDataLakeSettings", + "access_level": "Write", + "description": "Grants permission to delete a domain resource and all of its DNS records", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { "access_level": "Write", - "description": "Grants permission to register a new location to be managed by Lake Formation", - "privilege": "RegisterResource", + "description": "Grants permission to delete a DNS record entry for a domain resource", + "privilege": "DeleteDomainEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Domain*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove lakeformation tags from catalog resources", - "privilege": "RemoveLFTagsFromResource", + "access_level": "Write", + "description": "Grants permission to delete an instance", + "privilege": "DeleteInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to revoke data lake permissions from a principal", - "privilege": "RevokePermissions", + "access_level": "Write", + "description": "Grants permission to delete an instance snapshot", + "privilege": "DeleteInstanceSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "InstanceSnapshot*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list catalog databases with Lake Formation tags", - "privilege": "SearchDatabasesByLFTags", + "access_level": "Write", + "description": "Grants permission to delete a key pair used to authenticate and connect to an instance", + "privilege": "DeleteKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "KeyPair*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list catalog tables with Lake Formation tags", - "privilege": "SearchTablesByLFTags", + "access_level": "Write", + "description": "Grants permission to delete the known host key or certificate used by the Amazon Lightsail browser-based SSH or RDP clients to authenticate an instance", + "privilege": "DeleteKnownHostKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate the planning of the given query", - "privilege": "StartQueryPlanning", + "description": "Grants permission to delete a load balancer", + "privilege": "DeleteLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LoadBalancer*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a new transaction", - "privilege": "StartTransaction", + "description": "Grants permission to delete a load balancer TLS certificate", + "privilege": "DeleteLoadBalancerTlsCertificate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LoadBalancer*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a Lake Formation data cell filter", - "privilege": "UpdateDataCellsFilter", + "description": "Grants permission to delete a relational database", + "privilege": "DeleteRelationalDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RelationalDatabase*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a Lake Formation tag", - "privilege": "UpdateLFTag", + "description": "Grants permission to delete a relational database snapshot", + "privilege": "DeleteRelationalDatabaseSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RelationalDatabaseSnapshot*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a registered location", - "privilege": "UpdateResource", + "description": "Grants permission to detach an SSL/TLS certificate from your Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "DetachCertificateFromDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Distribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or delete the specified objects to or from a table", - "privilege": "UpdateTableObjects", + "description": "Grants permission to detach a disk from an instance", + "privilege": "DetachDisk", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Disk*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the configuration of the storage optimizer for the Governed table", - "privilege": "UpdateTableStorageOptimizer", + "description": "Grants permission to detach one or more instances from a load balancer", + "privilege": "DetachInstancesFromLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "LoadBalancer*" } ] - } - ], - "resources": [], - "service_name": "AWS Lake Formation" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "lambda:CodeSigningConfigArn", - "description": "Filters access by the ARN of an AWS Lambda code signing config", - "type": "String" - }, - { - "condition": "lambda:FunctionArn", - "description": "Filters access by the ARN of an AWS Lambda function", - "type": "ARN" - }, - { - "condition": "lambda:FunctionUrlAuthType", - "description": "Filters access by authorization type specified in request. Available during CreateFunctionUrlConfig, UpdateFunctionUrlConfig, DeleteFunctionUrlConfig, GetFunctionUrlConfig, ListFunctionUrlConfig, AddPermission and RemovePermission operations", - "type": "String" - }, - { - "condition": "lambda:Layer", - "description": "Filters access by the ARN of a version of an AWS Lambda layer", - "type": "ArrayOfString" - }, - { - "condition": "lambda:Principal", - "description": "Filters access by restricting the AWS service or account that can invoke a function", - "type": "String" - }, - { - "condition": "lambda:SecurityGroupIds", - "description": "Filters access by the ID of security groups configured for the AWS Lambda function", - "type": "ArrayOfString" - }, - { - "condition": "lambda:SourceFunctionArn", - "description": "Filters access by the ARN of the AWS Lambda function from which the request originated", - "type": "ARN" - }, - { - "condition": "lambda:SubnetIds", - "description": "Filters access by the ID of subnets configured for the AWS Lambda function", - "type": "ArrayOfString" }, { - "condition": "lambda:VpcIds", - "description": "Filters access by the ID of the VPC configured for the AWS Lambda function", - "type": "String" - } - ], - "prefix": "lambda", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to add permissions to the resource-based policy of a version of an AWS Lambda layer", - "privilege": "AddLayerVersionPermission", + "access_level": "Write", + "description": "Grants permission to detach a static IP from an instance to which it is attached", + "privilege": "DetachStaticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "layerVersion*" + "resource_type": "StaticIp*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to give an AWS service or another account permission to use an AWS Lambda function", - "privilege": "AddPermission", + "access_level": "Write", + "description": "Grants permission to disable an add-on for an Amazon Lightsail resource", + "privilege": "DisableAddOn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:Principal", - "lambda:FunctionUrlAuthType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an alias for a Lambda function version", - "privilege": "CreateAlias", + "description": "Grants permission to download the default key pair used to authenticate and connect to instances in a specific AWS Region", + "privilege": "DownloadDefaultKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Lambda code signing config", - "privilege": "CreateCodeSigningConfig", + "description": "Grants permission to enable or modify an add-on for an Amazon Lightsail resource", + "privilege": "EnableAddOn", "resource_types": [ { "condition_keys": [], @@ -146028,233 +169677,220 @@ }, { "access_level": "Write", - "description": "Grants permission to create a mapping between an event source and an AWS Lambda function", - "privilege": "CreateEventSourceMapping", + "description": "Grants permission to export an Amazon Lightsail snapshot to Amazon EC2", + "privilege": "ExportSnapshot", "resource_types": [ { - "condition_keys": [ - "lambda:FunctionArn" + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PutRolePolicy" ], + "resource_type": "DiskSnapshot" + }, + { + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "InstanceSnapshot" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Lambda function", - "privilege": "CreateFunction", + "access_level": "Read", + "description": "Grants permission to get the names of all active (not deleted) resources", + "privilege": "GetActiveNames", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:Layer", - "lambda:VpcIds", - "lambda:SubnetIds", - "lambda:SecurityGroupIds", - "lambda:CodeSigningConfigArn", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a function url configuration for a Lambda function", - "privilege": "CreateFunctionUrlConfig", + "access_level": "Read", + "description": "Grants permission to view information about the configured alarms", + "privilege": "GetAlarms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:FunctionUrlAuthType", - "lambda:FunctionArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Lambda function alias", - "privilege": "DeleteAlias", + "access_level": "Read", + "description": "Grants permission to view the available automatic snapshots for an instance or disk", + "privilege": "GetAutoSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Lambda code signing config", - "privilege": "DeleteCodeSigningConfig", + "access_level": "Read", + "description": "Grants permission to get a list of instance images, or blueprints. You can use a blueprint to create a new instance already running a specific operating system, as well as a pre-installed application or development stack. The software that runs on your instance depends on the blueprint you define when creating the instance", + "privilege": "GetBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "code signing config*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Lambda event source mapping", - "privilege": "DeleteEventSourceMapping", + "access_level": "Read", + "description": "Grants permission to get the existing access key IDs for the specified Amazon Lightsail bucket", + "privilege": "GetBucketAccessKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventSourceMapping*" - }, - { - "condition_keys": [ - "lambda:FunctionArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Lambda function", - "privilege": "DeleteFunction", + "access_level": "Read", + "description": "Grants permission to get the bundles that can be applied to an Amazon Lightsail bucket", + "privilege": "GetBucketBundles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a code signing config from an AWS Lambda function", - "privilege": "DeleteFunctionCodeSigningConfig", + "access_level": "Read", + "description": "Grants permission to get the data points of a specific metric for an Amazon Lightsail bucket", + "privilege": "GetBucketMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a concurrent execution limit from an AWS Lambda function", - "privilege": "DeleteFunctionConcurrency", + "access_level": "Read", + "description": "Grants permission to get information about one or more Amazon Lightsail buckets", + "privilege": "GetBuckets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the configuration for asynchronous invocation for an AWS Lambda function, version, or alias", - "privilege": "DeleteFunctionEventInvokeConfig", + "access_level": "Read", + "description": "Grants permission to get a list of instance bundles. You can use a bundle to create a new instance with a set of performance specifications, such as CPU count, disk size, RAM size, and network transfer allowance. The cost of your instance depends on the bundle you define when creating the instance", + "privilege": "GetBundles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete function url configuration for a Lambda function", - "privilege": "DeleteFunctionUrlConfig", + "access_level": "Read", + "description": "Grants permission to view information about one or more Amazon Lightsail SSL/TLS certificates", + "privilege": "GetCertificates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about all CloudFormation stacks used to create Amazon EC2 resources from exported Amazon Lightsail snapshots", + "privilege": "GetCloudFormationStackRecords", + "resource_types": [ { - "condition_keys": [ - "lambda:FunctionUrlAuthType", - "lambda:FunctionArn" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a version of an AWS Lambda layer", - "privilege": "DeleteLayerVersion", + "access_level": "Read", + "description": "Grants permission to view information about the configured contact methods", + "privilege": "GetContactMethods", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "layerVersion*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the provisioned concurrency configuration for an AWS Lambda function", - "privilege": "DeleteProvisionedConcurrencyConfig", + "access_level": "Read", + "description": "Grants permission to view information about Amazon Lightsail containers, such as the current version of the Lightsail Control (lightsailctl) plugin", + "privilege": "GetContainerAPIMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function alias" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to view the container images that are registered to your Amazon Lightsail container service", + "privilege": "GetContainerImages", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function version" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disable replication for a Lambda@Edge function", - "privilege": "DisableReplication", + "access_level": "Read", + "description": "Grants permission to view the log events of a container of your Amazon Lightsail container service", + "privilege": "GetContainerLog", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to enable replication for a Lambda@Edge function", - "privilege": "EnableReplication", + "access_level": "Read", + "description": "Grants permission to view the deployments for your Amazon Lightsail container service", + "privilege": "GetContainerServiceDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about an account's limits and usage in an AWS Region", - "privilege": "GetAccountSettings", + "description": "Grants permission to view the data points of a specific metric of your Amazon Lightsail container service", + "privilege": "GetContainerServiceMetricData", "resource_types": [ { "condition_keys": [], @@ -146265,252 +169901,265 @@ }, { "access_level": "Read", - "description": "Grants permission to view details about an AWS Lambda function alias", - "privilege": "GetAlias", + "description": "Grants permission to view the list of powers that can be specified for your Amazon Lightsail container services", + "privilege": "GetContainerServicePowers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about an AWS Lambda code signing config", - "privilege": "GetCodeSigningConfig", + "description": "Grants permission to view information about one or more of your Amazon Lightsail container services", + "privilege": "GetContainerServices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "code signing config*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about an AWS Lambda event source mapping", - "privilege": "GetEventSourceMapping", + "description": "Grants permission to get the information about the cost estimate for a specified resource", + "privilege": "GetCostEstimate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventSourceMapping*" + "resource_type": "Disk" }, { - "condition_keys": [ - "lambda:FunctionArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about an AWS Lambda function", - "privilege": "GetFunction", + "description": "Grants permission to get information about a disk", + "privilege": "GetDisk", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the code signing config arn attached to an AWS Lambda function", - "privilege": "GetFunctionCodeSigningConfig", + "description": "Grants permission to get information about a disk snapshot", + "privilege": "GetDiskSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about the reserved concurrency configuration for a function", - "privilege": "GetFunctionConcurrency", + "description": "Grants permission to get information about all disk snapshots", + "privilege": "GetDiskSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about the version-specific settings of an AWS Lambda function or version", - "privilege": "GetFunctionConfiguration", + "description": "Grants permission to get information about all disks", + "privilege": "GetDisks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the configuration for asynchronous invocation for a function, version, or alias", - "privilege": "GetFunctionEventInvokeConfig", + "description": "Grants permission to view the list of bundles that can be applied to you Amazon Lightsail content delivery network (CDN) distributions", + "privilege": "GetDistributionBundles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to read function url configuration for a Lambda function", - "privilege": "GetFunctionUrlConfig", + "description": "Grants permission to view the timestamp and status of the last cache reset of a specific Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "GetDistributionLatestCacheReset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:FunctionUrlAuthType", - "lambda:FunctionArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view details about a version of an AWS Lambda layer. Note this action also supports GetLayerVersionByArn API", - "privilege": "GetLayerVersion", + "description": "Grants permission to view the data points of a specific metric for an Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "GetDistributionMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "layerVersion*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the resource-based policy for a version of an AWS Lambda layer", - "privilege": "GetLayerVersionPolicy", + "description": "Grants permission to view information about one or more of your Amazon Lightsail content delivery network (CDN) distributions", + "privilege": "GetDistributions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "layerVersion*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the resource-based policy for an AWS Lambda function, version, or alias", - "privilege": "GetPolicy", + "description": "Grants permission to get DNS records for a domain resource", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the provisioned concurrency configuration for an AWS Lambda function's alias or version", - "privilege": "GetProvisionedConcurrencyConfig", + "description": "Grants permission to get DNS records for all domain resources", + "privilege": "GetDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function alias" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about all records of exported Amazon Lightsail snapshots to Amazon EC2", + "privilege": "GetExportSnapshotRecords", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function version" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the runtime management configuration of an AWS Lambda function", - "privilege": "GetRuntimeManagementConfig", + "description": "Grants permission to get information about an instance", + "privilege": "GetInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to invoke a function asynchronously (Deprecated)", - "privilege": "InvokeAsync", + "description": "Grants permission to get temporary keys you can use to authenticate and connect to an instance", + "privilege": "GetInstanceAccessDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "Instance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke an AWS Lambda function", - "privilege": "InvokeFunction", + "access_level": "Read", + "description": "Grants permission to get the data points for the specified metric of an instance", + "privilege": "GetInstanceMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to invoke an AWS Lambda function through url", - "privilege": "InvokeFunctionUrl", + "access_level": "Read", + "description": "Grants permission to get the port states of an instance", + "privilege": "GetInstancePortStates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about an instance snapshot", + "privilege": "GetInstanceSnapshot", + "resource_types": [ { - "condition_keys": [ - "lambda:FunctionUrlAuthType", - "lambda:FunctionArn" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about all instance snapshots", + "privilege": "GetInstanceSnapshots", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of aliases for an AWS Lambda function", - "privilege": "ListAliases", + "access_level": "Read", + "description": "Grants permission to get the state of an instance", + "privilege": "GetInstanceState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of AWS Lambda code signing configs", - "privilege": "ListCodeSigningConfigs", + "access_level": "Read", + "description": "Grants permission to get information about all instances", + "privilege": "GetInstances", "resource_types": [ { "condition_keys": [], @@ -146520,9 +170169,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of AWS Lambda event source mappings", - "privilege": "ListEventSourceMappings", + "access_level": "Read", + "description": "Grants permission to get information about a key pair", + "privilege": "GetKeyPair", "resource_types": [ { "condition_keys": [], @@ -146532,40 +170181,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of configurations for asynchronous invocation for a function", - "privilege": "ListFunctionEventInvokeConfigs", + "access_level": "Read", + "description": "Grants permission to get information about all key pairs", + "privilege": "GetKeyPairs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to read function url configurations for a function", - "privilege": "ListFunctionUrlConfigs", + "access_level": "Read", + "description": "Grants permission to get information about a load balancer", + "privilege": "GetLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:FunctionUrlAuthType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of AWS Lambda functions, with the version-specific configuration of each function", - "privilege": "ListFunctions", + "access_level": "Read", + "description": "Grants permission to get the data points for the specified metric of a load balancer", + "privilege": "GetLoadBalancerMetricData", "resource_types": [ { "condition_keys": [], @@ -146575,21 +170217,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of AWS Lambda functions by the code signing config assigned", - "privilege": "ListFunctionsByCodeSigningConfig", + "access_level": "Read", + "description": "Grants permission to get information about a load balancer's TLS certificates", + "privilege": "GetLoadBalancerTlsCertificates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "code signing config*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of versions of an AWS Lambda layer", - "privilege": "ListLayerVersions", + "access_level": "Read", + "description": "Grants permission to get a list of TLS security policies that you can apply to Lightsail load balancers", + "privilege": "GetLoadBalancerTlsPolicies", "resource_types": [ { "condition_keys": [], @@ -146599,9 +170241,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of AWS Lambda layers, with details about the latest version of each layer", - "privilege": "ListLayers", + "access_level": "Read", + "description": "Grants permission to get information about load balancers", + "privilege": "GetLoadBalancers", "resource_types": [ { "condition_keys": [], @@ -146611,477 +170253,369 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of provisioned concurrency configurations for an AWS Lambda function", - "privilege": "ListProvisionedConcurrencyConfigs", + "access_level": "Read", + "description": "Grants permission to get information about an operation. Operations include events such as when you create an instance, allocate a static IP, attach a static IP, and so on", + "privilege": "GetOperation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of tags for an AWS Lambda function", - "privilege": "ListTags", + "description": "Grants permission to get information about all operations. Operations include events such as when you create an instance, allocate a static IP, attach a static IP, and so on", + "privilege": "GetOperations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of versions for an AWS Lambda function", - "privilege": "ListVersionsByFunction", + "access_level": "Read", + "description": "Grants permission to get operations for a resource", + "privilege": "GetOperationsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Lambda layer", - "privilege": "PublishLayerVersion", + "access_level": "Read", + "description": "Grants permission to get a list of all valid AWS Regions for Amazon Lightsail", + "privilege": "GetRegions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "layer*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an AWS Lambda function version", - "privilege": "PublishVersion", + "access_level": "Read", + "description": "Grants permission to get information about a relational database", + "privilege": "GetRelationalDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a code signing config to an AWS Lambda function", - "privilege": "PutFunctionCodeSigningConfig", + "access_level": "Read", + "description": "Grants permission to get a list of relational database images, or blueprints. You can use a blueprint to create a new database running a specific database engine. The database engine that runs on your database depends on the blueprint you define when creating the relational database", + "privilege": "GetRelationalDatabaseBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "code signing config*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:CodeSigningConfigArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure reserved concurrency for an AWS Lambda function", - "privilege": "PutFunctionConcurrency", + "access_level": "Read", + "description": "Grants permission to get a list of relational database bundles. You can use a bundle to create a new database with a set of performance specifications, such as CPU count, disk size, RAM size, network transfer allowance, and standard of high availability. The cost of your database depends on the bundle you define when creating the relational database", + "privilege": "GetRelationalDatabaseBundles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configures options for asynchronous invocation on an AWS Lambda function, version, or alias", - "privilege": "PutFunctionEventInvokeConfig", + "access_level": "Read", + "description": "Grants permission to get events for a relational database", + "privilege": "GetRelationalDatabaseEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure provisioned concurrency for an AWS Lambda function's alias or version", - "privilege": "PutProvisionedConcurrencyConfig", + "access_level": "Read", + "description": "Grants permission to get events for the specified log stream of a relational database", + "privilege": "GetRelationalDatabaseLogEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function alias" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the log streams available for a relational database", + "privilege": "GetRelationalDatabaseLogStreams", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function version" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the runtime management configuration of an AWS Lambda function", - "privilege": "PutRuntimeManagementConfig", + "description": "Grants permission to get the master user password of a relational database", + "privilege": "GetRelationalDatabaseMasterUserPassword", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "RelationalDatabase*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to remove a statement from the permissions policy for a version of an AWS Lambda layer", - "privilege": "RemoveLayerVersionPermission", + "access_level": "Read", + "description": "Grants permission to get the data points for the specified metric of a relational database", + "privilege": "GetRelationalDatabaseMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "layerVersion*" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to revoke function-use permission from an AWS service or another account", - "privilege": "RemovePermission", + "access_level": "Read", + "description": "Grants permission to get the parameters of a relational database", + "privilege": "GetRelationalDatabaseParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:Principal", - "lambda:FunctionUrlAuthType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to an AWS Lambda function", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get information about a relational database snapshot", + "privilege": "GetRelationalDatabaseSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an AWS Lambda function", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get information about all relational database snapshots", + "privilege": "GetRelationalDatabaseSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of an AWS Lambda function's alias", - "privilege": "UpdateAlias", + "access_level": "Read", + "description": "Grants permission to get information about all relational databases", + "privilege": "GetRelationalDatabases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an AWS Lambda code signing config", - "privilege": "UpdateCodeSigningConfig", + "access_level": "Read", + "description": "Grants permission to get detailed information for setup requests that were run on the specified resource", + "privilege": "GetSetupHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "code signing config*" + "resource_type": "Instance" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of an AWS Lambda event source mapping", - "privilege": "UpdateEventSourceMapping", + "access_level": "Read", + "description": "Grants permission to get information about a static IP", + "privilege": "GetStaticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventSourceMapping*" - }, - { - "condition_keys": [ - "lambda:FunctionArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the code of an AWS Lambda function", - "privilege": "UpdateFunctionCode", + "access_level": "Read", + "description": "Grants permission to get information about all static IPs", + "privilege": "GetStaticIps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the code signing config of an AWS Lambda function", - "privilege": "UpdateFunctionCodeSigningConfig", + "description": "Grants permission to import a public key from a key pair", + "privilege": "ImportKeyPair", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "code signing config*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "function*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the version-specific settings of an AWS Lambda function", - "privilege": "UpdateFunctionConfiguration", + "access_level": "Read", + "description": "Grants permission to get a boolean value indicating whether the Amazon Lightsail virtual private cloud (VPC) is peered", + "privilege": "IsVpcPeered", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:Layer", - "lambda:VpcIds", - "lambda:SubnetIds", - "lambda:SecurityGroupIds" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration for asynchronous invocation for an AWS Lambda function, version, or alias", - "privilege": "UpdateFunctionEventInvokeConfig", + "description": "Grants permission to add, or open a public port of an instance", + "privilege": "OpenInstancePublicPorts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" + "resource_type": "Instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a function url configuration for a Lambda function", - "privilege": "UpdateFunctionUrlConfig", + "description": "Grants permission to try to peer the Amazon Lightsail virtual private cloud (VPC) with the default VPC", + "privilege": "PeerVpc", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "function*" - }, - { - "condition_keys": [ - "lambda:FunctionUrlAuthType", - "lambda:FunctionArn" - ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:code-signing-config:${CodeSigningConfigId}", - "condition_keys": [], - "resource": "code signing config" - }, - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:event-source-mapping:${UUID}", - "condition_keys": [], - "resource": "eventSourceMapping" - }, - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "function" - }, - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Alias}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "function alias" - }, - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName}:${Version}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "function version" - }, - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName}", - "condition_keys": [], - "resource": "layer" }, - { - "arn": "arn:${Partition}:lambda:${Region}:${Account}:layer:${LayerName}:${LayerVersion}", - "condition_keys": [], - "resource": "layerVersion" - } - ], - "service_name": "AWS Lambda" - }, - { - "conditions": [], - "prefix": "launchwizard", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an additional node", - "privilege": "CreateAdditionalNode", + "description": "Grants permission to creates or update an alarm, and associate it with the specified metric", + "privilege": "PutAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Alarm*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an application settings set", - "privilege": "CreateSettingsSet", + "description": "Grants permission to set the specified open ports for an instance, and closes all ports for every protocol not included in the request", + "privilege": "PutInstancePublicPorts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an additional node", - "privilege": "DeleteAdditionalNode", + "description": "Grants permission to reboot an instance that is in a running state", + "privilege": "RebootInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApp", + "description": "Grants permission to reboot a relational database that is in a running state", + "privilege": "RebootRelationalDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RelationalDatabase*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an application settings set", - "privilege": "DeleteSettingsSet", + "description": "Grants permission to register a container image to your Amazon Lightsail container service", + "privilege": "RegisterContainerImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ContainerService*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an additional node", - "privilege": "DescribeAdditionalNode", + "access_level": "Write", + "description": "Grants permission to delete a static IP", + "privilege": "ReleaseStaticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "StaticIp*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe provisioning applications", - "privilege": "DescribeProvisionedApp", + "access_level": "Write", + "description": "Grants permission to delete currently cached content from your Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "ResetDistributionCache", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Distribution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe provisioning events", - "privilege": "DescribeProvisioningEvents", + "access_level": "Write", + "description": "Grants permission to send a verification request to an email contact method to ensure it's owned by the requester", + "privilege": "SendContactMethodVerification", "resource_types": [ { "condition_keys": [], @@ -147091,141 +170625,231 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe an application settings set", - "privilege": "DescribeSettingsSet", + "access_level": "Write", + "description": "Grants permission to set the IP address type for a Amazon Lightsail resource", + "privilege": "SetIpAddressType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LoadBalancer" } ] }, { - "access_level": "Read", - "description": "Grants permission to get infrastructure suggestion", - "privilege": "GetInfrastructureSuggestion", + "access_level": "Write", + "description": "Grants permission to set the Amazon Lightsail resources that can access the specified Amazon Lightsail bucket", + "privilege": "SetResourceAccessForBucket", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Bucket*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get customer's ip address", - "privilege": "GetIpAddress", + "access_level": "Write", + "description": "Grants permission to create an SSL/TLS certificate and install it on a specified instance", + "privilege": "SetupInstanceHttps", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "lightsail:GetInstanceAccessDetails" + ], + "resource_type": "Instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resource cost estimate", - "privilege": "GetResourceCostEstimate", + "access_level": "Write", + "description": "Grants permission to initiate a graphical user interface (GUI) session used to access an instance's operating system or application", + "privilege": "StartGUISession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get workload assets", - "privilege": "GetWorkloadAssets", + "access_level": "Write", + "description": "Grants permission to start an instance that is in a stopped state", + "privilege": "StartInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list additional nodes", - "privilege": "ListAdditionalNodes", + "access_level": "Write", + "description": "Grants permission to start a relational database that is in a stopped state", + "privilege": "StartRelationalDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RelationalDatabase*" } ] }, { - "access_level": "List", - "description": "Grants permission to list provisioning applications", - "privilege": "ListProvisionedApps", + "access_level": "Write", + "description": "Grants permission to terminate a graphical user interface (GUI) session used to access an instance's operating system or application", + "privilege": "StopGUISession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list application settings sets", - "privilege": "ListSettingsSets", + "access_level": "Write", + "description": "Grants permission to stop an instance that is in a running state", + "privilege": "StopInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list deployment options of a given workload", - "privilege": "ListWorkloadDeploymentOptions", + "access_level": "Write", + "description": "Grants permission to stop a relational database that is in a running state", + "privilege": "StopRelationalDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "RelationalDatabase*" } ] }, { - "access_level": "List", - "description": "Grants permission to list workloads", - "privilege": "ListWorkloads", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Bucket" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Certificate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ContainerService" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Disk" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DiskSnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InstanceSnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KeyPair" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LoadBalancer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelationalDatabase" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelationalDatabaseSnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StaticIp" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a provisioning", - "privilege": "StartProvisioning", + "description": "Grants permission to test an alarm by displaying a banner on the Amazon Lightsail console or if a notification trigger is configured for the specified alarm, by sending a notification to the notification protocol", + "privilege": "TestAlarm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Alarm*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an application settings set", - "privilege": "UpdateSettingsSet", + "description": "Grants permission to try to unpeer the Amazon Lightsail virtual private cloud (VPC) from the default VPC", + "privilege": "UnpeerVpc", "resource_types": [ { "condition_keys": [], @@ -147233,312 +170857,503 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS Launch Wizard" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access based on the tags in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to a Lex resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access based on the set of tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "lex:associatedIntents", - "description": "Enables you to control access based on the intents included in the request", - "type": "ArrayOfString" - }, - { - "condition": "lex:associatedSlotTypes", - "description": "Enables you to control access based on the slot types included in the request", - "type": "ArrayOfString" }, { - "condition": "lex:channelType", - "description": "Enables you to control access based on the channel type included in the request", - "type": "String" - } - ], - "prefix": "lex", - "privileges": [ - { - "access_level": "Write", - "description": "Creates a new version based on the $LATEST version of the specified bot", - "privilege": "CreateBotVersion", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "Bucket" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Certificate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ContainerService" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Disk" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DiskSnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Distribution" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Domain" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "InstanceSnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KeyPair" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LoadBalancer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelationalDatabase" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RelationalDatabaseSnapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StaticIp" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Creates a new version based on the $LATEST version of the specified intent", - "privilege": "CreateIntentVersion", + "description": "Grants permission to update an existing Amazon Lightsail bucket", + "privilege": "UpdateBucket", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "intent version*" + "resource_type": "Bucket*" } ] }, { "access_level": "Write", - "description": "Creates a new version based on the $LATEST version of the specified slot type", - "privilege": "CreateSlotTypeVersion", + "description": "Grants permission to update the bundle, or storage plan, of an existing Amazon Lightsail bucket", + "privilege": "UpdateBucketBundle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slottype version*" + "resource_type": "Bucket*" } ] }, { "access_level": "Write", - "description": "Deletes all versions of a bot", - "privilege": "DeleteBot", + "description": "Grants permission to update the configuration of your Amazon Lightsail container service, such as its power, scale, and public domain names", + "privilege": "UpdateContainerService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "ContainerService*" } ] }, { "access_level": "Write", - "description": "Deletes an alias for a specific bot", - "privilege": "DeleteBotAlias", + "description": "Grants permission to update an existing Amazon Lightsail content delivery network (CDN) distribution or its configuration", + "privilege": "UpdateDistribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "Distribution*" } ] }, { "access_level": "Write", - "description": "Deletes the association between a Amazon Lex bot alias and a messaging platform", - "privilege": "DeleteBotChannelAssociation", + "description": "Grants permission to update the bundle of your Amazon Lightsail content delivery network (CDN) distribution", + "privilege": "UpdateDistributionBundle", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "Distribution*" } ] }, { "access_level": "Write", - "description": "Deletes a specific version of a bot", - "privilege": "DeleteBotVersion", + "description": "Grants permission to update a domain recordset after it is created", + "privilege": "UpdateDomainEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "Domain*" } ] }, { "access_level": "Write", - "description": "Deletes all versions of an intent", - "privilege": "DeleteIntent", + "description": "Grants permission to update metadata options for an instance", + "privilege": "UpdateInstanceMetadataOptions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "intent version*" + "resource_type": "Instance*" } ] }, { "access_level": "Write", - "description": "Deletes a specific version of an intent", - "privilege": "DeleteIntentVersion", + "description": "Grants permission to update a load balancer attribute, such as the health check path and session stickiness", + "privilege": "UpdateLoadBalancerAttribute", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "intent version*" + "resource_type": "LoadBalancer*" } ] }, { "access_level": "Write", - "description": "Removes session information for a specified bot, alias, and user ID", - "privilege": "DeleteSession", + "description": "Grants permission to update a relational database", + "privilege": "UpdateRelationalDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "RelationalDatabase*" } ] }, { "access_level": "Write", - "description": "Deletes all versions of a slot type", - "privilege": "DeleteSlotType", + "description": "Grants permission to update the parameters of a relational database", + "privilege": "UpdateRelationalDatabaseParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slottype version*" + "resource_type": "RelationalDatabase*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Domain/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Domain" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Instance/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Instance" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:InstanceSnapshot/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "InstanceSnapshot" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:KeyPair/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "KeyPair" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:StaticIp/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "StaticIp" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Disk/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Disk" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:DiskSnapshot/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "DiskSnapshot" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:LoadBalancer/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "LoadBalancer" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:LoadBalancerTlsCertificate/${Id}", + "condition_keys": [], + "resource": "LoadBalancerTlsCertificate" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:ExportSnapshotRecord/${Id}", + "condition_keys": [], + "resource": "ExportSnapshotRecord" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:CloudFormationStackRecord/${Id}", + "condition_keys": [], + "resource": "CloudFormationStackRecord" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:RelationalDatabase/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RelationalDatabase" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:RelationalDatabaseSnapshot/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RelationalDatabaseSnapshot" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Alarm/${Id}", + "condition_keys": [], + "resource": "Alarm" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Certificate/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Certificate" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:ContactMethod/${Id}", + "condition_keys": [], + "resource": "ContactMethod" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:ContainerService/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ContainerService" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Distribution/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Distribution" + }, + { + "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Bucket/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Bucket" + } + ], + "service_name": "Amazon Lightsail" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "logs:DeliveryDestinationResourceArn", + "description": "Filters access by the Log Destination ARN passed in the request", + "type": "ARN" }, + { + "condition": "logs:LogGeneratingResourceArns", + "description": "Filters access by the Log Generating Resource ARNs passed in the request", + "type": "ArrayOfARN" + } + ], + "prefix": "logs", + "privileges": [ { "access_level": "Write", - "description": "Deletes a specific version of a slot type", - "privilege": "DeleteSlotTypeVersion", + "description": "Grants permission to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group", + "privilege": "AssociateKmsKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slottype version*" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Deletes the information Amazon Lex maintains for utterances on a specific bot and userId", - "privilege": "DeleteUtterances", + "description": "Grants permission to cancel an export task if it is in PENDING or RUNNING state", + "privilege": "CancelExportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Returns information for a specific bot. In addition to the bot name, the bot version or alias is required", - "privilege": "GetBot", + "access_level": "Write", + "description": "Grants permission to create a delivery connecting a delivery source to a delivery destination", + "privilege": "CreateDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "delivery*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version" - } - ] - }, - { - "access_level": "Read", - "description": "Returns information about a Amazon Lex bot alias", - "privilege": "GetBotAlias", - "resource_types": [ + "resource_type": "delivery-destination*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" - } - ] - }, - { - "access_level": "List", - "description": "Returns a list of aliases for a given Amazon Lex bot", - "privilege": "GetBotAliases", - "resource_types": [ + "resource_type": "delivery-source*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Returns information about the association between a Amazon Lex bot and a messaging platform", - "privilege": "GetBotChannelAssociation", + "access_level": "Write", + "description": "Grants permission to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket", + "privilege": "CreateExportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "log-group*" } ] }, { - "access_level": "List", - "description": "Returns a list of all of the channels associated with a single bot", - "privilege": "GetBotChannelAssociations", + "access_level": "Write", + "description": "Grants permission to create a log anomaly detector", + "privilege": "CreateLogAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "log-group*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Returns information for all versions of a specific bot", - "privilege": "GetBotVersions", + "access_level": "Write", + "description": "Grants permission to create the log delivery", + "privilege": "CreateLogDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Returns information for the $LATEST version of all bots, subject to filters provided by the client", - "privilege": "GetBots", + "access_level": "Write", + "description": "Grants permission to create a new log group with the specified name", + "privilege": "CreateLogGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "log-group*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Returns information about a built-in intent", - "privilege": "GetBuiltinIntent", + "access_level": "Write", + "description": "Grants permission to create a new log stream with the specified name", + "privilege": "CreateLogStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "log-stream*" } ] }, { - "access_level": "Read", - "description": "Gets a list of built-in intents that meet the specified criteria", - "privilege": "GetBuiltinIntents", + "access_level": "Write", + "description": "Grants permission to delete a data protection policy attached to an account", + "privilege": "DeleteAccountPolicy", "resource_types": [ { "condition_keys": [], @@ -147548,93 +171363,93 @@ ] }, { - "access_level": "Read", - "description": "Gets a list of built-in slot types that meet the specified criteria", - "privilege": "GetBuiltinSlotTypes", + "access_level": "Write", + "description": "Grants permission to delete a data protection policy attached to a log group", + "privilege": "DeleteDataProtectionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "log-group*" } ] - }, - { - "access_level": "Read", - "description": "Exports Amazon Lex Resource in a requested format", - "privilege": "GetExport", + }, + { + "access_level": "Write", + "description": "Grants permission to delete a delivery", + "privilege": "DeleteDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "delivery*" } ] }, { - "access_level": "Read", - "description": "Gets information about an import job started with StartImport", - "privilege": "GetImport", + "access_level": "Write", + "description": "Grants permission to delete a delivery destination after all associated deliveries are deleted", + "privilege": "DeleteDeliveryDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "delivery-destination*" } ] }, { - "access_level": "Read", - "description": "Returns information for a specific intent. In addition to the intent name, you must also specify the intent version", - "privilege": "GetIntent", + "access_level": "Write", + "description": "Grants permission to delete a delivery destination policy associated with a delivery destination", + "privilege": "DeleteDeliveryDestinationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "intent version*" + "resource_type": "delivery-destination*" } ] }, { - "access_level": "List", - "description": "Returns information for all versions of a specific intent", - "privilege": "GetIntentVersions", + "access_level": "Write", + "description": "Grants permission to delete a delivery source after all associated deliveries are deleted", + "privilege": "DeleteDeliverySource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "intent version*" + "resource_type": "delivery-destination*" } ] }, { - "access_level": "List", - "description": "Returns information for the $LATEST version of all intents, subject to filters provided by the client", - "privilege": "GetIntents", + "access_level": "Write", + "description": "Grants permission to delete the destination with the specified name", + "privilege": "DeleteDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "destination*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view an ongoing or completed migration", - "privilege": "GetMigration", + "access_level": "Write", + "description": "Grants permission to delete a log anomaly detector", + "privilege": "DeleteLogAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "anomaly-detector*" } ] }, { - "access_level": "List", - "description": "Grants permission to view list of migrations from Amazon Lex v1 to Amazon Lex v2", - "privilege": "GetMigrations", + "access_level": "Write", + "description": "Grants permission to delete the log delivery information for specified log delivery", + "privilege": "DeleteLogDelivery", "resource_types": [ { "condition_keys": [], @@ -147644,50 +171459,45 @@ ] }, { - "access_level": "Read", - "description": "Returns session information for a specified bot, alias, and user ID", - "privilege": "GetSession", + "access_level": "Write", + "description": "Grants permission to delete the log group with the specified name", + "privilege": "DeleteLogGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "log-group*" } ] }, { - "access_level": "Read", - "description": "Returns information about a specific version of a slot type. In addition to specifying the slot type name, you must also specify the slot type version", - "privilege": "GetSlotType", + "access_level": "Write", + "description": "Grants permission to delete a log stream", + "privilege": "DeleteLogStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slottype version*" + "resource_type": "log-stream*" } ] }, { - "access_level": "List", - "description": "Returns information for all versions of a specific slot type", - "privilege": "GetSlotTypeVersions", + "access_level": "Write", + "description": "Grants permission to delete a metric filter associated with the specified log group", + "privilege": "DeleteMetricFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slottype version*" + "resource_type": "log-group*" } ] }, { - "access_level": "List", - "description": "Returns information for the $LATEST version of all slot types, subject to filters provided by the client", - "privilege": "GetSlotTypes", + "access_level": "Write", + "description": "Grants permission to delete a saved CloudWatch Logs Insights query definition", + "privilege": "DeleteQueryDefinition", "resource_types": [ { "condition_keys": [], @@ -147697,158 +171507,117 @@ ] }, { - "access_level": "List", - "description": "Returns a view of aggregate utterance data for versions of a bot for a recent time period", - "privilege": "GetUtterancesView", + "access_level": "Permissions management", + "description": "Grants permission to delete a resource policy from this account", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Lists tags for a Lex resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete the retention policy of the specified log group", + "privilege": "DeleteRetentionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Sends user input (text or speech) to Amazon Lex", - "privilege": "PostContent", + "description": "Grants permission to delete a subscription filter associated with the specified log group", + "privilege": "DeleteSubscriptionFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "log-group*" } ] }, { - "access_level": "Write", - "description": "Sends user input (text-only) to Amazon Lex", - "privilege": "PostText", + "access_level": "List", + "description": "Grants permission to retrieve a data protection policy attached to an account", + "privilege": "DescribeAccountPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates or updates the $LATEST version of a Amazon Lex conversational bot", - "privilege": "PutBot", + "access_level": "List", + "description": "Grants permission to retrieve a list of deliveries an account", + "privilege": "DescribeDeliveries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates or updates an alias for the specific bot", - "privilege": "PutBotAlias", + "access_level": "List", + "description": "Grants permission to retrieve a list of delivery destinations an account", + "privilege": "DescribeDeliveryDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates or updates the $LATEST version of an intent", - "privilege": "PutIntent", + "access_level": "List", + "description": "Grants permission to retrieve a list of delivery sources in an account", + "privilege": "DescribeDeliverySources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "intent version*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates a new session or modifies an existing session with an Amazon Lex bot", - "privilege": "PutSession", + "access_level": "List", + "description": "Grants permission to return all the destinations that are associated with the AWS account making the request", + "privilege": "DescribeDestinations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot version" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Creates or updates the $LATEST version of a slot type", - "privilege": "PutSlotType", + "access_level": "List", + "description": "Grants permission to return all the export tasks that are associated with the AWS account making the request", + "privilege": "DescribeExportTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "slottype version*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Starts a job to import a resource to Amazon Lex", - "privilege": "StartImport", + "access_level": "List", + "description": "Grants permission to return all the log groups that are associated with the AWS account making the request", + "privilege": "DescribeLogGroups", "resource_types": [ { "condition_keys": [], @@ -147858,379 +171627,273 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to migrate a bot from Amazon Lex v1 to Amazon Lex v2", - "privilege": "StartMigration", + "access_level": "List", + "description": "Grants permission to return all the log streams that are associated with the specified log group", + "privilege": "DescribeLogStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot version*" + "resource_type": "log-group*" } ] }, { - "access_level": "Tagging", - "description": "Adds or overwrites tags to a Lex resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to return all the metrics filters associated with the specified log group", + "privilege": "DescribeMetricFilters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, + "resource_type": "log-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account", + "privilege": "DescribeQueries", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Removes tags from a Lex resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to return a paginated list of your saved CloudWatch Logs Insights query definitions", + "privilege": "DescribeQueryDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "bot" - }, - { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "bot version" - }, - { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot:${BotName}:${BotAlias}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "bot alias" - }, - { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot-channel:${BotName}:${BotAlias}:${ChannelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:lex:${Region}:${Account}:intent:${IntentName}:${IntentVersion}", - "condition_keys": [], - "resource": "intent version" - }, - { - "arn": "arn:${Partition}:lex:${Region}:${Account}:slottype:${SlotName}:${SlotVersion}", - "condition_keys": [], - "resource": "slottype version" - } - ], - "service_name": "Amazon Lex" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to a Lex resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the set of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "lex", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create new items in an existing custom vocabulary", - "privilege": "BatchCreateCustomVocabularyItem", + "access_level": "List", + "description": "Grants permission to return all the resource policies in this account", + "privilege": "DescribeResourcePolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete existing items in an existing custom vocabulary", - "privilege": "BatchDeleteCustomVocabularyItem", + "access_level": "List", + "description": "Grants permission to return all the subscription filters associated with the specified log group", + "privilege": "DescribeSubscriptionFilters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to update existing items in an existing custom vocabulary", - "privilege": "BatchUpdateCustomVocabularyItem", + "description": "Grants permission to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group", + "privilege": "DisassociateKmsKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to build an existing bot locale in a bot", - "privilege": "BuildBotLocale", + "access_level": "Read", + "description": "Grants permission to retrieve log events, optionally filtered by a filter pattern from the specified log group", + "privilege": "FilterLogEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new bot and a test bot alias pointing to the DRAFT bot version", - "privilege": "CreateBot", + "access_level": "Read", + "description": "Grants permission to retrieve a data protection policy attached to a log group", + "privilege": "GetDataProtectionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "log-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new bot alias in a bot", - "privilege": "CreateBotAlias", + "access_level": "Read", + "description": "Grants permission to retrieve a single delivery", + "privilege": "GetDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "delivery*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a bot channel in an existing bot", - "privilege": "CreateBotChannel", + "access_level": "Read", + "description": "Grants permission to retrieve a single delivery destination", + "privilege": "GetDeliveryDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "delivery-destination*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new bot locale in an existing bot", - "privilege": "CreateBotLocale", + "access_level": "Read", + "description": "Grants permission to retrieve a delivery destination policy attached to a delivery destination", + "privilege": "GetDeliveryDestinationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "delivery-destination*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new version of an existing bot", - "privilege": "CreateBotVersion", + "access_level": "Read", + "description": "Grants permission to retrieve a single delivery source", + "privilege": "GetDeliverySource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "delivery-source*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new custom vocabulary in an existing bot locale", - "privilege": "CreateCustomVocabulary", + "access_level": "Read", + "description": "Grants permission to get a log anomaly detector", + "privilege": "GetLogAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "anomaly-detector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an export for an existing resource", - "privilege": "CreateExport", + "access_level": "Read", + "description": "Grants permission to get the log delivery information for specified log delivery", + "privilege": "GetLogDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "test set" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new intent in an existing bot locale", - "privilege": "CreateIntent", + "access_level": "Read", + "description": "Grants permission to retrieve log events from the specified log stream", + "privilege": "GetLogEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-stream*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new resource policy for a Lex resource", - "privilege": "CreateResourcePolicy", + "access_level": "Read", + "description": "Grants permission to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field", + "privilege": "GetLogGroupFields", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, + "resource_type": "log-group*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve all the fields and values of a single log event", + "privilege": "GetLogRecord", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "log-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new slot in an intent", - "privilege": "CreateSlot", + "access_level": "Read", + "description": "Grants permission to return the results from the specified query", + "privilege": "GetQueryResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new slot type in an existing bot locale", - "privilege": "CreateSlotType", + "description": "Grants permission to share CloudWatch resources with a monitoring account", + "privilege": "Link", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to import a new test-set", - "privilege": "CreateTestSet", + "access_level": "List", + "description": "Grants permission to list all anomalies detected in the AWS account making the request", + "privilege": "ListAnomalies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "anomaly-detector" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a test set discrepancy report", - "privilege": "CreateTestSetDiscrepancyReport", + "access_level": "List", + "description": "Grants permission to return all the anomaly detectors that are associated with the AWS account making the request", + "privilege": "ListLogAnomalyDetectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "log-group" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an upload url for import file", - "privilege": "CreateUploadUrl", + "access_level": "List", + "description": "Grants permission to list all the log deliveries for specified account and/or log source", + "privilege": "ListLogDeliveries", "resource_types": [ { "condition_keys": [], @@ -148240,606 +171903,777 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing bot", - "privilege": "DeleteBot", + "access_level": "List", + "description": "Grants permission to list the tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lex:DeleteBotAlias", - "lex:DeleteBotChannel", - "lex:DeleteBotLocale", - "lex:DeleteBotVersion", - "lex:DeleteIntent", - "lex:DeleteSlot", - "lex:DeleteSlotType" - ], - "resource_type": "bot*" + "dependent_actions": [], + "resource_type": "anomaly-detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "delivery" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "delivery-destination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "delivery-source" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "destination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "log-group" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing bot alias in a bot", - "privilege": "DeleteBotAlias", + "access_level": "List", + "description": "Grants permission to list the tags for the specified log group", + "privilege": "ListTagsLogGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing bot channel", - "privilege": "DeleteBotChannel", + "description": "Grants permission to attach a data protection policy at account level to detect and redact sensitive information from log events", + "privilege": "PutAccountPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing bot locale in a bot", - "privilege": "DeleteBotLocale", + "description": "Grants permission to attach a data protection policy to detect and redact sensitive information from log events", + "privilege": "PutDataProtectionPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lex:DeleteIntent", - "lex:DeleteSlot", - "lex:DeleteSlotType" - ], - "resource_type": "bot*" + "dependent_actions": [], + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing bot version", - "privilege": "DeleteBotVersion", + "description": "Grants permission to create/update a delivery destination", + "privilege": "PutDeliveryDestination", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "delivery-destination*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "logs:DeliveryDestinationResourceArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing custom vocabulary in a bot locale", - "privilege": "DeleteCustomVocabulary", + "description": "Grants permission to attach a delivery destination policy to a delivery destination", + "privilege": "PutDeliveryDestinationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "delivery-destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing export", - "privilege": "DeleteExport", + "description": "Grants permission to create/update a delivery source", + "privilege": "PutDeliverySource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "delivery-source*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "logs:LogGeneratingResourceArns" + ], "dependent_actions": [], - "resource_type": "test set" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing import", - "privilege": "DeleteImport", + "description": "Grants permission to create or update a Destination", + "privilege": "PutDestination", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "destination*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "test set" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing intent in a bot locale", - "privilege": "DeleteIntent", + "description": "Grants permission to create or update an access policy associated with an existing Destination", + "privilege": "PutDestinationPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "destination*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing resource policy for a Lex resource", - "privilege": "DeleteResourcePolicy", + "description": "Grants permission to upload a batch of log events to the specified log stream", + "privilege": "PutLogEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "log-stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete session information for a bot alias and user ID", - "privilege": "DeleteSession", + "description": "Grants permission to create or update a metric filter and associates it with the specified log group", + "privilege": "PutMetricFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing slot in an intent", - "privilege": "DeleteSlot", + "description": "Grants permission to create or update a query definition", + "privilege": "PutQueryDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an existing slot type in a bot locale", - "privilege": "DeleteSlotType", + "access_level": "Permissions management", + "description": "Grants permission to create or update a resource policy allowing other AWS services to put log events to this account", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an existing test set", - "privilege": "DeleteTestSet", + "description": "Grants permission to set the retention of the specified log group", + "privilege": "PutRetentionPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "log-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete utterance data for a bot", - "privilege": "DeleteUtterances", + "description": "Grants permission to create or update a subscription filter and associates it with the specified log group", + "privilege": "PutSubscriptionFilter", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "log-group*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "destination" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing bot", - "privilege": "DescribeBot", + "description": "Grants permission to start a Live Tail session in CloudWatch Logs", + "privilege": "StartLiveTail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing bot alias", - "privilege": "DescribeBotAlias", + "description": "Grants permission to schedule a query of a log group using CloudWatch Logs Insights", + "privilege": "StartQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "log-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing bot channel", - "privilege": "DescribeBotChannel", + "description": "Grants permission to stop a Live Tail session that is in progress", + "privilege": "StopLiveTail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing bot locale", - "privilege": "DescribeBotLocale", + "description": "Grants permission to stop a CloudWatch Logs Insights query that is in progress", + "privilege": "StopQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve metadata information about a bot recommendation", - "privilege": "DescribeBotRecommendation", + "access_level": "Tagging", + "description": "Grants permission to add or update the specified tags for the specified log group", + "privilege": "TagLogGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an existing bot version", - "privilege": "DescribeBotVersion", + "access_level": "Tagging", + "description": "Grants permission to add or update the specified tags for the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "anomaly-detector" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "delivery" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "delivery-destination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "delivery-source" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "destination" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "log-group" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve an existing custom vocabulary", - "privilege": "DescribeCustomVocabulary", + "description": "Grants permission to test the filter pattern of a metric filter against a sample of log event messages", + "privilege": "TestMetricFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve metadata of an existing custom vocabulary", - "privilege": "DescribeCustomVocabularyMetadata", + "description": "Grants permission to fetch unmasked log events that have been redacted with a data protection policy", + "privilege": "Unmask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an existing export", - "privilege": "DescribeExport", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the specified log group", + "privilege": "UntagLogGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lex:DescribeBot", - "lex:DescribeBotLocale", - "lex:DescribeIntent", - "lex:DescribeSlot", - "lex:DescribeSlotType", - "lex:ListBotLocales", - "lex:ListIntents", - "lex:ListSlotTypes", - "lex:ListSlots" - ], - "resource_type": "bot" + "dependent_actions": [], + "resource_type": "log-group*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "test set" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an existing import", - "privilege": "DescribeImport", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "anomaly-detector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve an existing intent", - "privilege": "DescribeIntent", - "resource_types": [ + "resource_type": "delivery" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve an existing resource policy for a Lex resource", - "privilege": "DescribeResourcePolicy", - "resource_types": [ + "resource_type": "delivery-destination" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "delivery-source" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve an existing slot", - "privilege": "DescribeSlot", - "resource_types": [ + "resource_type": "destination" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "log-group" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an existing slot type", - "privilege": "DescribeSlotType", + "access_level": "Write", + "description": "Grants permission to update an anomaly reported by a log anomaly detector", + "privilege": "UpdateAnomaly", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "anomaly-detector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve test execution metadata", - "privilege": "DescribeTestExecution", + "access_level": "Write", + "description": "Grants permission to update a log anomaly detector", + "privilege": "UpdateLogAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "anomaly-detector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an existing test set", - "privilege": "DescribeTestSet", + "access_level": "Write", + "description": "Grants permission to update the log delivery information for specified log delivery", + "privilege": "UpdateLogDelivery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "log-group" }, { - "access_level": "Read", - "description": "Grants permission to retrieve test set discrepancy report metadata", - "privilege": "DescribeTestSetDiscrepancyReport", + "arn": "arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}:log-stream:${LogStreamName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "log-stream" + }, + { + "arn": "arn:${Partition}:logs:${Region}:${Account}:destination:${DestinationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "destination" + }, + { + "arn": "arn:${Partition}:logs:${Region}:${Account}:delivery-source:${DeliverySourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "delivery-source" + }, + { + "arn": "arn:${Partition}:logs:${Region}:${Account}:delivery:${DeliveryName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "delivery" + }, + { + "arn": "arn:${Partition}:logs:${Region}:${Account}:delivery-destination:${DeliveryDestinationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "delivery-destination" + }, + { + "arn": "arn:${Partition}:logs:${Region}:${Account}:anomaly-detector:${DetectorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "anomaly-detector" + } + ], + "service_name": "Amazon CloudWatch Logs" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "lookoutequipment:IsImportingData", + "description": "Filters access by the import strategy of underlying data", + "type": "Bool" + } + ], + "prefix": "lookoutequipment", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a dataset", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "dataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve test set generation metadata", - "privilege": "DescribeTestSetGeneration", + "access_level": "Write", + "description": "Grants permission to create an inference scheduler for a trained model", + "privilege": "CreateInferenceScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve session information for a bot alias and user ID", - "privilege": "GetSession", - "resource_types": [ + "resource_type": "inference-scheduler*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "model*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve artifacts URL for a test execution", - "privilege": "GetTestExecutionArtifactsUrl", + "access_level": "Write", + "description": "Grants permission to create a label", + "privilege": "CreateLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "label-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list utterances and statistics for a bot", - "privilege": "ListAggregatedUtterances", + "access_level": "Write", + "description": "Grants permission to create a label group", + "privilege": "CreateLabelGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "label-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list bot aliases in an bot", - "privilege": "ListBotAliases", + "access_level": "Write", + "description": "Grants permission to create a model that is trained on a dataset", + "privilege": "CreateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "dataset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "label-group" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list bot channels", - "privilege": "ListBotChannels", + "access_level": "Write", + "description": "Grants permission to create a retraining scheduler for a trained model", + "privilege": "CreateRetrainingScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list bot locales in a bot", - "privilege": "ListBotLocales", + "access_level": "Write", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "dataset*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of bot recommendations that meet the specified criteria", - "privilege": "ListBotRecommendations", + "access_level": "Write", + "description": "Grants permission to delete an inference scheduler", + "privilege": "DeleteInferenceScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "inference-scheduler*" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing bot versions", - "privilege": "ListBotVersions", + "access_level": "Write", + "description": "Grants permission to delete a label", + "privilege": "DeleteLabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "label-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing bots", - "privilege": "ListBots", + "access_level": "Write", + "description": "Grants permission to delete a label group", + "privilege": "DeleteLabelGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "label-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list built-in intents", - "privilege": "ListBuiltInIntents", + "access_level": "Write", + "description": "Grants permission to delete a model", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list built-in slot types", - "privilege": "ListBuiltInSlotTypes", + "access_level": "Write", + "description": "Grants permission to delete a resource policy", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-version" } ] }, { - "access_level": "List", - "description": "Grants permission to list items of an existing custom vocabulary", - "privilege": "ListCustomVocabularyItems", + "access_level": "Write", + "description": "Grants permission to delete a retraining scheduler of a trained model", + "privilege": "DeleteRetrainingScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list existing exports", - "privilege": "ListExports", + "access_level": "Read", + "description": "Grants permission to describe a data ingestion job", + "privilege": "DescribeDataIngestionJob", "resource_types": [ { "condition_keys": [], @@ -148849,517 +172683,591 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list existing imports", - "privilege": "ListImports", + "access_level": "Read", + "description": "Grants permission to describe a dataset", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list intents in a bot", - "privilege": "ListIntents", + "access_level": "Read", + "description": "Grants permission to describe an inference scheduler", + "privilege": "DescribeInferenceScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "inference-scheduler*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of recommended intents provided by the bot recommendation", - "privilege": "ListRecommendedIntents", + "access_level": "Read", + "description": "Grants permission to describe a label group", + "privilege": "DescribeLabelGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "label-group*" } ] }, { - "access_level": "List", - "description": "Grants permission to list slot types in a bot", - "privilege": "ListSlotTypes", + "access_level": "Read", + "description": "Grants permission to describe a model", + "privilege": "DescribeModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list slots in an intent", - "privilege": "ListSlots", + "access_level": "Read", + "description": "Grants permission to describe a model version", + "privilege": "DescribeModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "model-version*" } ] }, { "access_level": "Read", - "description": "Grants permission to lists tags for a Lex resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe a resource policy", + "privilege": "DescribeResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" + "resource_type": "model-version" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve test results data for a test execution", - "privilege": "ListTestExecutionResultItems", + "description": "Grants permission to describe a retraining scheduler of a trained model", + "privilege": "DescribeRetrainingScheduler", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lex:ListTestSetRecords" - ], - "resource_type": "test set*" + "dependent_actions": [], + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list test executions", - "privilege": "ListTestExecutions", + "access_level": "Read", + "description": "Grants permission to describe a label", + "privilege": "Describelabel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "label-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve records inside an existing test set", - "privilege": "ListTestSetRecords", + "access_level": "Write", + "description": "Grants permission to import a dataset", + "privilege": "ImportDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "dataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list test sets", - "privilege": "ListTestSets", + "access_level": "Write", + "description": "Grants permission to import a model version", + "privilege": "ImportModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "dataset*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "label-group" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "lookoutequipment:IsImportingData" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new session or modify an existing session for a bot alias and user ID", - "privilege": "PutSession", + "access_level": "List", + "description": "Grants permission to list the data ingestion jobs in your account or for a particular dataset", + "privilege": "ListDataIngestionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "dataset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to send user input (text-only) to an bot alias", - "privilege": "RecognizeText", + "access_level": "List", + "description": "Grants permission to list the datasets in your account", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to send user input (text or speech) to an bot alias", - "privilege": "RecognizeUtterance", + "access_level": "Read", + "description": "Grants permission to list the inference events for an inference scheduler", + "privilege": "ListInferenceEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "inference-scheduler*" } ] }, { - "access_level": "List", - "description": "Grants permission to search for associated transcripts that meet the specified criteria", - "privilege": "SearchAssociatedTranscripts", + "access_level": "Read", + "description": "Grants permission to list the inference executions for an inference scheduler", + "privilege": "ListInferenceExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "inference-scheduler*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a bot recommendation for an existing bot locale", - "privilege": "StartBotRecommendation", + "access_level": "List", + "description": "Grants permission to list the inference schedulers in your account", + "privilege": "ListInferenceSchedulers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stream user input (speech/text/DTMF) to a bot alias", - "privilege": "StartConversation", + "access_level": "List", + "description": "Grants permission to list the label groups in your account", + "privilege": "ListLabelGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "label-group*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a new import with the uploaded import file", - "privilege": "StartImport", + "access_level": "List", + "description": "Grants permission to list the labels in your account", + "privilege": "ListLabels", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "lex:CreateBot", - "lex:CreateBotLocale", - "lex:CreateCustomVocabulary", - "lex:CreateIntent", - "lex:CreateSlot", - "lex:CreateSlotType", - "lex:CreateTestSet", - "lex:DeleteBotLocale", - "lex:DeleteCustomVocabulary", - "lex:DeleteIntent", - "lex:DeleteSlot", - "lex:DeleteSlotType", - "lex:UpdateBot", - "lex:UpdateBotLocale", - "lex:UpdateCustomVocabulary", - "lex:UpdateIntent", - "lex:UpdateSlot", - "lex:UpdateSlotType", - "lex:UpdateTestSet" - ], - "resource_type": "bot" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" - }, + "resource_type": "label-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the model versions in your account", + "privilege": "ListModelVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a test execution using a test set", - "privilege": "StartTestExecution", + "access_level": "List", + "description": "Grants permission to list the models in your account", + "privilege": "ListModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to generate a test set", - "privilege": "StartTestSetGeneration", + "access_level": "List", + "description": "Grants permission to list the retraining schedulers in your account", + "privilege": "ListRetrainingSchedulers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a bot recommendation for an existing bot locale", - "privilege": "StopBotRecommendation", + "access_level": "List", + "description": "Grants permission to list the sensor statistics for a particular dataset or an ingestion job", + "privilege": "ListSensorStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "dataset*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrite tags of a Lex resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "inference-scheduler" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" + "resource_type": "label-group" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-version" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a Lex resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to put a resource policy", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "dataset" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "model" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "model-version" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing bot", - "privilege": "UpdateBot", + "description": "Grants permission to start a data ingestion job for a dataset", + "privilege": "StartDataIngestionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing bot alias", - "privilege": "UpdateBotAlias", + "description": "Grants permission to start an inference scheduler", + "privilege": "StartInferenceScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias*" + "resource_type": "inference-scheduler*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing bot locale", - "privilege": "UpdateBotLocale", + "description": "Grants permission to start a retraining scheduler of a trained model", + "privilege": "StartRetrainingScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "model*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing bot recommendation request", - "privilege": "UpdateBotRecommendation", + "description": "Grants permission to stop an inference scheduler", + "privilege": "StopInferenceScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "inference-scheduler*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing custom vocabulary", - "privilege": "UpdateCustomVocabulary", + "description": "Grants permission to stop a retraining scheduler of a trained model", + "privilege": "StopRetrainingScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing export", - "privilege": "UpdateExport", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-scheduler" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "label-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-version" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing intent", - "privilege": "UpdateIntent", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "dataset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-scheduler" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "label-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model-version" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing resource policy for a Lex resource", - "privilege": "UpdateResourcePolicy", + "description": "Grants permission to set the active model version for a given machine learning model", + "privilege": "UpdateActiveModelVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot" + "resource_type": "model*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot alias" + "resource_type": "model-version*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing slot", - "privilege": "UpdateSlot", + "description": "Grants permission to update an inference scheduler", + "privilege": "UpdateInferenceScheduler", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "inference-scheduler*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing slot type", - "privilege": "UpdateSlotType", + "description": "Grants permission to update a label group", + "privilege": "UpdateLabelGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "bot*" + "resource_type": "label-group*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing test set", - "privilege": "UpdateTestSet", + "description": "Grants permission to update a trained model", + "privilege": "UpdateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "test set*" + "resource_type": "model*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a retraining scheduler of a trained model", + "privilege": "UpdateRetrainingScheduler", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot/${BotId}", + "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:dataset/${DatasetName}/${DatasetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "bot" + "resource": "dataset" }, { - "arn": "arn:${Partition}:lex:${Region}:${Account}:bot-alias/${BotId}/${BotAliasId}", + "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:model/${ModelName}/${ModelId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "bot alias" + "resource": "model" }, { - "arn": "arn:${Partition}:lex:${Region}:${Account}:test-set/${TestSetId}", + "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:model/${ModelName}/${ModelId}/model-version/${ModelVersionNumber}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "test set" + "resource": "model-version" + }, + { + "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:inference-scheduler/${InferenceSchedulerName}/${InferenceSchedulerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "inference-scheduler" + }, + { + "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:label-group/${LabelGroupName}/${LabelGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "label-group" } ], - "service_name": "Amazon Lex V2" + "service_name": "Amazon Lookout for Equipment" }, { "conditions": [ @@ -149369,107 +173277,77 @@ "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", - "type": "ArrayOfString" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, { - "condition": "license-manager:ResourceTag/${TagKey}", - "description": "Filters access by the tag key-value pairs attached to the resource", - "type": "String" + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" } ], - "prefix": "license-manager", + "prefix": "lookoutmetrics", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept a grant", - "privilege": "AcceptGrant", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "grant*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to check in license entitlements back to pool", - "privilege": "CheckInLicense", + "description": "Grants permission to activate an anomaly detector", + "privilege": "ActivateAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Write", - "description": "Grants permission to check out license entitlements for borrow use case", - "privilege": "CheckoutBorrowLicense", + "description": "Grants permission to run a backtest with an anomaly detector", + "privilege": "BackTestAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Write", - "description": "Grants permission to check out license entitlements", - "privilege": "CheckoutLicense", + "description": "Grants permission to create an alert for an anomaly detector", + "privilege": "CreateAlert", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new grant for license", - "privilege": "CreateGrant", - "resource_types": [ + "resource_type": "Alert*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create new version of grant", - "privilege": "CreateGrantVersion", - "resource_types": [ + "resource_type": "AnomalyDetector*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "grant*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new license", - "privilege": "CreateLicense", + "description": "Grants permission to create an anomaly detector", + "privilege": "CreateAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new license configuration", - "privilege": "CreateLicenseConfiguration", - "resource_types": [ + "resource_type": "AnomalyDetector*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -149482,21 +173360,19 @@ }, { "access_level": "Write", - "description": "Grants permission to create a license conversion task for a resource", - "privilege": "CreateLicenseConversionTaskForResource", + "description": "Grants permission to create a dataset", + "privilege": "CreateMetricSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a report generator for a license configuration", - "privilege": "CreateLicenseManagerReportGenerator", - "resource_types": [ + "resource_type": "AnomalyDetector*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "MetricSet*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -149509,152 +173385,140 @@ }, { "access_level": "Write", - "description": "Grants permission to create new version of license", - "privilege": "CreateLicenseVersion", + "description": "Grants permission to deactivate an anomaly detector", + "privilege": "DeactivateAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new token for license", - "privilege": "CreateToken", + "description": "Grants permission to delete an alert", + "privilege": "DeleteAlert", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" + "resource_type": "Alert*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a grant", - "privilege": "DeleteGrant", + "description": "Grants permission to delete an anomaly detector", + "privilege": "DeleteAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "grant*" + "resource_type": "AnomalyDetector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a license", - "privilege": "DeleteLicense", + "access_level": "Read", + "description": "Grants permission to get details about an alert", + "privilege": "DescribeAlert", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" + "resource_type": "Alert*" } ] }, { - "access_level": "Write", - "description": "Grants permission to permanently delete a license configuration", - "privilege": "DeleteLicenseConfiguration", + "access_level": "Read", + "description": "Grants permission to get information about an anomaly detection job", + "privilege": "DescribeAnomalyDetectionExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "AnomalyDetector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a report generator", - "privilege": "DeleteLicenseManagerReportGenerator", + "access_level": "Read", + "description": "Grants permission to get details about an anomaly detector", + "privilege": "DescribeAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-generator*" + "resource_type": "AnomalyDetector*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete token", - "privilege": "DeleteToken", + "access_level": "Read", + "description": "Grants permission to get details about a dataset", + "privilege": "DescribeMetricSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "MetricSet*" } ] }, { "access_level": "Write", - "description": "Grants permission to extend consumption period of already checkout license entitlements", - "privilege": "ExtendLicenseConsumption", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get access token", - "privilege": "GetAccessToken", + "description": "Grants permission to detect metric set config from data source", + "privilege": "DetectMetricSetConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a grant", - "privilege": "GetGrant", + "description": "Grants permission to get details about a group of affected metrics", + "privilege": "GetAnomalyGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "grant*" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a license", - "privilege": "GetLicense", + "description": "Grants permission to get data quality metrics for an anomaly detector", + "privilege": "GetDataQualityMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a license configuration", - "privilege": "GetLicenseConfiguration", + "description": "Grants permission to get feedback on affected metrics for an anomaly group", + "privilege": "GetFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a license conversion task", - "privilege": "GetLicenseConversionTask", + "description": "Grants permission to get a selection of sample records from an Amazon S3 datasource", + "privilege": "GetSampleData", "resource_types": [ { "condition_keys": [], @@ -149664,266 +173528,274 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a report generator", - "privilege": "GetLicenseManagerReportGenerator", + "access_level": "List", + "description": "Grants permission to get a list of alerts for a detector", + "privilege": "ListAlerts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-generator*" + "resource_type": "AnomalyDetector" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a license usage", - "privilege": "GetLicenseUsage", + "access_level": "List", + "description": "Grants permission to get a list of anomaly detectors", + "privilege": "ListAnomalyDetectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get service settings", - "privilege": "GetServiceSettings", + "description": "Grants permission to get a list of related measures in an anomaly group", + "privilege": "ListAnomalyGroupRelatedMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "List", - "description": "Grants permission to list associations for a selected license configuration", - "privilege": "ListAssociationsForLicenseConfiguration", + "description": "Grants permission to get a list of anomaly groups", + "privilege": "ListAnomalyGroupSummaries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "List", - "description": "Grants permission to list distributed grants", - "privilege": "ListDistributedGrants", + "description": "Grants permission to get a list of affected metrics for a measure in an anomaly group", + "privilege": "ListAnomalyGroupTimeSeries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnomalyDetector*" } ] }, { "access_level": "List", - "description": "Grants permission to list the license configuration operations that failed", - "privilege": "ListFailuresForLicenseConfigurationOperations", + "description": "Grants permission to get a list of datasets", + "privilege": "ListMetricSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "AnomalyDetector" } ] }, { "access_level": "Read", - "description": "Grants permission to list license configurations", - "privilege": "ListLicenseConfigurations", + "description": "Grants permission to get a list of tags for a detector, dataset, or alert", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list license conversion tasks", - "privilege": "ListLicenseConversionTasks", - "resource_types": [ + "resource_type": "Alert" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list report generators", - "privilege": "ListLicenseManagerReportGenerators", - "resource_types": [ + "resource_type": "AnomalyDetector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration" + "resource_type": "MetricSet" } ] }, { - "access_level": "List", - "description": "Grants permission to list license specifications associated with a selected resource", - "privilege": "ListLicenseSpecificationsForResource", + "access_level": "Write", + "description": "Grants permission to add feedback for an affected metric in an anomaly group", + "privilege": "PutFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnomalyDetector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list license versions", - "privilege": "ListLicenseVersions", + "access_level": "Tagging", + "description": "Grants permission to add tags to a detector, dataset, or alert", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list licenses", - "privilege": "ListLicenses", - "resource_types": [ + "resource_type": "Alert" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list received grants", - "privilege": "ListReceivedGrants", - "resource_types": [ + "resource_type": "AnomalyDetector" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list received grants for organization", - "privilege": "ListReceivedGrantsForOrganization", - "resource_types": [ + "resource_type": "MetricSet" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list received licenses", - "privilege": "ListReceivedLicenses", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a detector, dataset, or alert", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list received licenses for organization", - "privilege": "ListReceivedLicensesForOrganization", - "resource_types": [ + "resource_type": "Alert" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list resource inventory", - "privilege": "ListResourceInventory", - "resource_types": [ + "resource_type": "AnomalyDetector" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "MetricSet" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a selected resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update an alert for an anomaly detector", + "privilege": "UpdateAlert", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "Alert*" } ] }, { - "access_level": "List", - "description": "Grants permission to list tokens", - "privilege": "ListTokens", + "access_level": "Write", + "description": "Grants permission to update an anomaly detector", + "privilege": "UpdateAnomalyDetector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnomalyDetector*" } ] }, { - "access_level": "List", - "description": "Grants permission to list usage records for selected license configuration", - "privilege": "ListUsageForLicenseConfiguration", + "access_level": "Write", + "description": "Grants permission to update a dataset", + "privilege": "UpdateMetricSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "MetricSet*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:lookoutmetrics:${Region}:${Account}:AnomalyDetector:${AnomalyDetectorName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "AnomalyDetector" + }, + { + "arn": "arn:${Partition}:lookoutmetrics:${Region}:${Account}:MetricSet/${AnomalyDetectorName}/${MetricSetName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "MetricSet" + }, + { + "arn": "arn:${Partition}:lookoutmetrics:${Region}:${Account}:Alert:${AlertName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Alert" + } + ], + "service_name": "Amazon Lookout for Metrics" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "lookoutvision", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to reject a grant", - "privilege": "RejectGrant", + "description": "Grants permission to create a dataset manifest", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "grant*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a selected resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a new anomaly detection model", + "privilege": "CreateModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "model*" }, { "condition_keys": [ @@ -149936,57 +173808,57 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a selected resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a new project", + "privilege": "CreateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "project*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing license configuration", - "privilege": "UpdateLicenseConfiguration", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a report generator for a license configuration", - "privilege": "UpdateLicenseManagerReportGenerator", + "description": "Grants permission to delete a model and all associated assets", + "privilege": "DeleteModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "report-generator*" + "resource_type": "model*" } ] }, { "access_level": "Write", - "description": "Grants permission to updates license specifications for a selected resource", - "privilege": "UpdateLicenseSpecificationsForResource", + "description": "Grants permission to permanently remove a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "license-configuration*" + "resource_type": "project*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to updates service settings", - "privilege": "UpdateServiceSettings", + "access_level": "Read", + "description": "Grants permission to show detailed information about dataset manifest", + "privilege": "DescribeDataset", "resource_types": [ { "condition_keys": [], @@ -149994,44 +173866,47 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:license-manager:${Region}:${Account}:license-configuration:${LicenseConfigurationId}", - "condition_keys": [ - "license-manager:ResourceTag/${TagKey}" - ], - "resource": "license-configuration" }, { - "arn": "arn:${Partition}:license-manager::${Account}:license:${LicenseId}", - "condition_keys": [], - "resource": "license" + "access_level": "Read", + "description": "Grants permission to show detailed information about a model", + "privilege": "DescribeModel", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "model*" + } + ] }, { - "arn": "arn:${Partition}:license-manager::${Account}:grant:${GrantId}", - "condition_keys": [], - "resource": "grant" + "access_level": "Read", + "description": "Grants permission to show detailed information about a model packaging job", + "privilege": "DescribeModelPackagingJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:license-manager:${Region}:${Account}:report-generator:${ReportGeneratorId}", - "condition_keys": [ - "license-manager:ResourceTag/${TagKey}" - ], - "resource": "report-generator" - } - ], - "service_name": "AWS License Manager" - }, - { - "conditions": [], - "prefix": "license-manager-linux-subscriptions", - "privileges": [ + "access_level": "Read", + "description": "Grants permission to show detailed information about a project", + "privilege": "DescribeProject", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "project*" + } + ] + }, { - "access_level": "Write", - "description": "Grants permission to get the service settings for Linux subscriptions in AWS License Manager", - "privilege": "GetServiceSettings", + "access_level": "Read", + "description": "Grants permission to provides state information about a running anomaly detection job", + "privilege": "DescribeTrialDetection", "resource_types": [ { "condition_keys": [], @@ -150042,20 +173917,20 @@ }, { "access_level": "Write", - "description": "Grants permission to list all instances with Linux subscriptions in AWS License Manager", - "privilege": "ListLinuxSubscriptionInstances", + "description": "Grants permission to invoke detection of anomalies", + "privilege": "DetectAnomalies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to list all Linux subscriptions in AWS License Manager", - "privilege": "ListLinuxSubscriptions", + "access_level": "Read", + "description": "Grants permission to list the contents of dataset manifest", + "privilege": "ListDatasetEntries", "resource_types": [ { "condition_keys": [], @@ -150065,9 +173940,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update the service settings for Linux subscriptions in AWS License Manager", - "privilege": "UpdateServiceSettings", + "access_level": "List", + "description": "Grants permission to list all model packaging jobs associated with a project", + "privilege": "ListModelPackagingJobs", "resource_types": [ { "condition_keys": [], @@ -150075,19 +173950,11 @@ "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "AWS License Manager Linux Subscriptions Manager" - }, - { - "conditions": [], - "prefix": "license-manager-user-subscriptions", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to associate a subscribed user to an instance launched with license manager user subscriptions products", - "privilege": "AssociateUser", + "access_level": "List", + "description": "Grants permission to list all models associated with a project", + "privilege": "ListModels", "resource_types": [ { "condition_keys": [], @@ -150097,9 +173964,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to deregister Microsoft Active Directory with license-manager-user-subscriptions for a product", - "privilege": "DeregisterIdentityProvider", + "access_level": "List", + "description": "Grants permission to list all projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], @@ -150109,21 +173976,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a subscribed user from an instance launched with license manager user subscriptions products", - "privilege": "DisassociateUser", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model" } ] }, { "access_level": "List", - "description": "Grants permission to list all the identity providers on license manager user subscriptions", - "privilege": "ListIdentityProviders", + "description": "Grants permission to list all anomaly detection jobs", + "privilege": "ListTrialDetections", "resource_types": [ { "condition_keys": [], @@ -150133,33 +174000,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the instances launched with license manager user subscription products", - "privilege": "ListInstances", + "access_level": "Write", + "description": "Grants permission to start anomaly detection model", + "privilege": "StartModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to lists all the product subscriptions for a product and identity provider", - "privilege": "ListProductSubscriptions", + "access_level": "Write", + "description": "Grants permission to start a model packaging job", + "privilege": "StartModelPackagingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the users associated to an instance launched for a product", - "privilege": "ListUserAssociations", + "access_level": "Write", + "description": "Grants permission to start bulk detection of anomalies for a set of images stored in an S3 bucket", + "privilege": "StartTrialDetection", "resource_types": [ { "condition_keys": [], @@ -150170,44 +174037,59 @@ }, { "access_level": "Write", - "description": "Grants permission to registers Microsoft Active Directory with license-manager-user-subscriptions for a product", - "privilege": "RegisterIdentityProvider", + "description": "Grants permission to stop anomaly detection model", + "privilege": "StopModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "model*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start product subscription for a user on a registered active directory for a product", - "privilege": "StartProductSubscription", + "access_level": "Tagging", + "description": "Grants permission to tag a resource with given key value pairs", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop product subscription for a user on a registered active directory for a product", - "privilege": "StopProductSubscription", + "access_level": "Tagging", + "description": "Grants permission to remove the tag with the given key from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "model" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the identity provider configuration", - "privilege": "UpdateIdentityProviderSettings", + "description": "Grants permission to update a training or test dataset manifest", + "privilege": "UpdateDatasetEntries", "resource_types": [ { "condition_keys": [], @@ -150217,8 +174099,21 @@ ] } ], - "resources": [], - "service_name": "AWS License Manager User Subscriptions" + "resources": [ + { + "arn": "arn:${Partition}:lookoutvision:${Region}:${Account}:model/${ProjectName}/${ModelVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "model" + }, + { + "arn": "arn:${Partition}:lookoutvision:${Region}:${Account}:project/${ProjectName}", + "condition_keys": [], + "resource": "project" + } + ], + "service_name": "Amazon Lookout for Vision" }, { "conditions": [ @@ -150238,214 +174133,259 @@ "type": "ArrayOfString" } ], - "prefix": "lightsail", + "prefix": "m2", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a static IP address that can be attached to an instance", - "privilege": "AllocateStaticIp", + "description": "Grants permission to cancel the execution of a batch job", + "privilege": "CancelBatchJobExecution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "s3:GetObject", + "s3:ListBucket" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attach an SSL/TLS certificate to your Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "AttachCertificateToDistribution", + "description": "Grants permission to create a data set import task", + "privilege": "CreateDataSetImportTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Certificate*" + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a deployment", + "privilege": "CreateDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:RegisterTargets" + ], + "resource_type": "Application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Distribution*" + "resource_type": "Environment" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a disk to an instance", - "privilege": "AttachDisk", + "description": "Grants permission to Create an environment", + "privilege": "CreateEnvironment", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Disk*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "elasticfilesystem:DescribeMountTargets", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer", + "fsx:DescribeFileSystems", + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attach one or more instances to a load balancer", - "privilege": "AttachInstancesToLoadBalancer", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "LoadBalancer*" + "dependent_actions": [ + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup" + ], + "resource_type": "Application*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a TLS certificate to a load balancer", - "privilege": "AttachLoadBalancerTlsCertificate", + "description": "Grants permission to delete an application from a runtime environment", + "privilege": "DeleteApplicationFromEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "LoadBalancer*" + "dependent_actions": [ + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup" + ], + "resource_type": "Application*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a static IP address to an instance", - "privilege": "AttachStaticIp", + "description": "Grants permission to delete a runtime environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Instance*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StaticIp*" + "dependent_actions": [ + "elasticloadbalancing:DeleteLoadBalancer" + ], + "resource_type": "Environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to close a public port of an instance", - "privilege": "CloseInstancePublicPorts", + "access_level": "Read", + "description": "Grants permission to retrieve an application", + "privilege": "GetApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to copy a snapshot from one AWS Region to another in Amazon Lightsail", - "privilege": "CopySnapshot", + "access_level": "Read", + "description": "Grants permission to retrieve an application version", + "privilege": "GetApplicationVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Lightsail bucket", - "privilege": "CreateBucket", + "access_level": "Read", + "description": "Grants permission to retrieve a batch job execution", + "privilege": "GetBatchJobExecution", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new access key for the specified bucket", - "privilege": "CreateBucketAccessKey", + "access_level": "Read", + "description": "Grants permission to retrieve data set details", + "privilege": "GetDataSetDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket*" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an SSL/TLS certificate", - "privilege": "CreateCertificate", + "access_level": "Read", + "description": "Grants permission to retrieve a data set import task", + "privilege": "GetDataSetImportTask", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "lightsail:CreateDomainEntry", - "lightsail:GetDomains" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new Amazon EC2 instance from an exported Amazon Lightsail snapshot", - "privilege": "CreateCloudFormationStack", + "access_level": "Read", + "description": "Grants permission to retrieve a deployment", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an email or SMS text message contact method", - "privilege": "CreateContactMethod", + "access_level": "Read", + "description": "Grants permission to retrieve a runtime environment", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Environment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Lightsail container service", - "privilege": "CreateContainerService", + "access_level": "Read", + "description": "Grants permission to create a signed Bluinsights url", + "privilege": "GetSignedBluinsightsUrl", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a deployment for your Amazon Lightsail container service", - "privilege": "CreateContainerServiceDeployment", + "access_level": "Read", + "description": "Grants permission to list the versions of an application", + "privilege": "ListApplicationVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ContainerService*" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a temporary set of log in credentials that you can use to log in to the Docker process on your local machine", - "privilege": "CreateContainerServiceRegistryLogin", + "access_level": "List", + "description": "Grants permission to list applications", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], @@ -150455,172 +174395,151 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a disk", - "privilege": "CreateDisk", + "access_level": "Read", + "description": "Grants permission to list batch job definitions", + "privilege": "ListBatchJobDefinitions", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a disk from snapshot", - "privilege": "CreateDiskFromSnapshot", + "access_level": "Read", + "description": "Grants permission to list executions for a batch job", + "privilege": "ListBatchJobExecutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DiskSnapshot*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a disk snapshot", - "privilege": "CreateDiskSnapshot", + "access_level": "Read", + "description": "Grants permission to list data set import history", + "privilege": "ListDataSetImportHistory", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Disk" - }, + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list data sets", + "privilege": "ListDataSets", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance" - }, + "resource_type": "Application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list deployments", + "privilege": "ListDeployments", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "CreateDistribution", + "access_level": "Read", + "description": "Grants permission to list engine versions", + "privilege": "ListEngineVersions", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a domain resource for the specified domain name", - "privilege": "CreateDomain", + "access_level": "List", + "description": "Grants permission to list runtime environments", + "privilege": "ListEnvironments", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "route53:DeleteHostedZone", - "route53:GetHostedZone", - "route53:ListHostedZonesByName", - "route53domains:GetDomainDetail", - "route53domains:GetOperationDetail", - "route53domains:ListDomains", - "route53domains:ListOperations", - "route53domains:UpdateDomainNameservers" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create one or more DNS record entries for a domain resource: Address (A), canonical name (CNAME), mail exchanger (MX), name server (NS), start of authority (SOA), service locator (SRV), or text (TXT)", - "privilege": "CreateDomainEntry", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create URLs that are used to access an instance's graphical user interface (GUI) session", - "privilege": "CreateGUISessionAccessDetails", + "description": "Grants permission to start an application", + "privilege": "StartApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "Application*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an instance snapshot", - "privilege": "CreateInstanceSnapshot", + "description": "Grants permission to start a batch job", + "privilege": "StartBatchJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { "access_level": "Write", - "description": "Grants permission to create one or more instances", - "privilege": "CreateInstances", + "description": "Grants permission to stop an application", + "privilege": "StopApplication", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create one or more instances based on an instance snapshot", - "privilege": "CreateInstancesFromSnapshot", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "InstanceSnapshot*" + "resource_type": "Application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Environment" }, { "condition_keys": [ @@ -150633,13 +174552,22 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a key pair used to authenticate and connect to an instance", - "privilege": "CreateKeyPair", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Environment" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -150649,391 +174577,509 @@ }, { "access_level": "Write", - "description": "Grants permission to create a load balancer", - "privilege": "CreateLoadBalancer", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "lightsail:CreateDomainEntry", - "lightsail:GetDomains" + "s3:GetObject", + "s3:ListBucket" ], - "resource_type": "" + "resource_type": "Application*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a load balancer TLS certificate", - "privilege": "CreateLoadBalancerTlsCertificate", + "description": "Grants permission to update a runtime environment", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "lightsail:CreateDomainEntry", - "lightsail:GetDomains" - ], - "resource_type": "LoadBalancer*" + "dependent_actions": [], + "resource_type": "Environment*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:m2:${Region}:${Account}:app/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Application" }, { - "access_level": "Write", - "description": "Grants permission to create a new relational database", - "privilege": "CreateRelationalDatabase", + "arn": "arn:${Partition}:m2:${Region}:${Account}:env/${EnvironmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Environment" + } + ], + "service_name": "AWS Mainframe Modernization Service" + }, + { + "conditions": [], + "prefix": "machinelearning", + "privileges": [ + { + "access_level": "Tagging", + "description": "Adds one or more tags to an object, up to a limit of 10. Each tag consists of a key and an optional value", + "privilege": "AddTags", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batchprediction" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlmodel" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new relational database from a snapshot", - "privilege": "CreateRelationalDatabaseFromSnapshot", + "description": "Generates predictions for a group of observations", + "privilege": "CreateBatchPrediction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabaseSnapshot*" + "resource_type": "batchprediction*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a relational database snapshot", - "privilege": "CreateRelationalDatabaseSnapshot", + "description": "Creates a DataSource object from an Amazon RDS", + "privilege": "CreateDataSourceFromRDS", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an alarm", - "privilege": "DeleteAlarm", + "description": "Creates a DataSource from a database hosted on an Amazon Redshift cluster", + "privilege": "CreateDataSourceFromRedshift", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alarm*" + "resource_type": "datasource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an automatic snapshot of an instance or disk", - "privilege": "DeleteAutoSnapshot", + "description": "Creates a DataSource object from S3", + "privilege": "CreateDataSourceFromS3", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon Lightsail bucket", - "privilege": "DeleteBucket", + "description": "Creates a new Evaluation of an MLModel", + "privilege": "CreateEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket*" + "resource_type": "datasource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an access key for the specified Amazon Lightsail bucket", - "privilege": "DeleteBucketAccessKey", + "description": "Creates a new MLModel", + "privilege": "CreateMLModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket*" + "resource_type": "datasource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an SSL/TLS certificate", - "privilege": "DeleteCertificate", + "description": "Creates a real-time endpoint for the MLModel", + "privilege": "CreateRealtimeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Certificate*" + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a contact method", - "privilege": "DeleteContactMethod", + "description": "Assigns the DELETED status to a BatchPrediction, rendering it unusable", + "privilege": "DeleteBatchPrediction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batchprediction*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a container image that is registered to your Amazon Lightsail container service", - "privilege": "DeleteContainerImage", + "description": "Assigns the DELETED status to a DataSource, rendering it unusable", + "privilege": "DeleteDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ContainerService*" + "resource_type": "datasource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete your Amazon Lightsail container service", - "privilege": "DeleteContainerService", + "description": "Assigns the DELETED status to an Evaluation, rendering it unusable", + "privilege": "DeleteEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ContainerService*" + "resource_type": "evaluation*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a disk", - "privilege": "DeleteDisk", + "description": "Assigns the DELETED status to an MLModel, rendering it unusable", + "privilege": "DeleteMLModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Disk*" + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a disk snapshot", - "privilege": "DeleteDiskSnapshot", + "description": "Deletes a real time endpoint of an MLModel", + "privilege": "DeleteRealtimeEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "DiskSnapshot*" + "resource_type": "mlmodel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete your Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "DeleteDistribution", + "access_level": "Tagging", + "description": "Deletes the specified tags associated with an ML object. After this operation is complete, you can't recover deleted tags", + "privilege": "DeleteTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Distribution*" + "resource_type": "batchprediction" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlmodel" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a domain resource and all of its DNS records", - "privilege": "DeleteDomain", + "access_level": "List", + "description": "Returns a list of BatchPrediction operations that match the search criteria in the request", + "privilege": "DescribeBatchPredictions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a DNS record entry for a domain resource", - "privilege": "DeleteDomainEntry", + "access_level": "List", + "description": "Returns a list of DataSource that match the search criteria in the request", + "privilege": "DescribeDataSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an instance", - "privilege": "DeleteInstance", + "access_level": "List", + "description": "Returns a list of DescribeEvaluations that match the search criteria in the request", + "privilege": "DescribeEvaluations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an instance snapshot", - "privilege": "DeleteInstanceSnapshot", + "access_level": "List", + "description": "Returns a list of MLModel that match the search criteria in the request", + "privilege": "DescribeMLModels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "InstanceSnapshot*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a key pair used to authenticate and connect to an instance", - "privilege": "DeleteKeyPair", + "access_level": "List", + "description": "Describes one or more of the tags for your Amazon ML object", + "privilege": "DescribeTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "KeyPair*" + "resource_type": "batchprediction" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "evaluation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "mlmodel" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the known host key or certificate used by the Amazon Lightsail browser-based SSH or RDP clients to authenticate an instance", - "privilege": "DeleteKnownHostKeys", + "access_level": "Read", + "description": "Returns a BatchPrediction that includes detailed metadata, status, and data file information", + "privilege": "GetBatchPrediction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "batchprediction*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a load balancer", - "privilege": "DeleteLoadBalancer", + "access_level": "Read", + "description": "Returns a DataSource that includes metadata and data file information, as well as the current status of the DataSource", + "privilege": "GetDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LoadBalancer*" + "resource_type": "datasource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a load balancer TLS certificate", - "privilege": "DeleteLoadBalancerTlsCertificate", + "access_level": "Read", + "description": "Returns an Evaluation that includes metadata as well as the current status of the Evaluation", + "privilege": "GetEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LoadBalancer*" + "resource_type": "datasource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a relational database", - "privilege": "DeleteRelationalDatabase", + "access_level": "Read", + "description": "Returns an MLModel that includes detailed metadata, and data source information as well as the current status of the MLModel", + "privilege": "GetMLModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a relational database snapshot", - "privilege": "DeleteRelationalDatabaseSnapshot", + "description": "Generates a prediction for the observation using the specified ML Model", + "privilege": "Predict", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabaseSnapshot*" + "resource_type": "mlmodel*" } ] }, { "access_level": "Write", - "description": "Grants permission to detach an SSL/TLS certificate from your Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "DetachCertificateFromDistribution", + "description": "Updates the BatchPredictionName of a BatchPrediction", + "privilege": "UpdateBatchPrediction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Distribution*" + "resource_type": "batchprediction*" } ] }, { "access_level": "Write", - "description": "Grants permission to detach a disk from an instance", - "privilege": "DetachDisk", + "description": "Updates the DataSourceName of a DataSource", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Disk*" + "resource_type": "datasource*" } ] }, { "access_level": "Write", - "description": "Grants permission to detach one or more instances from a load balancer", - "privilege": "DetachInstancesFromLoadBalancer", + "description": "Updates the EvaluationName of an Evaluation", + "privilege": "UpdateEvaluation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LoadBalancer*" + "resource_type": "evaluation*" } ] }, { "access_level": "Write", - "description": "Grants permission to detach a static IP from an instance to which it is attached", - "privilege": "DetachStaticIp", + "description": "Updates the MLModelName and the ScoreThreshold of an MLModel", + "privilege": "UpdateMLModel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StaticIp*" + "resource_type": "mlmodel*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:batchprediction/${BatchPredictionId}", + "condition_keys": [], + "resource": "batchprediction" + }, + { + "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:datasource/${DatasourceId}", + "condition_keys": [], + "resource": "datasource" + }, + { + "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:evaluation/${EvaluationId}", + "condition_keys": [], + "resource": "evaluation" + }, + { + "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:mlmodel/${MlModelId}", + "condition_keys": [], + "resource": "mlmodel" + } + ], + "service_name": "Amazon Machine Learning" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "macie2", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to disable an add-on for an Amazon Lightsail resource", - "privilege": "DisableAddOn", + "description": "Grants permission to accept an Amazon Macie membership invitation", + "privilege": "AcceptInvitation", "resource_types": [ { "condition_keys": [], @@ -151043,65 +175089,96 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to download the default key pair used to authenticate and connect to instances in a specific AWS Region", - "privilege": "DownloadDefaultKeyPair", + "access_level": "Read", + "description": "Grants permission to retrieve information about one or more custom data identifiers", + "privilege": "BatchGetCustomDataIdentifiers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "CustomDataIdentifier*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and define the settings for an allow list", + "privilege": "CreateAllowList", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to enable or modify an add-on for an Amazon Lightsail resource", - "privilege": "EnableAddOn", + "description": "Grants permission to create and define the settings for a sensitive data discovery job", + "privilege": "CreateClassificationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ClassificationJob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to export an Amazon Lightsail snapshot to Amazon EC2", - "privilege": "ExportSnapshot", + "description": "Grants permission to create and define the settings for a custom data identifier", + "privilege": "CreateCustomDataIdentifier", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "iam:PutRolePolicy" - ], - "resource_type": "DiskSnapshot" + "dependent_actions": [], + "resource_type": "CustomDataIdentifier*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "InstanceSnapshot" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the names of all active (not deleted) resources", - "privilege": "GetActiveNames", + "access_level": "Write", + "description": "Grants permission to create and define the settings for a findings filter", + "privilege": "CreateFindingsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "FindingsFilter*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about the configured alarms", - "privilege": "GetAlarms", + "access_level": "Write", + "description": "Grants permission to send an Amazon Macie membership invitation", + "privilege": "CreateInvitations", "resource_types": [ { "condition_keys": [], @@ -151111,21 +175188,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the available automatic snapshots for an instance or disk", - "privilege": "GetAutoSnapshots", + "access_level": "Write", + "description": "Grants permission to associate an account with an Amazon Macie administrator account", + "privilege": "CreateMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Member*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of instance images, or blueprints. You can use a blueprint to create a new instance already running a specific operating system, as well as a pre-installed application or development stack. The software that runs on your instance depends on the blueprint you define when creating the instance", - "privilege": "GetBlueprints", + "access_level": "Write", + "description": "Grants permission to create sample findings", + "privilege": "CreateSampleFindings", "resource_types": [ { "condition_keys": [], @@ -151135,9 +175220,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the existing access key IDs for the specified Amazon Lightsail bucket", - "privilege": "GetBucketAccessKeys", + "access_level": "Write", + "description": "Grants permission to decline Amazon Macie membership invitations", + "privilege": "DeclineInvitations", "resource_types": [ { "condition_keys": [], @@ -151147,45 +175232,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the bundles that can be applied to an Amazon Lightsail bucket", - "privilege": "GetBucketBundles", + "access_level": "Write", + "description": "Grants permission to delete an allow list", + "privilege": "DeleteAllowList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AllowList*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the data points of a specific metric for an Amazon Lightsail bucket", - "privilege": "GetBucketMetricData", + "access_level": "Write", + "description": "Grants permission to delete a custom data identifier", + "privilege": "DeleteCustomDataIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "CustomDataIdentifier*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about one or more Amazon Lightsail buckets", - "privilege": "GetBuckets", + "access_level": "Write", + "description": "Grants permission to delete a findings filter", + "privilege": "DeleteFindingsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "FindingsFilter*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of instance bundles. You can use a bundle to create a new instance with a set of performance specifications, such as CPU count, disk size, RAM size, and network transfer allowance. The cost of your instance depends on the bundle you define when creating the instance", - "privilege": "GetBundles", + "access_level": "Write", + "description": "Grants permission to delete Amazon Macie membership invitations", + "privilege": "DeleteInvitations", "resource_types": [ { "condition_keys": [], @@ -151195,21 +175280,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view information about one or more Amazon Lightsail SSL/TLS certificates", - "privilege": "GetCertificates", + "access_level": "Write", + "description": "Grants permission to delete the association between an Amazon Macie administrator account and an account", + "privilege": "DeleteMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Member*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about all CloudFormation stacks used to create Amazon EC2 resources from exported Amazon Lightsail snapshots", - "privilege": "GetCloudFormationStackRecords", + "description": "Grants permission to retrieve statistical data and other information about S3 buckets that Amazon Macie monitors and analyzes", + "privilege": "DescribeBuckets", "resource_types": [ { "condition_keys": [], @@ -151220,20 +175305,20 @@ }, { "access_level": "Read", - "description": "Grants permission to view information about the configured contact methods", - "privilege": "GetContactMethods", + "description": "Grants permission to retrieve information about the status and settings for a sensitive data discovery job", + "privilege": "DescribeClassificationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "ClassificationJob*" } ] }, { "access_level": "Read", - "description": "Grants permission to view information about Amazon Lightsail containers, such as the current version of the Lightsail Control (lightsailctl) plugin", - "privilege": "GetContainerAPIMetadata", + "description": "Grants permission to retrieve information about the Amazon Macie configuration settings for an AWS organization", + "privilege": "DescribeOrganizationConfiguration", "resource_types": [ { "condition_keys": [], @@ -151243,9 +175328,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the container images that are registered to your Amazon Lightsail container service", - "privilege": "GetContainerImages", + "access_level": "Write", + "description": "Grants permission to disable an Amazon Macie account, which also deletes Macie resources for the account", + "privilege": "DisableMacie", "resource_types": [ { "condition_keys": [], @@ -151255,9 +175340,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the log events of a container of your Amazon Lightsail container service", - "privilege": "GetContainerLog", + "access_level": "Write", + "description": "Grants permission to disable an account as the delegated Amazon Macie administrator account for an AWS organization", + "privilege": "DisableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], @@ -151267,9 +175352,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the deployments for your Amazon Lightsail container service", - "privilege": "GetContainerServiceDeployments", + "access_level": "Write", + "description": "Grants permission to an Amazon Macie member account to disassociate from its Macie administrator account", + "privilege": "DisassociateFromAdministratorAccount", "resource_types": [ { "condition_keys": [], @@ -151279,9 +175364,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the data points of a specific metric of your Amazon Lightsail container service", - "privilege": "GetContainerServiceMetricData", + "access_level": "Write", + "description": "Grants permission to an Amazon Macie member account to disassociate from its Macie administrator account", + "privilege": "DisassociateFromMasterAccount", "resource_types": [ { "condition_keys": [], @@ -151291,21 +175376,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to view the list of powers that can be specified for your Amazon Lightsail container services", - "privilege": "GetContainerServicePowers", + "access_level": "Write", + "description": "Grants permission to an Amazon Macie administrator account to disassociate from a Macie member account", + "privilege": "DisassociateMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Member*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view information about one or more of your Amazon Lightsail container services", - "privilege": "GetContainerServices", + "access_level": "Write", + "description": "Grants permission to enable and specify the configuration settings for a new Amazon Macie account", + "privilege": "EnableMacie", "resource_types": [ { "condition_keys": [], @@ -151315,38 +175400,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the information about the cost estimate for a specified resource", - "privilege": "GetCostEstimate", + "access_level": "Write", + "description": "Grants permission to enable an account as the delegated Amazon Macie administrator account for an AWS organization", + "privilege": "EnableOrganizationAdminAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Disk" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Macie administrator account for an account", + "privilege": "GetAdministratorAccount", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a disk", - "privilege": "GetDisk", + "access_level": "Read", + "description": "Grants permission to retrieve the settings and status of an allow list", + "privilege": "GetAllowList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AllowList*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a disk snapshot", - "privilege": "GetDiskSnapshot", + "description": "Grants permission to retrieve the configuration settings and status of automated sensitive data discovery for an account", + "privilege": "GetAutomatedDiscoveryConfiguration", "resource_types": [ { "condition_keys": [], @@ -151357,8 +175449,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about all disk snapshots", - "privilege": "GetDiskSnapshots", + "description": "Grants permission to retrieve aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes", + "privilege": "GetBucketStatistics", "resource_types": [ { "condition_keys": [], @@ -151369,8 +175461,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about all disks", - "privilege": "GetDisks", + "description": "Grants permission to retrieve the settings for exporting sensitive data discovery results", + "privilege": "GetClassificationExportConfiguration", "resource_types": [ { "condition_keys": [], @@ -151381,8 +175473,8 @@ }, { "access_level": "Read", - "description": "Grants permission to view the list of bundles that can be applied to you Amazon Lightsail content delivery network (CDN) distributions", - "privilege": "GetDistributionBundles", + "description": "Grants permission to retrieve the classification scope settings for an account", + "privilege": "GetClassificationScope", "resource_types": [ { "condition_keys": [], @@ -151393,20 +175485,20 @@ }, { "access_level": "Read", - "description": "Grants permission to view the timestamp and status of the last cache reset of a specific Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "GetDistributionLatestCacheReset", + "description": "Grants permission to retrieve information about the settings for a custom data identifier", + "privilege": "GetCustomDataIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "CustomDataIdentifier*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the data points of a specific metric for an Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "GetDistributionMetricData", + "description": "Grants permission to retrieve aggregated statistical data about findings", + "privilege": "GetFindingStatistics", "resource_types": [ { "condition_keys": [], @@ -151417,8 +175509,8 @@ }, { "access_level": "Read", - "description": "Grants permission to view information about one or more of your Amazon Lightsail content delivery network (CDN) distributions", - "privilege": "GetDistributions", + "description": "Grants permission to retrieve the details of one or more findings", + "privilege": "GetFindings", "resource_types": [ { "condition_keys": [], @@ -151429,20 +175521,20 @@ }, { "access_level": "Read", - "description": "Grants permission to get DNS records for a domain resource", - "privilege": "GetDomain", + "description": "Grants permission to retrieve information about the settings for a findings filter", + "privilege": "GetFindingsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "FindingsFilter*" } ] }, { "access_level": "Read", - "description": "Grants permission to get DNS records for all domain resources", - "privilege": "GetDomains", + "description": "Grants permission to retrieve the configuration settings for publishing findings to AWS Security Hub", + "privilege": "GetFindingsPublicationConfiguration", "resource_types": [ { "condition_keys": [], @@ -151453,8 +175545,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about all records of exported Amazon Lightsail snapshots to Amazon EC2", - "privilege": "GetExportSnapshotRecords", + "description": "Grants permission to retrieve the count of Amazon Macie membership invitations that were received by an account", + "privilege": "GetInvitationsCount", "resource_types": [ { "condition_keys": [], @@ -151465,8 +175557,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about an instance", - "privilege": "GetInstance", + "description": "Grants permission to retrieve information about the status and configuration settings for an Amazon Macie account", + "privilege": "GetMacieSession", "resource_types": [ { "condition_keys": [], @@ -151476,33 +175568,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to get temporary keys you can use to authenticate and connect to an instance", - "privilege": "GetInstanceAccessDetails", + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Macie administrator account for an account", + "privilege": "GetMasterAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the data points for the specified metric of an instance", - "privilege": "GetInstanceMetricData", + "description": "Grants permission to retrieve information about an account that's associated with an Amazon Macie administrator account", + "privilege": "GetMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Member*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the port states of an instance", - "privilege": "GetInstancePortStates", + "description": "Grants permission to retrieve sensitive data discovery statistics and the sensitivity score for an S3 bucket", + "privilege": "GetResourceProfile", "resource_types": [ { "condition_keys": [], @@ -151513,8 +175605,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about an instance snapshot", - "privilege": "GetInstanceSnapshot", + "description": "Grants permission to retrieve the status and configuration settings for retrieving occurrences of sensitive data reported by findings", + "privilege": "GetRevealConfiguration", "resource_types": [ { "condition_keys": [], @@ -151525,8 +175617,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about all instance snapshots", - "privilege": "GetInstanceSnapshots", + "description": "Grants permission to retrieve occurrences of sensitive data reported by a finding", + "privilege": "GetSensitiveDataOccurrences", "resource_types": [ { "condition_keys": [], @@ -151537,8 +175629,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get the state of an instance", - "privilege": "GetInstanceState", + "description": "Grants permission to check whether occurrences of sensitive data can be retrieved for a finding", + "privilege": "GetSensitiveDataOccurrencesAvailability", "resource_types": [ { "condition_keys": [], @@ -151549,8 +175641,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about all instances", - "privilege": "GetInstances", + "description": "Grants permission to retrieve the sensitivity inspection template settings for an account", + "privilege": "GetSensitivityInspectionTemplate", "resource_types": [ { "condition_keys": [], @@ -151561,8 +175653,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about a key pair", - "privilege": "GetKeyPair", + "description": "Grants permission to retrieve quotas and aggregated usage data for one or more accounts", + "privilege": "GetUsageStatistics", "resource_types": [ { "condition_keys": [], @@ -151573,8 +175665,8 @@ }, { "access_level": "Read", - "description": "Grants permission to get information about all key pairs", - "privilege": "GetKeyPairs", + "description": "Grants permission to retrieve aggregated usage data for an account", + "privilege": "GetUsageTotals", "resource_types": [ { "condition_keys": [], @@ -151584,9 +175676,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a load balancer", - "privilege": "GetLoadBalancer", + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about all the allow lists for an account", + "privilege": "ListAllowLists", "resource_types": [ { "condition_keys": [], @@ -151596,9 +175688,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the data points for the specified metric of a load balancer", - "privilege": "GetLoadBalancerMetricData", + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about the status and settings for one or more sensitive data discovery jobs", + "privilege": "ListClassificationJobs", "resource_types": [ { "condition_keys": [], @@ -151608,9 +175700,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a load balancer's TLS certificates", - "privilege": "GetLoadBalancerTlsCertificates", + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about the classification scope for an account", + "privilege": "ListClassificationScopes", "resource_types": [ { "condition_keys": [], @@ -151620,9 +175712,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of TLS security policies that you can apply to Lightsail load balancers", - "privilege": "GetLoadBalancerTlsPolicies", + "access_level": "List", + "description": "Grants permission to retrieve information about all custom data identifiers", + "privilege": "ListCustomDataIdentifiers", "resource_types": [ { "condition_keys": [], @@ -151632,9 +175724,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about load balancers", - "privilege": "GetLoadBalancers", + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about one or more findings", + "privilege": "ListFindings", "resource_types": [ { "condition_keys": [], @@ -151644,9 +175736,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an operation. Operations include events such as when you create an instance, allocate a static IP, attach a static IP, and so on", - "privilege": "GetOperation", + "access_level": "List", + "description": "Grants permission to retrieve information about all findings filters", + "privilege": "ListFindingsFilters", "resource_types": [ { "condition_keys": [], @@ -151656,9 +175748,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about all operations. Operations include events such as when you create an instance, allocate a static IP, attach a static IP, and so on", - "privilege": "GetOperations", + "access_level": "List", + "description": "Grants permission to retrieve information about all the Amazon Macie membership invitations that were received by an account", + "privilege": "ListInvitations", "resource_types": [ { "condition_keys": [], @@ -151668,9 +175760,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get operations for a resource", - "privilege": "GetOperationsForResource", + "access_level": "List", + "description": "Grants permission to retrieve information about managed data identifiers", + "privilege": "ListManagedDataIdentifiers", "resource_types": [ { "condition_keys": [], @@ -151680,9 +175772,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of all valid AWS Regions for Amazon Lightsail", - "privilege": "GetRegions", + "access_level": "List", + "description": "Grants permission to retrieve information about the Amazon Macie member accounts that are associated with a Macie administrator account", + "privilege": "ListMembers", "resource_types": [ { "condition_keys": [], @@ -151692,9 +175784,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a relational database", - "privilege": "GetRelationalDatabase", + "access_level": "List", + "description": "Grants permission to retrieve information about the delegated, Amazon Macie administrator account for an AWS organization", + "privilege": "ListOrganizationAdminAccounts", "resource_types": [ { "condition_keys": [], @@ -151704,9 +175796,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of relational database images, or blueprints. You can use a blueprint to create a new database running a specific database engine. The database engine that runs on your database depends on the blueprint you define when creating the relational database", - "privilege": "GetRelationalDatabaseBlueprints", + "access_level": "List", + "description": "Grants permission to retrieve information about objects that were selected from an S3 bucket for automated sensitive data discovery", + "privilege": "ListResourceProfileArtifacts", "resource_types": [ { "condition_keys": [], @@ -151716,9 +175808,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of relational database bundles. You can use a bundle to create a new database with a set of performance specifications, such as CPU count, disk size, RAM size, network transfer allowance, and standard of high availability. The cost of your database depends on the bundle you define when creating the relational database", - "privilege": "GetRelationalDatabaseBundles", + "access_level": "List", + "description": "Grants permission to retrieve information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket", + "privilege": "ListResourceProfileDetections", "resource_types": [ { "condition_keys": [], @@ -151728,9 +175820,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get events for a relational database", - "privilege": "GetRelationalDatabaseEvents", + "access_level": "List", + "description": "Grants permission to retrieve a subset of information about the sensitivity inspection template for an account", + "privilege": "ListSensitivityInspectionTemplates", "resource_types": [ { "condition_keys": [], @@ -151741,20 +175833,40 @@ }, { "access_level": "Read", - "description": "Grants permission to get events for the specified log stream of a relational database", - "privilege": "GetRelationalDatabaseLogEvents", + "description": "Grants permission to retrieve the tags for an Amazon Macie resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AllowList" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ClassificationJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CustomDataIdentifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FindingsFilter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Member" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the log streams available for a relational database", - "privilege": "GetRelationalDatabaseLogStreams", + "access_level": "Write", + "description": "Grants permission to create or update the settings for storing sensitive data discovery results", + "privilege": "PutClassificationExportConfiguration", "resource_types": [ { "condition_keys": [], @@ -151765,20 +175877,20 @@ }, { "access_level": "Write", - "description": "Grants permission to get the master user password of a relational database", - "privilege": "GetRelationalDatabaseMasterUserPassword", + "description": "Grants permission to update the configuration settings for publishing findings to AWS Security Hub", + "privilege": "PutFindingsPublicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get the data points for the specified metric of a relational database", - "privilege": "GetRelationalDatabaseMetricData", + "description": "Grants permission to retrieve statistical data and other information about AWS resources that Amazon Macie monitors and analyzes", + "privilege": "SearchResources", "resource_types": [ { "condition_keys": [], @@ -151788,21 +175900,49 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the parameters of a relational database", - "privilege": "GetRelationalDatabaseParameters", + "access_level": "Tagging", + "description": "Grants permission to add or update the tags for an Amazon Macie resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "AllowList" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ClassificationJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CustomDataIdentifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FindingsFilter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Member" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a relational database snapshot", - "privilege": "GetRelationalDatabaseSnapshot", + "access_level": "Write", + "description": "Grants permission to test a custom data identifier", + "privilege": "TestCustomDataIdentifier", "resource_types": [ { "condition_keys": [], @@ -151812,33 +175952,60 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about all relational database snapshots", - "privilege": "GetRelationalDatabaseSnapshots", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon Macie resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "AllowList" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ClassificationJob" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "CustomDataIdentifier" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "FindingsFilter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Member" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about all relational databases", - "privilege": "GetRelationalDatabases", + "access_level": "Write", + "description": "Grants permission to update the settings for an allow list", + "privilege": "UpdateAllowList", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AllowList*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about a static IP", - "privilege": "GetStaticIp", + "access_level": "Write", + "description": "Grants permission to enable or disable automated sensitive data discovery for an account", + "privilege": "UpdateAutomatedDiscoveryConfiguration", "resource_types": [ { "condition_keys": [], @@ -151848,21 +176015,29 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get information about all static IPs", - "privilege": "GetStaticIps", + "access_level": "Write", + "description": "Grants permission to change the status of a sensitive data discovery job", + "privilege": "UpdateClassificationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "ClassificationJob*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to import a public key from a key pair", - "privilege": "ImportKeyPair", + "description": "Grants permission to update the classification scope settings for an account", + "privilege": "UpdateClassificationScope", "resource_types": [ { "condition_keys": [], @@ -151872,33 +176047,41 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a boolean value indicating whether the Amazon Lightsail virtual private cloud (VPC) is peered", - "privilege": "IsVpcPeered", + "access_level": "Write", + "description": "Grants permission to update the settings for a findings filter", + "privilege": "UpdateFindingsFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "FindingsFilter*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add, or open a public port of an instance", - "privilege": "OpenInstancePublicPorts", + "description": "Grants permission to suspend or re-enable an Amazon Macie account, or update the configuration settings for a Macie account", + "privilege": "UpdateMacieSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to try to peer the Amazon Lightsail virtual private cloud (VPC) with the default VPC", - "privilege": "PeerVpc", + "description": "Grants permission to an Amazon Macie administrator account to suspend or re-enable a Macie member account", + "privilege": "UpdateMemberSession", "resource_types": [ { "condition_keys": [], @@ -151909,312 +176092,337 @@ }, { "access_level": "Write", - "description": "Grants permission to creates or update an alarm, and associate it with the specified metric", - "privilege": "PutAlarm", + "description": "Grants permission to update Amazon Macie configuration settings for an AWS organization", + "privilege": "UpdateOrganizationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alarm*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the specified open ports for an instance, and closes all ports for every protocol not included in the request", - "privilege": "PutInstancePublicPorts", + "description": "Grants permission to update the sensitivity score for an S3 bucket", + "privilege": "UpdateResourceProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reboot an instance that is in a running state", - "privilege": "RebootInstance", + "description": "Grants permission to update the sensitivity scoring settings for an S3 bucket", + "privilege": "UpdateResourceProfileDetections", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reboot a relational database that is in a running state", - "privilege": "RebootRelationalDatabase", + "description": "Grants permission to update the status and configuration settings for retrieving occurrences of sensitive data reported by findings", + "privilege": "UpdateRevealConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register a container image to your Amazon Lightsail container service", - "privilege": "RegisterContainerImage", + "description": "Grants permission to update the sensitivity inspection template settings for an account", + "privilege": "UpdateSensitivityInspectionTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ContainerService*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:macie2:${Region}:${Account}:allow-list/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "AllowList" + }, + { + "arn": "arn:${Partition}:macie2:${Region}:${Account}:classification-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ClassificationJob" + }, + { + "arn": "arn:${Partition}:macie2:${Region}:${Account}:custom-data-identifier/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "CustomDataIdentifier" + }, + { + "arn": "arn:${Partition}:macie2:${Region}:${Account}:findings-filter/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "FindingsFilter" + }, + { + "arn": "arn:${Partition}:macie2:${Region}:${Account}:member/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Member" + } + ], + "service_name": "Amazon Macie" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on the tags associated with an Amazon Managed Blockchain resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "managedblockchain", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a static IP", - "privilege": "ReleaseStaticIp", + "description": "Grants permission to create an Amazon Managed Blockchain accessor", + "privilege": "CreateAccessor", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "StaticIp*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete currently cached content from your Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "ResetDistributionCache", + "description": "Grants permission to create a member of an Amazon Managed Blockchain network", + "privilege": "CreateMember", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "network*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Distribution*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send a verification request to an email contact method to ensure it's owned by the requester", - "privilege": "SendContactMethodVerification", + "description": "Grants permission to create an Amazon Managed Blockchain network", + "privilege": "CreateNetwork", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the IP address type for a Amazon Lightsail resource", - "privilege": "SetIpAddressType", + "description": "Grants permission to create a node within a member of an Amazon Managed Blockchain network", + "privilege": "CreateNode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Distribution" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "member" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance" + "resource_type": "network" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "LoadBalancer" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to set the Amazon Lightsail resources that can access the specified Amazon Lightsail bucket", - "privilege": "SetResourceAccessForBucket", + "description": "Grants permission to create a proposal that other blockchain network members can vote on to add or remove a member in an Amazon Managed Blockchain network", + "privilege": "CreateProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket*" + "resource_type": "network*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to initiate a graphical user interface (GUI) session used to access an instance's operating system or application", - "privilege": "StartGUISession", + "description": "Grants permission to delete an Amazon Managed Blockchain accessor", + "privilege": "DeleteAccessor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "accessor*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an instance that is in a stopped state", - "privilege": "StartInstance", + "description": "Grants permission to delete a member and all associated resources from an Amazon Managed Blockchain network", + "privilege": "DeleteMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "member*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a relational database that is in a stopped state", - "privilege": "StartRelationalDatabase", + "description": "Grants permission to delete a node from a member of an Amazon Managed Blockchain network", + "privilege": "DeleteNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "node*" } ] }, { - "access_level": "Write", - "description": "Grants permission to terminate a graphical user interface (GUI) session used to access an instance's operating system or application", - "privilege": "StopGUISession", + "access_level": "Permissions management", + "description": "Grants permission to send HTTP GET requests to an Ethereum node", + "privilege": "GET", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an instance that is in a running state", - "privilege": "StopInstance", + "access_level": "Read", + "description": "Grants permission to return detailed information about an Amazon Managed Blockchain accessor", + "privilege": "GetAccessor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "accessor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a relational database that is in a running state", - "privilege": "StopRelationalDatabase", + "access_level": "Read", + "description": "Grants permission to return detailed information about a member of an Amazon Managed Blockchain network", + "privilege": "GetMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "member*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to return detailed information about an Amazon Managed Blockchain network", + "privilege": "GetNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Certificate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ContainerService" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Disk" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DiskSnapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Distribution" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceSnapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KeyPair" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "LoadBalancer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelationalDatabase" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelationalDatabaseSnapshot" - }, + "resource_type": "network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return detailed information about a node within a member of an Amazon Managed Blockchain network", + "privilege": "GetNode", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StaticIp" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "node*" } ] }, { - "access_level": "Write", - "description": "Grants permission to test an alarm by displaying a banner on the Amazon Lightsail console or if a notification trigger is configured for the specified alarm, by sending a notification to the notification protocol", - "privilege": "TestAlarm", + "access_level": "Read", + "description": "Grants permission to return detailed information about a proposal of an Amazon Managed Blockchain network", + "privilege": "GetProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alarm*" + "resource_type": "proposal*" } ] }, { - "access_level": "Write", - "description": "Grants permission to try to unpeer the Amazon Lightsail virtual private cloud (VPC) from the default VPC", - "privilege": "UnpeerVpc", + "access_level": "Permissions management", + "description": "Grants permission to create WebSocket connections to an Ethereum node", + "privilege": "Invoke", "resource_types": [ { "condition_keys": [], @@ -152224,374 +176432,183 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to invoke the Bitcoin Mainnet RPCs", + "privilege": "InvokeRpcBitcoinMainnet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Certificate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ContainerService" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Disk" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "DiskSnapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Distribution" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Domain" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Instance" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "InstanceSnapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "KeyPair" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "LoadBalancer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelationalDatabase" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "RelationalDatabaseSnapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StaticIp" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Amazon Lightsail bucket", - "privilege": "UpdateBucket", + "access_level": "Read", + "description": "Grants permission to invoke the Bitcoin Testnet RPCs", + "privilege": "InvokeRpcBitcoinTestnet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the bundle, or storage plan, of an existing Amazon Lightsail bucket", - "privilege": "UpdateBucketBundle", + "access_level": "Read", + "description": "Grants permission to invoke the Polygon Mainnet RPCs", + "privilege": "InvokeRpcPolygonMainnet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bucket*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the configuration of your Amazon Lightsail container service, such as its power, scale, and public domain names", - "privilege": "UpdateContainerService", + "access_level": "Read", + "description": "Grants permission to invoke the Polygon Mumbai Testnet RPCs", + "privilege": "InvokeRpcPolygonMumbaiTestnet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ContainerService*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing Amazon Lightsail content delivery network (CDN) distribution or its configuration", - "privilege": "UpdateDistribution", + "access_level": "List", + "description": "Grants permission to list the Amazon Managed Blockchain accessors owned by the current AWS account", + "privilege": "ListAccessors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Distribution*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the bundle of your Amazon Lightsail content delivery network (CDN) distribution", - "privilege": "UpdateDistributionBundle", + "access_level": "List", + "description": "Grants permission to list the invitations extended to the active AWS account from any Managed Blockchain network", + "privilege": "ListInvitations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Distribution*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a domain recordset after it is created", - "privilege": "UpdateDomainEntry", + "access_level": "List", + "description": "Grants permission to list the members of an Amazon Managed Blockchain network and the properties of their memberships", + "privilege": "ListMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Domain*" + "resource_type": "network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update metadata options for an instance", - "privilege": "UpdateInstanceMetadataOptions", + "access_level": "List", + "description": "Grants permission to list the Amazon Managed Blockchain networks in which the current AWS account participates", + "privilege": "ListNetworks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a load balancer attribute, such as the health check path and session stickiness", - "privilege": "UpdateLoadBalancerAttribute", + "access_level": "List", + "description": "Grants permission to list the nodes within a member of an Amazon Managed Blockchain network", + "privilege": "ListNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LoadBalancer*" + "resource_type": "member" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "network" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a relational database", - "privilege": "UpdateRelationalDatabase", + "access_level": "Read", + "description": "Grants permission to list all votes for a proposal, including the value of the vote and the unique identifier of the member that cast the vote for the given Amazon Managed Blockchain network", + "privilege": "ListProposalVotes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "proposal*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the parameters of a relational database", - "privilege": "UpdateRelationalDatabaseParameters", + "access_level": "List", + "description": "Grants permission to list proposals for the given Amazon Managed Blockchain network", + "privilege": "ListProposals", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "RelationalDatabase*" + "resource_type": "network*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Domain/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Domain" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Instance/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Instance" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:InstanceSnapshot/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "InstanceSnapshot" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:KeyPair/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "KeyPair" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:StaticIp/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "StaticIp" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Disk/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Disk" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:DiskSnapshot/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "DiskSnapshot" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:LoadBalancer/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "LoadBalancer" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:LoadBalancerTlsCertificate/${Id}", - "condition_keys": [], - "resource": "LoadBalancerTlsCertificate" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:ExportSnapshotRecord/${Id}", - "condition_keys": [], - "resource": "ExportSnapshotRecord" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:CloudFormationStackRecord/${Id}", - "condition_keys": [], - "resource": "CloudFormationStackRecord" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:RelationalDatabase/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "RelationalDatabase" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:RelationalDatabaseSnapshot/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "RelationalDatabaseSnapshot" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Alarm/${Id}", - "condition_keys": [], - "resource": "Alarm" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Certificate/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Certificate" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:ContactMethod/${Id}", - "condition_keys": [], - "resource": "ContactMethod" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:ContainerService/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ContainerService" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Distribution/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Distribution" - }, - { - "arn": "arn:${Partition}:lightsail:${Region}:${Account}:Bucket/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Bucket" - } - ], - "service_name": "Amazon Lightsail" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "logs", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group", - "privilege": "AssociateKmsKey", + "access_level": "Read", + "description": "Grants permission to view tags associated with an Amazon Managed Blockchain resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "accessor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "invitation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "member" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "node" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "proposal" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel an export task if it is in PENDING or RUNNING state", - "privilege": "CancelExportTask", + "access_level": "Permissions management", + "description": "Grants permission to send HTTP POST requests to an Ethereum node", + "privilege": "POST", "resource_types": [ { "condition_keys": [], @@ -152602,37 +176619,50 @@ }, { "access_level": "Write", - "description": "Grants permission to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket", - "privilege": "CreateExportTask", + "description": "Grants permission to reject the invitation to join the blockchain network", + "privilege": "RejectInvitation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "invitation*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create the log delivery", - "privilege": "CreateLogDelivery", + "access_level": "Tagging", + "description": "Grants permission to add tags to an Amazon Managed Blockchain resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new log group with the specified name", - "privilege": "CreateLogGroup", - "resource_types": [ + "resource_type": "accessor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "invitation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "member" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "node" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "proposal" }, { "condition_keys": [ @@ -152645,153 +176675,144 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a new log stream with the specified name", - "privilege": "CreateLogStream", + "access_level": "Tagging", + "description": "Grants permission to remove tags from an Amazon Managed Blockchain resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a data protection policy attached to an account", - "privilege": "DeleteAccountPolicy", - "resource_types": [ + "resource_type": "accessor" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a data protection policy attached to a log group", - "privilege": "DeleteDataProtectionPolicy", - "resource_types": [ + "resource_type": "invitation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the destination with the specified name", - "privilege": "DeleteDestination", - "resource_types": [ + "resource_type": "member" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the log delivery information for specified log delivery", - "privilege": "DeleteLogDelivery", - "resource_types": [ + "resource_type": "network" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the log group with the specified name", - "privilege": "DeleteLogGroup", - "resource_types": [ + "resource_type": "node" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "proposal" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a log stream", - "privilege": "DeleteLogStream", + "description": "Grants permission to update a member of an Amazon Managed Blockchain network", + "privilege": "UpdateMember", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-stream*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "member*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a metric filter associated with the specified log group", - "privilege": "DeleteMetricFilter", + "description": "Grants permission to update a node from a member of an Amazon Managed Blockchain network", + "privilege": "UpdateNode", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-group*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "node*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a saved CloudWatch Logs Insights query definition", - "privilege": "DeleteQueryDefinition", + "description": "Grants permission to cast a vote for a proposal on behalf of the blockchain network member specified", + "privilege": "VoteOnProposal", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "proposal*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:managedblockchain:${Region}::networks/${NetworkId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "network" }, { - "access_level": "Permissions management", - "description": "Grants permission to delete a resource policy from this account", - "privilege": "DeleteResourcePolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:members/${MemberId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "member" }, { - "access_level": "Write", - "description": "Grants permission to delete the retention policy of the specified log group", - "privilege": "DeleteRetentionPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-group*" - } - ] + "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:nodes/${NodeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "node" }, { - "access_level": "Write", - "description": "Grants permission to delete a subscription filter associated with the specified log group", - "privilege": "DeleteSubscriptionFilter", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-group*" - } - ] + "arn": "arn:${Partition}:managedblockchain:${Region}::proposals/${ProposalId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "proposal" }, { - "access_level": "List", - "description": "Grants permission to retrieve a data protection policy attached to an account", - "privilege": "DescribeAccountPolicies", + "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:invitations/${InvitationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "invitation" + }, + { + "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:accessors/${AccessorId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "accessor" + } + ], + "service_name": "Amazon Managed Blockchain" + }, + { + "conditions": [], + "prefix": "managedblockchain-query", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to batch calls for GetTokenBalance API", + "privilege": "BatchGetTokenBalance", "resource_types": [ { "condition_keys": [], @@ -152801,9 +176822,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return all the destinations that are associated with the AWS account making the request", - "privilege": "DescribeDestinations", + "access_level": "Read", + "description": "Grants permission to fetch information about a contract on the blockchain", + "privilege": "GetAssetContract", "resource_types": [ { "condition_keys": [], @@ -152813,9 +176834,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return all the export tasks that are associated with the AWS account making the request", - "privilege": "DescribeExportTasks", + "access_level": "Read", + "description": "Grants permission to retrieve balance of a token for an address on the blockchain", + "privilege": "GetTokenBalance", "resource_types": [ { "condition_keys": [], @@ -152825,9 +176846,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to return all the log groups that are associated with the AWS account making the request", - "privilege": "DescribeLogGroups", + "access_level": "Read", + "description": "Grants permission to retrieve a transaction on the blockchain", + "privilege": "GetTransaction", "resource_types": [ { "condition_keys": [], @@ -152838,32 +176859,32 @@ }, { "access_level": "List", - "description": "Grants permission to return all the log streams that are associated with the specified log group", - "privilege": "DescribeLogStreams", + "description": "Grants permission to fetch multiple contracts on the blockchain", + "privilege": "ListAssetContracts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return all the metrics filters associated with the specified log group", - "privilege": "DescribeMetricFilters", + "description": "Grants permission to retrieve events on the blockchain with additional filters", + "privilege": "ListFilteredTransactionEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account", - "privilege": "DescribeQueries", + "description": "Grants permission to retrieve multiple balances on the blockchain", + "privilege": "ListTokenBalances", "resource_types": [ { "condition_keys": [], @@ -152874,8 +176895,8 @@ }, { "access_level": "List", - "description": "Grants permission to return a paginated list of your saved CloudWatch Logs Insights query definitions", - "privilege": "DescribeQueryDefinitions", + "description": "Grants permission to retrieve events in a transaction on the blockchain", + "privilege": "ListTransactionEvents", "resource_types": [ { "condition_keys": [], @@ -152886,8 +176907,8 @@ }, { "access_level": "List", - "description": "Grants permission to return all the resource policies in this account", - "privilege": "DescribeResourcePolicies", + "description": "Grants permission to retrieve a multiple transactions on a blockchain", + "privilege": "ListTransactions", "resource_types": [ { "condition_keys": [], @@ -152895,59 +176916,81 @@ "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "Amazon Managed Blockchain Query" + }, + { + "conditions": [], + "prefix": "mapcredits", + "privileges": [ { "access_level": "List", - "description": "Grants permission to return all the subscription filters associated with the specified log group", - "privilege": "DescribeSubscriptionFilters", + "description": "Grants permission to view the user's associated Migration Acceleration Program agreements", + "privilege": "ListAssociatedPrograms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "agreement*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group", - "privilege": "DisassociateKmsKey", + "access_level": "List", + "description": "Grants permission to view Migration Acceleration Program agreements credits associated with the user's payer account", + "privilege": "ListQuarterCredits", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "agreement*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve log events, optionally filtered by a filter pattern from the specified log group", - "privilege": "FilterLogEvents", + "access_level": "List", + "description": "Grants permission to view Migration Acceleration Program agreements eligible spend associated with the user's payer account", + "privilege": "ListQuarterSpend", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "agreement*" } ] - }, + } + ], + "resources": [ { - "access_level": "Read", - "description": "Grants permission to retrieve a data protection policy attached to a log group", - "privilege": "GetDataProtectionPolicy", + "arn": "arn:${Partition}:mapcredits:::${Agreement}/${AgreementId}", + "condition_keys": [], + "resource": "agreement" + } + ], + "service_name": "AWS Migration Acceleration Program Credits" + }, + { + "conditions": [], + "prefix": "marketplacecommerceanalytics", + "privileges": [ + { + "access_level": "Write", + "description": "Request a data set to be published to your Amazon S3 bucket.", + "privilege": "GenerateDataSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the log delivery information for specified log delivery", - "privilege": "GetLogDelivery", + "access_level": "Write", + "description": "Request a support data set to be published to your Amazon S3 bucket.", + "privilege": "StartSupportDataExport", "resource_types": [ { "condition_keys": [], @@ -152955,35 +176998,43 @@ "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Marketplace Commerce Analytics Service" + }, + { + "conditions": [], + "prefix": "mechanicalturk", + "privileges": [ { - "access_level": "Read", - "description": "Grants permission to retrieve log events from the specified log stream", - "privilege": "GetLogEvents", + "access_level": "Write", + "description": "The AcceptQualificationRequest operation grants a Worker's request for a Qualification", + "privilege": "AcceptQualificationRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-stream*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field", - "privilege": "GetLogGroupFields", + "access_level": "Write", + "description": "The ApproveAssignment operation approves the results of a completed assignment", + "privilege": "ApproveAssignment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all the fields and values of a single log event", - "privilege": "GetLogRecord", + "access_level": "Write", + "description": "The AssociateQualificationWithWorker operation gives a Worker a Qualification", + "privilege": "AssociateQualificationWithWorker", "resource_types": [ { "condition_keys": [], @@ -152993,9 +177044,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the results from the specified query", - "privilege": "GetQueryResults", + "access_level": "Write", + "description": "The CreateAdditionalAssignmentsForHIT operation increases the maximum number of assignments of an existing HIT", + "privilege": "CreateAdditionalAssignmentsForHIT", "resource_types": [ { "condition_keys": [], @@ -153006,8 +177057,8 @@ }, { "access_level": "Write", - "description": "Grants permission to share CloudWatch resources with a monitoring account", - "privilege": "Link", + "description": "The CreateHIT operation creates a new HIT (Human Intelligence Task)", + "privilege": "CreateHIT", "resource_types": [ { "condition_keys": [], @@ -153017,9 +177068,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the log deliveries for specified account and/or log source", - "privilege": "ListLogDeliveries", + "access_level": "Write", + "description": "The CreateHITType operation creates a new HIT type", + "privilege": "CreateHITType", "resource_types": [ { "condition_keys": [], @@ -153029,38 +177080,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the tags for the specified resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "The CreateHITWithHITType operation creates a new Human Intelligence Task (HIT) using an existing HITTypeID generated by the CreateHITType operation", + "privilege": "CreateHITWithHITType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-group" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the tags for the specified log group", - "privilege": "ListTagsLogGroup", + "access_level": "Write", + "description": "The CreateQualificationType operation creates a new Qualification type, which is represented by a QualificationType data structure", + "privilege": "CreateQualificationType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a data protection policy at account level to detect and redact sensitive information from log events", - "privilege": "PutAccountPolicy", + "description": "The CreateWorkerBlock operation allows you to prevent a Worker from working on your HITs", + "privilege": "CreateWorkerBlock", "resource_types": [ { "condition_keys": [], @@ -153071,33 +177117,23 @@ }, { "access_level": "Write", - "description": "Grants permission to attach a data protection policy to detect and redact sensitive information from log events", - "privilege": "PutDataProtectionPolicy", + "description": "The DeleteHIT operation disposes of a HIT that is no longer needed", + "privilege": "DeleteHIT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a Destination", - "privilege": "PutDestination", + "description": "The DeleteQualificationType disposes a Qualification type and disposes any HIT types that are associated with the Qualification type", + "privilege": "DeleteQualificationType", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "destination*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -153105,44 +177141,44 @@ }, { "access_level": "Write", - "description": "Grants permission to create or update an access policy associated with an existing Destination", - "privilege": "PutDestinationPolicy", + "description": "The DeleteWorkerBlock operation allows you to reinstate a blocked Worker to work on your HITs", + "privilege": "DeleteWorkerBlock", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to upload a batch of log events to the specified log stream", - "privilege": "PutLogEvents", + "description": "The DisassociateQualificationFromWorker revokes a previously granted Qualification from a user", + "privilege": "DisassociateQualificationFromWorker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-stream*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a metric filter and associates it with the specified log group", - "privilege": "PutMetricFilter", + "access_level": "Read", + "description": "The GetAccountBalance operation retrieves the amount of money in your Amazon Mechanical Turk account", + "privilege": "GetAccountBalance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a query definition", - "privilege": "PutQueryDefinition", + "access_level": "Read", + "description": "The GetAssignment retrieves an assignment with an AssignmentStatus value of Submitted, Approved, or Rejected, using the assignment's ID", + "privilege": "GetAssignment", "resource_types": [ { "condition_keys": [], @@ -153152,9 +177188,9 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or update a resource policy allowing other AWS services to put log events to this account", - "privilege": "PutResourcePolicy", + "access_level": "Read", + "description": "The GetFileUploadURL operation generates and returns a temporary URL", + "privilege": "GetFileUploadURL", "resource_types": [ { "condition_keys": [], @@ -153164,40 +177200,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to set the retention of the specified log group", - "privilege": "PutRetentionPolicy", + "access_level": "Read", + "description": "The GetHIT operation retrieves the details of the specified HIT", + "privilege": "GetHIT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create or update a subscription filter and associates it with the specified log group", - "privilege": "PutSubscriptionFilter", + "access_level": "Read", + "description": "The GetQualificationScore operation returns the value of a Worker's Qualification for a given Qualification type", + "privilege": "GetQualificationScore", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "log-group*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to start a livetail session in CloudWatch Logs", - "privilege": "StartLiveTail", + "description": "The GetQualificationType operation retrieves information about a Qualification type using its ID", + "privilege": "GetQualificationType", "resource_types": [ { "condition_keys": [], @@ -153207,21 +177236,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to schedule a query of a log group using CloudWatch Logs Insights", - "privilege": "StartQuery", + "access_level": "List", + "description": "The ListAssignmentsForHIT operation retrieves completed assignments for a HIT", + "privilege": "ListAssignmentsForHIT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to stop a CloudWatch Logs livetail session that is in progress", - "privilege": "StopLiveTail", + "access_level": "List", + "description": "The ListBonusPayments operation retrieves the amounts of bonuses you have paid to Workers for a given HIT or assignment", + "privilege": "ListBonusPayments", "resource_types": [ { "condition_keys": [], @@ -153231,9 +177260,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to stop a CloudWatch Logs Insights query that is in progress", - "privilege": "StopQuery", + "access_level": "List", + "description": "The ListHITs operation returns all of a Requester's HITs", + "privilege": "ListHITs", "resource_types": [ { "condition_keys": [], @@ -153243,54 +177272,33 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update the specified tags for the specified log group", - "privilege": "TagLogGroup", + "access_level": "List", + "description": "The ListHITsForQualificationType operation returns the HITs that use the given QualififcationType for a QualificationRequirement", + "privilege": "ListHITsForQualificationType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update the specified tags for the specified resource", - "privilege": "TagResource", + "access_level": "List", + "description": "The ListQualificationRequests operation retrieves requests for Qualifications of a particular Qualification type", + "privilege": "ListQualificationRequests", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-group" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to test the filter pattern of a metric filter against a sample of log event messages", - "privilege": "TestMetricFilter", + "access_level": "List", + "description": "The ListQualificationTypes operation searches for Qualification types using the specified search query, and returns a list of Qualification types", + "privilege": "ListQualificationTypes", "resource_types": [ { "condition_keys": [], @@ -153300,64 +177308,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to fetch unmasked log events that have been redacted with a data protection policy", - "privilege": "Unmask", + "access_level": "List", + "description": "The ListReviewPolicyResultsForHIT operation retrieves the computed results and the actions taken in the course of executing your Review Policies during a CreateHIT operation", + "privilege": "ListReviewPolicyResultsForHIT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the specified log group", - "privilege": "UntagLogGroup", + "access_level": "List", + "description": "The ListReviewableHITs operation returns all of a Requester's HITs that have not been approved or rejected", + "privilege": "ListReviewableHITs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "log-group*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the specified resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "The ListWorkersBlocks operation retrieves a list of Workers who are blocked from working on your HITs", + "privilege": "ListWorkerBlocks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "destination" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "log-group" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the log delivery information for specified log delivery", - "privilege": "UpdateLogDelivery", + "access_level": "List", + "description": "The ListWorkersWithQualificationType operation returns all of the Workers with a given Qualification type", + "privilege": "ListWorkersWithQualificationType", "resource_types": [ { "condition_keys": [], @@ -153365,303 +177354,223 @@ "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "log-group" - }, - { - "arn": "arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}:log-stream:${LogStreamName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "log-stream" - }, - { - "arn": "arn:${Partition}:logs:${Region}:${Account}:destination:${DestinationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "destination" - } - ], - "service_name": "Amazon CloudWatch Logs" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "lookoutequipment", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateDataset", + "description": "The NotifyWorkers operation sends an email to one or more Workers that you specify with the Worker ID", + "privilege": "NotifyWorkers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an inference scheduler for a trained model", - "privilege": "CreateInferenceScheduler", + "description": "The RejectAssignment operation rejects the results of a completed assignment", + "privilege": "RejectAssignment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a label", - "privilege": "CreateLabel", + "description": "The RejectQualificationRequest operation rejects a user's request for a Qualification", + "privilege": "RejectQualificationRequest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a label group", - "privilege": "CreateLabelGroup", + "description": "The SendBonus operation issues a payment of money from your account to a Worker", + "privilege": "SendBonus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a model that is trained on a dataset", - "privilege": "CreateModel", + "description": "The SendTestEventNotification operation causes Amazon Mechanical Turk to send a notification message as if a HIT event occurred, according to the provided notification specification", + "privilege": "SendTestEventNotification", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "description": "The UpdateExpirationForHIT operation allows you extend the expiration time of a HIT beyond is current expiration or expire a HIT immediately", + "privilege": "UpdateExpirationForHIT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an inference scheduler", - "privilege": "DeleteInferenceScheduler", + "description": "The UpdateHITReviewStatus operation toggles the status of a HIT", + "privilege": "UpdateHITReviewStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a label", - "privilege": "DeleteLabel", + "description": "The UpdateHITTypeOfHIT operation allows you to change the HITType properties of a HIT", + "privilege": "UpdateHITTypeOfHIT", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a label group", - "privilege": "DeleteLabelGroup", + "description": "The UpdateNotificationSettings operation creates, updates, disables or re-enables notifications for a HIT type", + "privilege": "UpdateNotificationSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a model", - "privilege": "DeleteModel", + "description": "The UpdateQualificationType operation modifies the attributes of an existing Qualification type, which is represented by a QualificationType data structure", + "privilege": "UpdateQualificationType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "Amazon Mechanical Turk" + }, + { + "conditions": [], + "prefix": "mediaconnect", + "privileges": [ { - "access_level": "Read", - "description": "Grants permission to describe a data ingestion job", - "privilege": "DescribeDataIngestionJob", + "access_level": "Write", + "description": "Grants permission to add outputs to an existing bridge", + "privilege": "AddBridgeOutputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Bridge*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset", - "privilege": "DescribeDataset", + "access_level": "Write", + "description": "Grants permission to add sources to an existing bridge", + "privilege": "AddBridgeSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "Bridge*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an inference scheduler", - "privilege": "DescribeInferenceScheduler", + "access_level": "Write", + "description": "Grants permission to add media streams to any flow", + "privilege": "AddFlowMediaStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a label group", - "privilege": "DescribeLabelGroup", + "access_level": "Write", + "description": "Grants permission to add outputs to any flow", + "privilege": "AddFlowOutputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a model", - "privilege": "DescribeModel", + "access_level": "Write", + "description": "Grants permission to add sources to any flow", + "privilege": "AddFlowSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a label", - "privilege": "Describelabel", + "access_level": "Write", + "description": "Grants permission to add VPC interfaces to any flow", + "privilege": "AddFlowVpcInterfaces", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the data ingestion jobs in your account or for a particular dataset", - "privilege": "ListDataIngestionJobs", + "access_level": "Write", + "description": "Grants permission to create bridges", + "privilege": "CreateBridge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "Bridge*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the datasets in your account", - "privilege": "ListDatasets", + "access_level": "Write", + "description": "Grants permission to create flows", + "privilege": "CreateFlow", "resource_types": [ { "condition_keys": [], @@ -153671,33 +177580,33 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the inference events for an inference scheduler", - "privilege": "ListInferenceEvents", + "access_level": "Write", + "description": "Grants permission to create gateways", + "privilege": "CreateGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "Gateway*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the inference executions for an inference scheduler", - "privilege": "ListInferenceExecutions", + "access_level": "Write", + "description": "Grants permission to delete bridges", + "privilege": "DeleteBridge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "Bridge*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the inference schedulers in your account", - "privilege": "ListInferenceSchedulers", + "access_level": "Write", + "description": "Grants permission to delete flows", + "privilege": "DeleteFlow", "resource_types": [ { "condition_keys": [], @@ -153707,492 +177616,345 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the label groups in your account", - "privilege": "ListLabelGroups", + "access_level": "Write", + "description": "Grants permission to delete gateways", + "privilege": "DeleteGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "Gateway*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the labels in your account", - "privilege": "ListLabels", + "access_level": "Write", + "description": "Grants permission to deregister gateway instance", + "privilege": "DeregisterGatewayInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "GatewayInstance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the models in your account", - "privilege": "ListModels", + "access_level": "Read", + "description": "Grants permission to display the details of a bridge", + "privilege": "DescribeBridge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Bridge*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the sensor statistics for a particular dataset or an ingestion job", - "privilege": "ListSensorStatistics", + "access_level": "Read", + "description": "Grants permission to display the details of a flow including the flow ARN, name, and Availability Zone, as well as details about the source, outputs, and entitlements", + "privilege": "DescribeFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to view information about the flow's source transport stream and programs", + "privilege": "DescribeFlowSourceMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "inference-scheduler" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "label-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a data ingestion job for a dataset", - "privilege": "StartDataIngestionJob", + "access_level": "Read", + "description": "Grants permission to display the details of a gateway including the gateway ARN, name, and CIDR blocks, as well as details about the networks", + "privilege": "DescribeGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "Gateway*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an inference scheduler", - "privilege": "StartInferenceScheduler", + "access_level": "Read", + "description": "Grants permission to display the details of a gateway instance", + "privilege": "DescribeGatewayInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "GatewayInstance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an inference scheduler", - "privilege": "StopInferenceScheduler", + "access_level": "Read", + "description": "Grants permission to display the details of an offering", + "privilege": "DescribeOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to display the details of a reservation", + "privilege": "DescribeReservation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "inference-scheduler" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "label-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to discover gateway poll endpoint", + "privilege": "DiscoverGatewayPollEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "inference-scheduler" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "label-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "model" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an inference scheduler", - "privilege": "UpdateInferenceScheduler", + "description": "Grants permission to grant entitlements on any flow", + "privilege": "GrantFlowEntitlements", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "inference-scheduler*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a label group", - "privilege": "UpdateLabelGroup", + "access_level": "List", + "description": "Grants permission to display a list of bridges that are associated with this account and an optionally specified Arn", + "privilege": "ListBridges", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "label-group*" + "resource_type": "Bridge*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:dataset/${DatasetName}/${DatasetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:model/${ModelName}/${ModelId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "model" - }, - { - "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:inference-scheduler/${InferenceSchedulerName}/${InferenceSchedulerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "inference-scheduler" - }, - { - "arn": "arn:${Partition}:lookoutequipment:${Region}:${Account}:label-group/${LabelGroupName}/${LabelGroupId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "label-group" - } - ], - "service_name": "Amazon Lookout for Equipment" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "lookoutmetrics", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to activate an anomaly detector", - "privilege": "ActivateAnomalyDetector", + "access_level": "List", + "description": "Grants permission to display a list of all entitlements that have been granted to the account", + "privilege": "ListEntitlements", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to run a backtest with an anomaly detector", - "privilege": "BackTestAnomalyDetector", + "access_level": "List", + "description": "Grants permission to display a list of flows that are associated with this account", + "privilege": "ListFlows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an alert for an anomaly detector", - "privilege": "CreateAlert", + "access_level": "List", + "description": "Grants permission to display a list of instances that are associated with this gateway", + "privilege": "ListGatewayInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AnomalyDetector*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "GatewayInstance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an anomaly detector", - "privilege": "CreateAnomalyDetector", + "access_level": "List", + "description": "Grants permission to display a list of gateways that are associated with this account", + "privilege": "ListGateways", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateMetricSet", + "access_level": "List", + "description": "Grants permission to display a list of all offerings that are available to the account in the current AWS Region", + "privilege": "ListOfferings", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AnomalyDetector*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MetricSet*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deactivate an anomaly detector", - "privilege": "DeactivateAnomalyDetector", + "access_level": "List", + "description": "Grants permission to display a list of all reservations that have been purchased by the account in the current AWS Region", + "privilege": "ListReservations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an alert", - "privilege": "DeleteAlert", + "access_level": "Read", + "description": "Grants permission to display a list of all tags associated with a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an anomaly detector", - "privilege": "DeleteAnomalyDetector", + "description": "Grants permission to poll gateway", + "privilege": "PollGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about an alert", - "privilege": "DescribeAlert", + "access_level": "Write", + "description": "Grants permission to purchase an offering", + "privilege": "PurchaseOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an anomaly detection job", - "privilege": "DescribeAnomalyDetectionExecutions", + "access_level": "Write", + "description": "Grants permission to remove an output of an existing bridge", + "privilege": "RemoveBridgeOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "Bridge*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about an anomaly detector", - "privilege": "DescribeAnomalyDetector", + "access_level": "Write", + "description": "Grants permission to remove a source of an existing bridge", + "privilege": "RemoveBridgeSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "Bridge*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a dataset", - "privilege": "DescribeMetricSet", + "access_level": "Write", + "description": "Grants permission to remove media streams from any flow", + "privilege": "RemoveFlowMediaStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MetricSet*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to detect metric set config from data source", - "privilege": "DetectMetricSetConfig", + "description": "Grants permission to remove outputs from any flow", + "privilege": "RemoveFlowOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a group of affected metrics", - "privilege": "GetAnomalyGroup", + "access_level": "Write", + "description": "Grants permission to remove sources from any flow", + "privilege": "RemoveFlowSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get data quality metrics for an anomaly detector", - "privilege": "GetDataQualityMetrics", + "access_level": "Write", + "description": "Grants permission to remove VPC interfaces from any flow", + "privilege": "RemoveFlowVpcInterface", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get feedback on affected metrics for an anomaly group", - "privilege": "GetFeedback", + "access_level": "Write", + "description": "Grants permission to revoke entitlements on any flow", + "privilege": "RevokeFlowEntitlement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a selection of sample records from an Amazon S3 datasource", - "privilege": "GetSampleData", + "access_level": "Write", + "description": "Grants permission to start flows", + "privilege": "StartFlow", "resource_types": [ { "condition_keys": [], @@ -154202,21 +177964,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of alerts for a detector", - "privilege": "ListAlerts", + "access_level": "Write", + "description": "Grants permission to stop flows", + "privilege": "StopFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of anomaly detectors", - "privilege": "ListAnomalyDetectors", + "access_level": "Write", + "description": "Grants permission to submit gateway state change", + "privilege": "SubmitGatewayStateChange", "resource_types": [ { "condition_keys": [], @@ -154226,233 +177988,228 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of related measures in an anomaly group", - "privilege": "ListAnomalyGroupRelatedMetrics", + "access_level": "Tagging", + "description": "Grants permission to associate tags with resources", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of anomaly groups", - "privilege": "ListAnomalyGroupSummaries", + "access_level": "Tagging", + "description": "Grants permission to remove tags from resources", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of affected metrics for a measure in an anomaly group", - "privilege": "ListAnomalyGroupTimeSeries", + "access_level": "Write", + "description": "Grants permission to update bridges", + "privilege": "UpdateBridge", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "Bridge*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of datasets", - "privilege": "ListMetricSets", + "access_level": "Write", + "description": "Grants permission to update an output of an existing bridge", + "privilege": "UpdateBridgeOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector" + "resource_type": "Bridge*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of tags for a detector, dataset, or alert", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update a source of an existing bridge", + "privilege": "UpdateBridgeSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AnomalyDetector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MetricSet" + "resource_type": "Bridge*" } ] }, { "access_level": "Write", - "description": "Grants permission to add feedback for an affected metric in an anomaly group", - "privilege": "PutFeedback", + "description": "Grants permission to update the state of an existing bridge", + "privilege": "UpdateBridgeState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "Bridge*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a detector, dataset, or alert", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update flows", + "privilege": "UpdateFlow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AnomalyDetector" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "MetricSet" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a detector, dataset, or alert", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update entitlements on any flow", + "privilege": "UpdateFlowEntitlement", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AnomalyDetector" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update media streams on any flow", + "privilege": "UpdateFlowMediaStream", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MetricSet" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an alert for an anomaly detector", - "privilege": "UpdateAlert", + "description": "Grants permission to update outputs on any flow", + "privilege": "UpdateFlowOutput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Alert*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an anomaly detector", - "privilege": "UpdateAnomalyDetector", + "description": "Grants permission to update the source of any flow", + "privilege": "UpdateFlowSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnomalyDetector*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a dataset", - "privilege": "UpdateMetricSet", + "description": "Grants permission to update the configuration of an existing Gateway Instance", + "privilege": "UpdateGatewayInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "MetricSet*" + "resource_type": "GatewayInstance*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:lookoutmetrics:${Region}:${Account}:AnomalyDetector:${AnomalyDetectorName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "AnomalyDetector" + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:entitlement:${FlowId}:${EntitlementName}", + "condition_keys": [], + "resource": "Entitlement" }, { - "arn": "arn:${Partition}:lookoutmetrics:${Region}:${Account}:MetricSet/${AnomalyDetectorName}/${MetricSetName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "MetricSet" + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:flow:${FlowId}:${FlowName}", + "condition_keys": [], + "resource": "Flow" }, { - "arn": "arn:${Partition}:lookoutmetrics:${Region}:${Account}:Alert:${AlertName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Alert" + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:output:${OutputId}:${OutputName}", + "condition_keys": [], + "resource": "Output" + }, + { + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:source:${SourceId}:${SourceName}", + "condition_keys": [], + "resource": "Source" + }, + { + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:gateway:${GatewayId}:${GatewayName}", + "condition_keys": [], + "resource": "Gateway" + }, + { + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:bridge:${FlowId}:${FlowName}", + "condition_keys": [], + "resource": "Bridge" + }, + { + "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:gateway:${GatewayId}:${GatewayName}:instance:${InstanceId}", + "condition_keys": [], + "resource": "GatewayInstance" } ], - "service_name": "Amazon Lookout for Metrics" + "service_name": "AWS Elemental MediaConnect" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "mediaconvert:HttpInputsAllowed", + "description": "Filters access by an HTTP input policy present in the account", + "type": "Bool" + }, + { + "condition": "mediaconvert:HttpsInputsAllowed", + "description": "Filters access by an HTTPS input policy present in the account", + "type": "Bool" + }, + { + "condition": "mediaconvert:S3InputsAllowed", + "description": "Filters access by an S3 input policy present in the account", + "type": "Bool" } ], - "prefix": "lookoutvision", + "prefix": "mediaconvert", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a dataset manifest", - "privilege": "CreateDataset", + "description": "Grants permission to associate an AWS Certificate Manager (ACM) Amazon Resource Name (ARN) with AWS Elemental MediaConvert", + "privilege": "AssociateCertificate", "resource_types": [ { "condition_keys": [], @@ -154463,18 +178220,43 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new anomaly detection model", - "privilege": "CreateModel", + "description": "Grants permission to cancel an AWS Elemental MediaConvert job that is waiting in queue", + "privilege": "CancelJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "Job*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create and submit an AWS Elemental MediaConvert job", + "privilege": "CreateJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "JobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Preset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "mediaconvert:HttpInputsAllowed", + "mediaconvert:HttpsInputsAllowed", + "mediaconvert:S3InputsAllowed" ], "dependent_actions": [], "resource_type": "" @@ -154483,23 +178265,39 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new project", - "privilege": "CreateProject", + "description": "Grants permission to create an AWS Elemental MediaConvert custom job template", + "privilege": "CreateJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "Preset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "description": "Grants permission to create an AWS Elemental MediaConvert custom output preset", + "privilege": "CreatePreset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -154507,32 +178305,35 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a model and all associated assets", - "privilege": "DeleteModel", + "description": "Grants permission to create an AWS Elemental MediaConvert job queue", + "privilege": "CreateQueue", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to permanently remove a project", - "privilege": "DeleteProject", + "description": "Grants permission to delete an AWS Elemental MediaConvert custom job template", + "privilege": "DeleteJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "JobTemplate*" } ] }, { - "access_level": "Read", - "description": "Grants permission to show detailed information about dataset manifest", - "privilege": "DescribeDataset", + "access_level": "Write", + "description": "Grants permission to delete an AWS Elemental MediaConvert policy", + "privilege": "DeletePolicy", "resource_types": [ { "condition_keys": [], @@ -154542,45 +178343,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to show detailed information about a model", - "privilege": "DescribeModel", + "access_level": "Write", + "description": "Grants permission to delete an AWS Elemental MediaConvert custom output preset", + "privilege": "DeletePreset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "Preset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to show detailed information about a model packaging job", - "privilege": "DescribeModelPackagingJob", + "access_level": "Write", + "description": "Grants permission to delete an AWS Elemental MediaConvert job queue", + "privilege": "DeleteQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to show detailed information about a project", - "privilege": "DescribeProject", + "access_level": "List", + "description": "Grants permission to subscribe to the AWS Elemental MediaConvert service, by sending a request for an account-specific endpoint. All transcoding requests must be sent to the endpoint that the service returns", + "privilege": "DescribeEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to provides state information about a running anomaly detection job", - "privilege": "DescribeTrialDetection", + "access_level": "Write", + "description": "Grants permission to remove an association between the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate and an AWS Elemental MediaConvert resource", + "privilege": "DisassociateCertificate", "resource_types": [ { "condition_keys": [], @@ -154590,33 +178391,33 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to invoke detection of anomalies", - "privilege": "DetectAnomalies", + "access_level": "Read", + "description": "Grants permission to get an AWS Elemental MediaConvert job", + "privilege": "GetJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "Job*" } ] }, { "access_level": "Read", - "description": "Grants permission to list the contents of dataset manifest", - "privilege": "ListDatasetEntries", + "description": "Grants permission to get an AWS Elemental MediaConvert job template", + "privilege": "GetJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "JobTemplate*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all model packaging jobs associated with a project", - "privilege": "ListModelPackagingJobs", + "access_level": "Read", + "description": "Grants permission to get an AWS Elemental MediaConvert policy", + "privilege": "GetPolicy", "resource_types": [ { "condition_keys": [], @@ -154626,110 +178427,130 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all models associated with a project", - "privilege": "ListModels", + "access_level": "Read", + "description": "Grants permission to get an AWS Elemental MediaConvert output preset", + "privilege": "GetPreset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Preset*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all projects", - "privilege": "ListProjects", + "access_level": "Read", + "description": "Grants permission to get an AWS Elemental MediaConvert job queue", + "privilege": "GetQueue", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Queue*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list AWS Elemental MediaConvert job templates", + "privilege": "ListJobTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all anomaly detection jobs", - "privilege": "ListTrialDetections", + "description": "Grants permission to list AWS Elemental MediaConvert jobs", + "privilege": "ListJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Queue" } ] }, { - "access_level": "Write", - "description": "Grants permission to start anomaly detection model", - "privilege": "StartModel", + "access_level": "List", + "description": "Grants permission to list AWS Elemental MediaConvert output presets", + "privilege": "ListPresets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a model packaging job", - "privilege": "StartModelPackagingJob", + "access_level": "List", + "description": "Grants permission to list AWS Elemental MediaConvert job queues", + "privilege": "ListQueues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start bulk detection of anomalies for a set of images stored in an S3 bucket", - "privilege": "StartTrialDetection", + "access_level": "Read", + "description": "Grants permission to retrieve the tags for a MediaConvert queue, preset, or job template", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "JobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Preset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue" } ] }, { "access_level": "Write", - "description": "Grants permission to stop anomaly detection model", - "privilege": "StopModel", + "description": "Grants permission to put an AWS Elemental MediaConvert policy", + "privilege": "PutPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model*" + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource with given key value pairs", + "description": "Grants permission to add tags to a MediaConvert queue, preset, or job template", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "JobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Preset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue" }, { "condition_keys": [ @@ -154743,13 +178564,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove the tag with the given key from a resource", + "description": "Grants permission to remove tags from a MediaConvert queue, preset, or job template", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "model" + "resource_type": "JobTemplate" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Preset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue" }, { "condition_keys": [ @@ -154762,391 +178593,347 @@ }, { "access_level": "Write", - "description": "Grants permission to update a training or test dataset manifest", - "privilege": "UpdateDatasetEntries", + "description": "Grants permission to update an AWS Elemental MediaConvert custom job template", + "privilege": "UpdateJobTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "JobTemplate*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Preset" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an AWS Elemental MediaConvert custom output preset", + "privilege": "UpdatePreset", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Preset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an AWS Elemental MediaConvert job queue", + "privilege": "UpdateQueue", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Queue*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:lookoutvision:${Region}:${Account}:model/${ProjectName}/${ModelVersion}", + "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:jobs/${JobId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "model" + "resource": "Job" }, { - "arn": "arn:${Partition}:lookoutvision:${Region}:${Account}:project/${ProjectName}", + "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:queues/${QueueName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Queue" + }, + { + "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:presets/${PresetName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Preset" + }, + { + "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:jobTemplates/${JobTemplateName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "JobTemplate" + }, + { + "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:certificates/${CertificateArn}", "condition_keys": [], - "resource": "project" + "resource": "CertificateAssociation" } ], - "service_name": "Amazon Lookout for Vision" + "service_name": "AWS Elemental MediaConvert" + }, + { + "conditions": [], + "prefix": "mediaimport", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a database binary snapshot on the customer's aws account", + "privilege": "CreateDatabaseBinarySnapshot", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AmazonMediaImport" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "m2", + "prefix": "medialive", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel the execution of a batch job", - "privilege": "CancelBatchJobExecution", + "description": "Grants permission to accept an input device transfer", + "privilege": "AcceptInputDeviceTransfer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "input-device*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an application", - "privilege": "CreateApplication", + "description": "Grants permission to delete channels, inputs, input security groups, and multiplexes", + "privilege": "BatchDelete", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "s3:GetObject", - "s3:ListBucket" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a data set import task", - "privilege": "CreateDataSetImportTask", + "description": "Grants permission to start channels and multiplexes", + "privilege": "BatchStart", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "s3:GetObject" - ], - "resource_type": "Application*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a deployment", - "privilege": "CreateDeployment", + "description": "Grants permission to stop channels and multiplexes", + "privilege": "BatchStop", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:RegisterTargets" - ], - "resource_type": "Application*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to Create an environment", - "privilege": "CreateEnvironment", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "elasticfilesystem:DescribeMountTargets", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateLoadBalancer", - "fsx:DescribeFileSystems", - "iam:CreateServiceLinkedRole" - ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApplication", + "description": "Grants permission to add and remove actions from a channel's schedule", + "privilege": "BatchUpdateSchedule", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup" - ], - "resource_type": "Application*" + "dependent_actions": [], + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an application from a runtime environment", - "privilege": "DeleteApplicationFromEnvironment", + "description": "Grants permission to cancel an input device transfer", + "privilege": "CancelInputDeviceTransfer", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup" - ], - "resource_type": "Application*" + "dependent_actions": [], + "resource_type": "input-device*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a runtime environment", - "privilege": "DeleteEnvironment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "elasticloadbalancing:DeleteLoadBalancer" - ], - "resource_type": "Environment*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve an application", - "privilege": "GetApplication", + "description": "Grants permission to claim an input device", + "privilege": "ClaimDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "input-device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an application version", - "privilege": "GetApplicationVersion", + "access_level": "Write", + "description": "Grants permission to create a channel", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a batch job execution", - "privilege": "GetBatchJobExecution", - "resource_types": [ + "resource_type": "channel*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve data set details", - "privilege": "GetDataSetDetails", - "resource_types": [ + "resource_type": "input*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a data set import task", - "privilege": "GetDataSetImportTask", + "access_level": "Write", + "description": "Grants permission to create a cloudwatch alarm template", + "privilege": "CreateCloudWatchAlarmTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a deployment", - "privilege": "GetDeployment", - "resource_types": [ + "resource_type": "cloudwatch-alarm-template*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a runtime environment", - "privilege": "GetEnvironment", - "resource_types": [ + "resource_type": "cloudwatch-alarm-template-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Environment*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the versions of an application", - "privilege": "ListApplicationVersions", + "access_level": "Write", + "description": "Grants permission to create a cloudwatch alarm template group", + "privilege": "CreateCloudWatchAlarmTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list applications", - "privilege": "ListApplications", - "resource_types": [ + "resource_type": "cloudwatch-alarm-template-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list batch job definitions", - "privilege": "ListBatchJobDefinitions", + "access_level": "Write", + "description": "Grants permission to create a eventbridge rule template", + "privilege": "CreateEventBridgeRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list executions for a batch job", - "privilege": "ListBatchJobExecutions", - "resource_types": [ + "resource_type": "eventbridge-rule-template*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list data set import history", - "privilege": "ListDataSetImportHistory", - "resource_types": [ + "resource_type": "eventbridge-rule-template-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list data sets", - "privilege": "ListDataSets", + "access_level": "Write", + "description": "Grants permission to create a eventbridge rule template group", + "privilege": "CreateEventBridgeRuleTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list deployments", - "privilege": "ListDeployments", - "resource_types": [ + "resource_type": "eventbridge-rule-template-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list engine versions", - "privilege": "ListEngineVersions", + "access_level": "Write", + "description": "Grants permission to create an input", + "privilege": "CreateInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list runtime environments", - "privilege": "ListEnvironments", - "resource_types": [ + "resource_type": "input*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", - "resource_types": [ + "resource_type": "input-security-group*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -155154,54 +178941,65 @@ }, { "access_level": "Write", - "description": "Grants permission to start an application", - "privilege": "StartApplication", + "description": "Grants permission to create an input security group", + "privilege": "CreateInputSecurityGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "input-security-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a batch job", - "privilege": "StartBatchJob", + "description": "Grants permission to create a multiplex", + "privilege": "CreateMultiplex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "multiplex*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an application", - "privilege": "StopApplication", + "description": "Grants permission to create a multiplex program", + "privilege": "CreateMultiplexProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application*" + "resource_type": "multiplex*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a partner input", + "privilege": "CreatePartnerInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Environment" + "resource_type": "input*" }, { "condition_keys": [ @@ -155214,22 +179012,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a signal map", + "privilege": "CreateSignalMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Application" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Environment" + "resource_type": "signal-map*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -155238,282 +179032,282 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update an application", - "privilege": "UpdateApplication", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "s3:GetObject", - "s3:ListBucket" - ], - "resource_type": "Application*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a runtime environment", - "privilege": "UpdateEnvironment", + "access_level": "Tagging", + "description": "Grants permission to create tags for channels, inputs, input security groups, multiplexes, reservations, signal maps, template groups, and templates", + "privilege": "CreateTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Environment*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:m2:${Region}:${Account}:app/${ApplicationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Application" - }, - { - "arn": "arn:${Partition}:m2:${Region}:${Account}:env/${EnvironmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Environment" - } - ], - "service_name": "AWS Mainframe Modernization Service" - }, - { - "conditions": [], - "prefix": "machinelearning", - "privileges": [ - { - "access_level": "Tagging", - "description": "Adds one or more tags to an object, up to a limit of 10. Each tag consists of a key and an optional value", - "privilege": "AddTags", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction" + "resource_type": "cloudwatch-alarm-template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource" + "resource_type": "cloudwatch-alarm-template-group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation" + "resource_type": "eventbridge-rule-template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel" - } - ] - }, - { - "access_level": "Write", - "description": "Generates predictions for a group of observations", - "privilege": "CreateBatchPrediction", - "resource_types": [ + "resource_type": "eventbridge-rule-template-group" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction*" + "resource_type": "input" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "input-security-group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "multiplex" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reservation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signal-map" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Creates a DataSource object from an Amazon RDS", - "privilege": "CreateDataSourceFromRDS", + "description": "Grants permission to delete a channel", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Creates a DataSource from a database hosted on an Amazon Redshift cluster", - "privilege": "CreateDataSourceFromRedshift", + "description": "Grants permission to delete a cloudwatch alarm template", + "privilege": "DeleteCloudWatchAlarmTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "cloudwatch-alarm-template*" } ] }, { "access_level": "Write", - "description": "Creates a DataSource object from S3", - "privilege": "CreateDataSourceFromS3", + "description": "Grants permission to delete a cloudwatch alarm template group", + "privilege": "DeleteCloudWatchAlarmTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "cloudwatch-alarm-template-group*" } ] }, { "access_level": "Write", - "description": "Creates a new Evaluation of an MLModel", - "privilege": "CreateEvaluation", + "description": "Grants permission to delete a eventbridge rule template", + "privilege": "DeleteEventBridgeRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "eventbridge-rule-template*" } ] }, { "access_level": "Write", - "description": "Creates a new MLModel", - "privilege": "CreateMLModel", + "description": "Grants permission to delete a eventbridge rule template group", + "privilege": "DeleteEventBridgeRuleTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" - }, + "resource_type": "eventbridge-rule-template-group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an input", + "privilege": "DeleteInput", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "input*" } ] }, { "access_level": "Write", - "description": "Creates a real-time endpoint for the MLModel", - "privilege": "CreateRealtimeEndpoint", + "description": "Grants permission to delete an input security group", + "privilege": "DeleteInputSecurityGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "input-security-group*" } ] }, { "access_level": "Write", - "description": "Assigns the DELETED status to a BatchPrediction, rendering it unusable", - "privilege": "DeleteBatchPrediction", + "description": "Grants permission to delete a multiplex", + "privilege": "DeleteMultiplex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction*" + "resource_type": "multiplex*" } ] }, { "access_level": "Write", - "description": "Assigns the DELETED status to a DataSource, rendering it unusable", - "privilege": "DeleteDataSource", + "description": "Grants permission to delete a multiplex program", + "privilege": "DeleteMultiplexProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "multiplex*" } ] }, { "access_level": "Write", - "description": "Assigns the DELETED status to an Evaluation, rendering it unusable", - "privilege": "DeleteEvaluation", + "description": "Grants permission to delete an expired reservation", + "privilege": "DeleteReservation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation*" + "resource_type": "reservation*" } ] }, { "access_level": "Write", - "description": "Assigns the DELETED status to an MLModel, rendering it unusable", - "privilege": "DeleteMLModel", + "description": "Grants permission to delete all schedule actions for a channel", + "privilege": "DeleteSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Deletes a real time endpoint of an MLModel", - "privilege": "DeleteRealtimeEndpoint", + "description": "Grants permission to delete a signal map", + "privilege": "DeleteSignalMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "signal-map*" } ] }, { "access_level": "Tagging", - "description": "Deletes the specified tags associated with an ML object. After this operation is complete, you can't recover deleted tags", + "description": "Grants permission to delete tags from channels, inputs, input security groups, multiplexes, reservations, signal maps, template groups, and templates", "privilege": "DeleteTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction" + "resource_type": "channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource" + "resource_type": "cloudwatch-alarm-template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation" + "resource_type": "cloudwatch-alarm-template-group" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel" + "resource_type": "eventbridge-rule-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventbridge-rule-template-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input-security-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "multiplex" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reservation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signal-map" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Returns a list of BatchPrediction operations that match the search criteria in the request", - "privilege": "DescribeBatchPredictions", + "access_level": "Read", + "description": "Grants permission to view the account configuration of the customer", + "privilege": "DescribeAccountConfiguration", "resource_types": [ { "condition_keys": [], @@ -155523,324 +179317,249 @@ ] }, { - "access_level": "List", - "description": "Returns a list of DataSource that match the search criteria in the request", - "privilege": "DescribeDataSources", + "access_level": "Read", + "description": "Grants permission to get details about a channel", + "privilege": "DescribeChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Returns a list of DescribeEvaluations that match the search criteria in the request", - "privilege": "DescribeEvaluations", + "access_level": "Read", + "description": "Grants permission to describe an input", + "privilege": "DescribeInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input*" } ] }, { - "access_level": "List", - "description": "Returns a list of MLModel that match the search criteria in the request", - "privilege": "DescribeMLModels", + "access_level": "Read", + "description": "Grants permission to describe an input device", + "privilege": "DescribeInputDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { - "access_level": "List", - "description": "Describes one or more of the tags for your Amazon ML object", - "privilege": "DescribeTags", + "access_level": "Read", + "description": "Grants permission to describe an input device thumbnail", + "privilege": "DescribeInputDeviceThumbnail", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "evaluation" - }, + "resource_type": "input-device*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an input security group", + "privilege": "DescribeInputSecurityGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel" + "resource_type": "input-security-group*" } ] }, { "access_level": "Read", - "description": "Returns a BatchPrediction that includes detailed metadata, status, and data file information", - "privilege": "GetBatchPrediction", + "description": "Grants permission to describe a multiplex", + "privilege": "DescribeMultiplex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction*" + "resource_type": "multiplex*" } ] }, { "access_level": "Read", - "description": "Returns a DataSource that includes metadata and data file information, as well as the current status of the DataSource", - "privilege": "GetDataSource", + "description": "Grants permission to describe a multiplex program", + "privilege": "DescribeMultiplexProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "multiplex*" } ] }, { "access_level": "Read", - "description": "Returns an Evaluation that includes metadata as well as the current status of the Evaluation", - "privilege": "GetEvaluation", + "description": "Grants permission to get details about a reservation offering", + "privilege": "DescribeOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "offering*" } ] }, { "access_level": "Read", - "description": "Returns an MLModel that includes detailed metadata, and data source information as well as the current status of the MLModel", - "privilege": "GetMLModel", + "description": "Grants permission to get details about a reservation", + "privilege": "DescribeReservation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "reservation*" } ] }, { - "access_level": "Write", - "description": "Generates a prediction for the observation using the specified ML Model", - "privilege": "Predict", + "access_level": "Read", + "description": "Grants permission to view a list of actions scheduled on a channel", + "privilege": "DescribeSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Updates the BatchPredictionName of a BatchPrediction", - "privilege": "UpdateBatchPrediction", + "access_level": "Read", + "description": "Grants permission to view the thumbnails for a channel", + "privilege": "DescribeThumbnails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchprediction*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Updates the DataSourceName of a DataSource", - "privilege": "UpdateDataSource", + "access_level": "Read", + "description": "Grants permission to get a cloudwatch alarm template", + "privilege": "GetCloudWatchAlarmTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasource*" + "resource_type": "cloudwatch-alarm-template*" } ] }, { - "access_level": "Write", - "description": "Updates the EvaluationName of an Evaluation", - "privilege": "UpdateEvaluation", + "access_level": "Read", + "description": "Grants permission to get a cloudwatch alarm template group", + "privilege": "GetCloudWatchAlarmTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "evaluation*" + "resource_type": "cloudwatch-alarm-template-group*" } ] }, { - "access_level": "Write", - "description": "Updates the MLModelName and the ScoreThreshold of an MLModel", - "privilege": "UpdateMLModel", + "access_level": "Read", + "description": "Grants permission to get a eventbridge rule template", + "privilege": "GetEventBridgeRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "mlmodel*" + "resource_type": "eventbridge-rule-template*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:batchprediction/${BatchPredictionId}", - "condition_keys": [], - "resource": "batchprediction" - }, - { - "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:datasource/${DatasourceId}", - "condition_keys": [], - "resource": "datasource" - }, - { - "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:evaluation/${EvaluationId}", - "condition_keys": [], - "resource": "evaluation" - }, - { - "arn": "arn:${Partition}:machinelearning:${Region}:${Account}:mlmodel/${MlModelId}", - "condition_keys": [], - "resource": "mlmodel" - } - ], - "service_name": "Amazon Machine Learning" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "macie2", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to accept an Amazon Macie membership invitation", - "privilege": "AcceptInvitation", + "access_level": "Read", + "description": "Grants permission to get a eventbridge rule template group", + "privilege": "GetEventBridgeRuleTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventbridge-rule-template-group*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about one or more custom data identifiers", - "privilege": "BatchGetCustomDataIdentifiers", + "description": "Grants permission to get a signal map", + "privilege": "GetSignalMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CustomDataIdentifier*" + "resource_type": "signal-map*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and define the settings for an allow list", - "privilege": "CreateAllowList", + "access_level": "List", + "description": "Grants permission to list channels", + "privilege": "ListChannels", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and define the settings for a sensitive data discovery job", - "privilege": "CreateClassificationJob", + "access_level": "List", + "description": "Grants permission to list cloudwatch alarm template groups", + "privilege": "ListCloudWatchAlarmTemplateGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClassificationJob*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and define the settings for a custom data identifier", - "privilege": "CreateCustomDataIdentifier", + "access_level": "List", + "description": "Grants permission to list cloudwatch alarm templates", + "privilege": "ListCloudWatchAlarmTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CustomDataIdentifier*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create and define the settings for a findings filter", - "privilege": "CreateFindingsFilter", + "access_level": "List", + "description": "Grants permission to list eventbridge rule template groups", + "privilege": "ListEventBridgeRuleTemplateGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FindingsFilter*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to send an Amazon Macie membership invitation", - "privilege": "CreateInvitations", + "access_level": "List", + "description": "Grants permission to list eventbridge rule templates", + "privilege": "ListEventBridgeRuleTemplates", "resource_types": [ { "condition_keys": [], @@ -155850,29 +179569,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to associate an account with an Amazon Macie administrator account", - "privilege": "CreateMember", + "access_level": "List", + "description": "Grants permission to list input device transfers", + "privilege": "ListInputDeviceTransfers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Member*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create sample findings", - "privilege": "CreateSampleFindings", + "access_level": "List", + "description": "Grants permission to list input devices", + "privilege": "ListInputDevices", "resource_types": [ { "condition_keys": [], @@ -155882,9 +179593,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to decline Amazon Macie membership invitations", - "privilege": "DeclineInvitations", + "access_level": "List", + "description": "Grants permission to list input security groups", + "privilege": "ListInputSecurityGroups", "resource_types": [ { "condition_keys": [], @@ -155894,45 +179605,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an allow list", - "privilege": "DeleteAllowList", + "access_level": "List", + "description": "Grants permission to list inputs", + "privilege": "ListInputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllowList*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a custom data identifier", - "privilege": "DeleteCustomDataIdentifier", + "access_level": "List", + "description": "Grants permission to list multiplex programs", + "privilege": "ListMultiplexPrograms", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CustomDataIdentifier*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a findings filter", - "privilege": "DeleteFindingsFilter", + "access_level": "List", + "description": "Grants permission to list multiplexes", + "privilege": "ListMultiplexes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FindingsFilter*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete Amazon Macie membership invitations", - "privilege": "DeleteInvitations", + "access_level": "List", + "description": "Grants permission to list reservation offerings", + "privilege": "ListOfferings", "resource_types": [ { "condition_keys": [], @@ -155942,21 +179653,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the association between an Amazon Macie administrator account and an account", - "privilege": "DeleteMember", + "access_level": "List", + "description": "Grants permission to list reservations", + "privilege": "ListReservations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Member*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve statistical data and other information about S3 buckets that Amazon Macie monitors and analyzes", - "privilege": "DescribeBuckets", + "access_level": "List", + "description": "Grants permission to list signal maps", + "privilege": "ListSignalMaps", "resource_types": [ { "condition_keys": [], @@ -155966,201 +179677,259 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the status and settings for a sensitive data discovery job", - "privilege": "DescribeClassificationJob", + "access_level": "List", + "description": "Grants permission to list tags for channels, inputs, input security groups, multiplexes, reservations, signal maps, template groups, and templates", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClassificationJob*" + "resource_type": "channel" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cloudwatch-alarm-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cloudwatch-alarm-template-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventbridge-rule-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventbridge-rule-template-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "input-security-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "multiplex" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reservation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "signal-map" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Macie configuration settings for an AWS organization", - "privilege": "DescribeOrganizationConfiguration", + "access_level": "Write", + "description": "Grants permission to purchase a reservation offering", + "privilege": "PurchaseOffering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "offering*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "reservation*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable an Amazon Macie account, which also deletes Macie resources for the account", - "privilege": "DisableMacie", + "description": "Grants permission to reboot an input device", + "privilege": "RebootInputDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { "access_level": "Write", - "description": "Grants permission to disable an account as the delegated Amazon Macie administrator account for an AWS organization", - "privilege": "DisableOrganizationAdminAccount", + "description": "Grants permission to reject an input device transfer", + "privilege": "RejectInputDeviceTransfer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { "access_level": "Write", - "description": "Grants permission to an Amazon Macie member account to disassociate from its Macie administrator account", - "privilege": "DisassociateFromAdministratorAccount", + "description": "Grants permission to restart pipelines on a running channel", + "privilege": "RestartChannelPipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to an Amazon Macie member account to disassociate from its Macie administrator account", - "privilege": "DisassociateFromMasterAccount", + "description": "Grants permission to start a channel", + "privilege": "StartChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to an Amazon Macie administrator account to disassociate from a Macie member account", - "privilege": "DisassociateMember", + "description": "Grants permission to start deletion of a signal map's monitor", + "privilege": "StartDeleteMonitorDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Member*" + "resource_type": "signal-map*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable and specify the configuration settings for a new Amazon Macie account", - "privilege": "EnableMacie", + "description": "Grants permission to start an input device attached to a MediaConnect flow", + "privilege": "StartInputDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable an account as the delegated Amazon Macie administrator account for an AWS organization", - "privilege": "EnableOrganizationAdminAccount", + "description": "Grants permission to start a maintenance window for an input device", + "privilege": "StartInputDeviceMaintenanceWindow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Macie administrator account for an account", - "privilege": "GetAdministratorAccount", + "access_level": "Write", + "description": "Grants permission to start a signal map monitor deployment", + "privilege": "StartMonitorDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signal-map*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the settings and status of an allow list", - "privilege": "GetAllowList", + "access_level": "Write", + "description": "Grants permission to start a multiplex", + "privilege": "StartMultiplex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllowList*" + "resource_type": "multiplex*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the configuration settings and status of automated sensitive data discovery for an account", - "privilege": "GetAutomatedDiscoveryConfiguration", + "access_level": "Write", + "description": "Grants permission to start a signal map update", + "privilege": "StartUpdateSignalMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "signal-map*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes", - "privilege": "GetBucketStatistics", + "access_level": "Write", + "description": "Grants permission to stop a channel", + "privilege": "StopChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the settings for exporting sensitive data discovery results", - "privilege": "GetClassificationExportConfiguration", + "access_level": "Write", + "description": "Grants permission to stop an input device attached to a MediaConnect flow", + "privilege": "StopInputDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the classification scope settings for an account", - "privilege": "GetClassificationScope", + "access_level": "Write", + "description": "Grants permission to stop a multiplex", + "privilege": "StopMultiplex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "multiplex*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the settings for a custom data identifier", - "privilege": "GetCustomDataIdentifier", + "access_level": "Write", + "description": "Grants permission to transfer an input device", + "privilege": "TransferInputDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "CustomDataIdentifier*" + "resource_type": "input-device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve aggregated statistical data about findings", - "privilege": "GetFindingStatistics", + "access_level": "Write", + "description": "Grants permission to update a customer's account configuration", + "privilege": "UpdateAccountConfiguration", "resource_types": [ { "condition_keys": [], @@ -156170,249 +179939,395 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the details of one or more findings", - "privilege": "GetFindings", + "access_level": "Write", + "description": "Grants permission to update a channel", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the settings for a findings filter", - "privilege": "GetFindingsFilter", + "access_level": "Write", + "description": "Grants permission to update the class of a channel", + "privilege": "UpdateChannelClass", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FindingsFilter*" + "resource_type": "channel*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the configuration settings for publishing findings to AWS Security Hub", - "privilege": "GetFindingsPublicationConfiguration", + "access_level": "Write", + "description": "Grants permission to update a cloudwatch alarm template", + "privilege": "UpdateCloudWatchAlarmTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloudwatch-alarm-template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cloudwatch-alarm-template-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the count of Amazon Macie membership invitations that were received by an account", - "privilege": "GetInvitationsCount", + "access_level": "Write", + "description": "Grants permission to update a cloudwatch alarm template group", + "privilege": "UpdateCloudWatchAlarmTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "cloudwatch-alarm-template-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the status and configuration settings for an Amazon Macie account", - "privilege": "GetMacieSession", + "access_level": "Write", + "description": "Grants permission to update a eventbridge rule template", + "privilege": "UpdateEventBridgeRuleTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventbridge-rule-template*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "eventbridge-rule-template-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Macie administrator account for an account", - "privilege": "GetMasterAccount", + "access_level": "Write", + "description": "Grants permission to update a eventbridge rule template group", + "privilege": "UpdateEventBridgeRuleTemplateGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventbridge-rule-template-group*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an account that's associated with an Amazon Macie administrator account", - "privilege": "GetMember", + "access_level": "Write", + "description": "Grants permission to update an input", + "privilege": "UpdateInput", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Member*" + "resource_type": "input*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve sensitive data discovery statistics and the sensitivity score for an S3 bucket", - "privilege": "GetResourceProfile", + "access_level": "Write", + "description": "Grants permission to update an input device", + "privilege": "UpdateInputDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "input-device*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the status and configuration settings for retrieving occurrences of sensitive data reported by findings", - "privilege": "GetRevealConfiguration", + "access_level": "Write", + "description": "Grants permission to update an input security group", + "privilege": "UpdateInputSecurityGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "input-security-group*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve occurrences of sensitive data reported by a finding", - "privilege": "GetSensitiveDataOccurrences", + "access_level": "Write", + "description": "Grants permission to update a multiplex", + "privilege": "UpdateMultiplex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "multiplex*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check whether occurrences of sensitive data can be retrieved for a finding", - "privilege": "GetSensitiveDataOccurrencesAvailability", + "access_level": "Write", + "description": "Grants permission to update a multiplex program", + "privilege": "UpdateMultiplexProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "multiplex*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the sensitivity inspection template settings for an account", - "privilege": "GetSensitivityInspectionTemplate", + "access_level": "Write", + "description": "Grants permission to update a reservation", + "privilege": "UpdateReservation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "reservation*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:channel:${ChannelId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" }, { - "access_level": "Read", - "description": "Grants permission to retrieve quotas and aggregated usage data for one or more accounts", - "privilege": "GetUsageStatistics", + "arn": "arn:${Partition}:medialive:${Region}:${Account}:input:${InputId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "input" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:inputDevice:${DeviceId}", + "condition_keys": [], + "resource": "input-device" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:${InputSecurityGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "input-security-group" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:multiplex:${MultiplexId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "multiplex" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:reservation:${ReservationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "reservation" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:offering:${OfferingId}", + "condition_keys": [], + "resource": "offering" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:signal-map:${SignalMapId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "signal-map" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:cloudwatch-alarm-template-group:${CloudWatchAlarmTemplateGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cloudwatch-alarm-template-group" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:cloudwatch-alarm-template:${CloudWatchAlarmTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cloudwatch-alarm-template" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:eventbridge-rule-template-group:${EventBridgeRuleTemplateGroupId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "eventbridge-rule-template-group" + }, + { + "arn": "arn:${Partition}:medialive:${Region}:${Account}:eventbridge-rule-template:${EventBridgeRuleTemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "eventbridge-rule-template" + } + ], + "service_name": "AWS Elemental MediaLive" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag for a MediaPackage request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag for a MediaPackage resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys for a MediaPackage resource or request", + "type": "ArrayOfString" + } + ], + "prefix": "mediapackage", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to configure access logs for a Channel", + "privilege": "ConfigureLogs", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "channels*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a channel in AWS Elemental MediaPackage", + "privilege": "CreateChannel", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve aggregated usage data for an account", - "privilege": "GetUsageTotals", + "access_level": "Write", + "description": "Grants permission to create a harvest job in AWS Elemental MediaPackage", + "privilege": "CreateHarvestJob", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a subset of information about all the allow lists for an account", - "privilege": "ListAllowLists", + "access_level": "Write", + "description": "Grants permission to create an endpoint in AWS Elemental MediaPackage", + "privilege": "CreateOriginEndpoint", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a subset of information about the status and settings for one or more sensitive data discovery jobs", - "privilege": "ListClassificationJobs", + "access_level": "Write", + "description": "Grants permission to delete a channel in AWS Elemental MediaPackage", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channels*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a subset of information about the classification scope for an account", - "privilege": "ListClassificationScopes", + "access_level": "Write", + "description": "Grants permission to delete an endpoint in AWS Elemental MediaPackage", + "privilege": "DeleteOriginEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin_endpoints*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all custom data identifiers", - "privilege": "ListCustomDataIdentifiers", + "access_level": "Read", + "description": "Grants permission to view the details of a channel in AWS Elemental MediaPackage", + "privilege": "DescribeChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channels*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a subset of information about one or more findings", - "privilege": "ListFindings", + "access_level": "Read", + "description": "Grants permission to view the details of a harvest job in AWS Elemental MediaPackage", + "privilege": "DescribeHarvestJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "harvest_jobs*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all findings filters", - "privilege": "ListFindingsFilters", + "access_level": "Read", + "description": "Grants permission to view the details of an endpoint in AWS Elemental MediaPackage", + "privilege": "DescribeOriginEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "origin_endpoints*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all the Amazon Macie membership invitations that were received by an account", - "privilege": "ListInvitations", + "access_level": "Read", + "description": "Grants permission to view a list of channels in AWS Elemental MediaPackage", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], @@ -156422,9 +180337,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about managed data identifiers", - "privilege": "ListManagedDataIdentifiers", + "access_level": "Read", + "description": "Grants permission to view a list of harvest jobs in AWS Elemental MediaPackage", + "privilege": "ListHarvestJobs", "resource_types": [ { "condition_keys": [], @@ -156434,9 +180349,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the Amazon Macie member accounts that are associated with a Macie administrator account", - "privilege": "ListMembers", + "access_level": "Read", + "description": "Grants permission to view a list of endpoints in AWS Elemental MediaPackage", + "privilege": "ListOriginEndpoints", "resource_types": [ { "condition_keys": [], @@ -156446,151 +180361,229 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the delegated, Amazon Macie administrator account for an AWS organization", - "privilege": "ListOrganizationAdminAccounts", + "access_level": "Read", + "description": "Grants permission to list the tags assigned to a Channel or OriginEndpoint", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channels" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "harvest_jobs" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "origin_endpoints" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about objects that were selected from an S3 bucket for automated sensitive data discovery", - "privilege": "ListResourceProfileArtifacts", + "access_level": "Write", + "description": "Grants permission to rotate credentials for the first IngestEndpoint of a Channel in AWS Elemental MediaPackage", + "privilege": "RotateChannelCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channels*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket", - "privilege": "ListResourceProfileDetections", + "access_level": "Write", + "description": "Grants permission to rotate IngestEndpoint credentials for a Channel in AWS Elemental MediaPackage", + "privilege": "RotateIngestEndpointCredentials", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channels*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a subset of information about the sensitivity inspection template for an account", - "privilege": "ListSensitivityInspectionTemplates", + "access_level": "Tagging", + "description": "Grants permission to tag a MediaPackage resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "channels" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "harvest_jobs" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "origin_endpoints" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the tags for an Amazon Macie resource", - "privilege": "ListTagsForResource", + "access_level": "Tagging", + "description": "Grants permission to delete tags to a Channel or OriginEndpoint", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllowList" + "resource_type": "channels" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClassificationJob" + "resource_type": "harvest_jobs" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "CustomDataIdentifier" + "resource_type": "origin_endpoints" }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to make changes to a channel in AWS Elemental MediaPackage", + "privilege": "UpdateChannel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FindingsFilter" - }, + "resource_type": "channels*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to make changes to an endpoint in AWS Elemental MediaPackage", + "privilege": "UpdateOriginEndpoint", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Member" + "resource_type": "origin_endpoints*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:mediapackage:${Region}:${Account}:channels/${ChannelIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channels" + }, + { + "arn": "arn:${Partition}:mediapackage:${Region}:${Account}:origin_endpoints/${OriginEndpointIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "origin_endpoints" + }, + { + "arn": "arn:${Partition}:mediapackage:${Region}:${Account}:harvest_jobs/${HarvestJobIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "harvest_jobs" + } + ], + "service_name": "AWS Elemental MediaPackage" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters actions based on the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters actions based on tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters actions based on the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "mediapackage-vod", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create or update the settings for storing sensitive data discovery results", - "privilege": "PutClassificationExportConfiguration", + "description": "Grants permission to configure egress access logs for a PackagingGroup", + "privilege": "ConfigureLogs", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "packaging-groups*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the configuration settings for publishing findings to AWS Security Hub", - "privilege": "PutFindingsPublicationConfiguration", + "description": "Grants permission to create an asset in AWS Elemental MediaPackage", + "privilege": "CreateAsset", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve statistical data and other information about AWS resources that Amazon Macie monitors and analyzes", - "privilege": "SearchResources", + "access_level": "Write", + "description": "Grants permission to create a packaging configuration in AWS Elemental MediaPackage", + "privilege": "CreatePackagingConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or update the tags for an Amazon Macie resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a packaging group in AWS Elemental MediaPackage", + "privilege": "CreatePackagingGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "AllowList" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ClassificationJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "CustomDataIdentifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FindingsFilter" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Member" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -156603,135 +180596,92 @@ }, { "access_level": "Write", - "description": "Grants permission to test a custom data identifier", - "privilege": "TestCustomDataIdentifier", + "description": "Grants permission to delete an asset in AWS Elemental MediaPackage", + "privilege": "DeleteAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon Macie resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a packaging configuration in AWS Elemental MediaPackage", + "privilege": "DeletePackagingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllowList" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ClassificationJob" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "CustomDataIdentifier" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FindingsFilter" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Member" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "packaging-configurations*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the settings for an allow list", - "privilege": "UpdateAllowList", + "description": "Grants permission to delete a packaging group in AWS Elemental MediaPackage", + "privilege": "DeletePackagingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AllowList*" + "resource_type": "packaging-groups*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable or disable automated sensitive data discovery for an account", - "privilege": "UpdateAutomatedDiscoveryConfiguration", + "access_level": "Read", + "description": "Grants permission to view the details of an asset in AWS Elemental MediaPackage", + "privilege": "DescribeAsset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "assets*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change the status of a sensitive data discovery job", - "privilege": "UpdateClassificationJob", + "access_level": "Read", + "description": "Grants permission to view the details of a packaging configuration in AWS Elemental MediaPackage", + "privilege": "DescribePackagingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ClassificationJob*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "packaging-configurations*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the classification scope settings for an account", - "privilege": "UpdateClassificationScope", + "access_level": "Read", + "description": "Grants permission to view the details of a packaging group in AWS Elemental MediaPackage", + "privilege": "DescribePackagingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "packaging-groups*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the settings for a findings filter", - "privilege": "UpdateFindingsFilter", + "access_level": "List", + "description": "Grants permission to view a list of assets in AWS Elemental MediaPackage", + "privilege": "ListAssets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FindingsFilter*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to suspend or re-enable an Amazon Macie account, or update the configuration settings for a Macie account", - "privilege": "UpdateMacieSession", + "access_level": "List", + "description": "Grants permission to view a list of packaging configurations in AWS Elemental MediaPackage", + "privilege": "ListPackagingConfigurations", "resource_types": [ { "condition_keys": [], @@ -156741,9 +180691,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to an Amazon Macie administrator account to suspend or re-enable a Macie member account", - "privilege": "UpdateMemberSession", + "access_level": "List", + "description": "Grants permission to view a list of packaging groups in AWS Elemental MediaPackage", + "privilege": "ListPackagingGroups", "resource_types": [ { "condition_keys": [], @@ -156753,156 +180703,158 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update Amazon Macie configuration settings for an AWS organization", - "privilege": "UpdateOrganizationConfiguration", + "access_level": "Read", + "description": "Grants permission to list the tags assigned to a PackagingGroup, PackagingConfiguration, or Asset", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the sensitivity score for an S3 bucket", - "privilege": "UpdateResourceProfile", - "resource_types": [ + "resource_type": "assets" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "packaging-configurations" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packaging-groups" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the sensitivity scoring settings for an S3 bucket", - "privilege": "UpdateResourceProfileDetections", + "access_level": "Tagging", + "description": "Grants permission to assign tags to a PackagingGroup, PackagingConfiguration, or Asset", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "assets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packaging-configurations" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packaging-groups" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the status and configuration settings for retrieving occurrences of sensitive data reported by findings", - "privilege": "UpdateRevealConfiguration", + "access_level": "Tagging", + "description": "Grants permission to delete tags from a PackagingGroup, PackagingConfiguration, or Asset", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "assets" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packaging-configurations" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "packaging-groups" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the sensitivity inspection template settings for an account", - "privilege": "UpdateSensitivityInspectionTemplate", + "description": "Grants permission to update a packaging group in AWS Elemental MediaPackage", + "privilege": "UpdatePackagingGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "packaging-groups*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:macie2:${Region}:${Account}:allow-list/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "AllowList" - }, - { - "arn": "arn:${Partition}:macie2:${Region}:${Account}:classification-job/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ClassificationJob" - }, - { - "arn": "arn:${Partition}:macie2:${Region}:${Account}:custom-data-identifier/${ResourceId}", + "arn": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:assets/${AssetIdentifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "CustomDataIdentifier" + "resource": "assets" }, { - "arn": "arn:${Partition}:macie2:${Region}:${Account}:findings-filter/${ResourceId}", + "arn": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-configurations/${PackagingConfigurationIdentifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "FindingsFilter" + "resource": "packaging-configurations" }, { - "arn": "arn:${Partition}:macie2:${Region}:${Account}:member/${ResourceId}", + "arn": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-groups/${PackagingGroupIdentifier}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Member" + "resource": "packaging-groups" } ], - "service_name": "Amazon Macie" + "service_name": "AWS Elemental MediaPackage VOD" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with an Amazon Managed Blockchain resource", + "description": "Filters access by tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", + "description": "Filters access by tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "managedblockchain", + "prefix": "mediapackagev2", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an Amazon Managed Blockchain accessor", - "privilege": "CreateAccessor", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a member of an Amazon Managed Blockchain network", - "privilege": "CreateMember", + "description": "Grants permission to create a channel in a channel group", + "privilege": "CreateChannel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "network*" + "dependent_actions": [], + "resource_type": "Channel*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -156911,42 +180863,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Amazon Managed Blockchain network", - "privilege": "CreateNetwork", - "resource_types": [ - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a node within a member of an Amazon Managed Blockchain network", - "privilege": "CreateNode", + "description": "Grants permission to create a channel group", + "privilege": "CreateChannelGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "member" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network" + "resource_type": "ChannelGroup*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -156955,18 +180883,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a proposal that other blockchain network members can vote on to add or remove a member in an Amazon Managed Blockchain network", - "privilege": "CreateProposal", + "description": "Grants permission to create an origin endpoint for a channel", + "privilege": "CreateOriginEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "OriginEndpoint*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -156975,164 +180903,152 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon Managed Blockchain accessor", - "privilege": "DeleteAccessor", + "description": "Grants permission to delete a channel in a channel group", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accessor*" + "resource_type": "Channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a member and all associated resources from an Amazon Managed Blockchain network", - "privilege": "DeleteMember", + "description": "Grants permission to delete a channel group", + "privilege": "DeleteChannelGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "member*" + "resource_type": "ChannelGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a node from a member of an Amazon Managed Blockchain network", - "privilege": "DeleteNode", + "description": "Grants permission to delete a resource policy from a channel", + "privilege": "DeleteChannelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "node*" + "resource_type": "Channel*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to send HTTP GET requests to an Ethereum node", - "privilege": "GET", + "access_level": "Write", + "description": "Grants permission to delete an origin endpoint of a channel", + "privilege": "DeleteOriginEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OriginEndpoint*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return detailed information about an Amazon Managed Blockchain accessor", - "privilege": "GetAccessor", + "access_level": "Write", + "description": "Grants permission to delete a resource policy from an origin endpoint", + "privilege": "DeleteOriginEndpointPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accessor*" + "resource_type": "OriginEndpoint*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about a member of an Amazon Managed Blockchain network", - "privilege": "GetMember", + "description": "Grants permission to retrieve details of a channel in a channel group", + "privilege": "GetChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "member*" + "resource_type": "Channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about an Amazon Managed Blockchain network", - "privilege": "GetNetwork", + "description": "Grants permission to retrieve details of a channel group", + "privilege": "GetChannelGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "ChannelGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about a node within a member of an Amazon Managed Blockchain network", - "privilege": "GetNode", + "description": "Grants permission to retrieve a resource policy for a channel", + "privilege": "GetChannelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "node*" + "resource_type": "Channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to return detailed information about a proposal of an Amazon Managed Blockchain network", - "privilege": "GetProposal", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "proposal*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to create WebSocket connections to an Ethereum node", - "privilege": "Invoke", + "description": "Grants permission to make GetHeadObject requests to MediaPackage", + "privilege": "GetHeadObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OriginEndpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the Amazon Managed Blockchain accessors owned by the current AWS account", - "privilege": "ListAccessors", + "access_level": "Read", + "description": "Grants permission to make GetObject requests to MediaPackage", + "privilege": "GetObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OriginEndpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the invitations extended to the active AWS account from any Managed Blockchain network", - "privilege": "ListInvitations", + "access_level": "Read", + "description": "Grants permission to retrieve details of an origin endpoint", + "privilege": "GetOriginEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "OriginEndpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the members of an Amazon Managed Blockchain network and the properties of their memberships", - "privilege": "ListMembers", + "access_level": "Read", + "description": "Grants permission to retrieve details of a resource policy for an origin endpoint", + "privilege": "GetOriginEndpointPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "OriginEndpoint*" } ] }, { "access_level": "List", - "description": "Grants permission to list the Amazon Managed Blockchain networks in which the current AWS account participates", - "privilege": "ListNetworks", + "description": "Grants permission to list all channel groups for an aws account", + "privilege": "ListChannelGroups", "resource_types": [ { "condition_keys": [], @@ -157143,145 +181059,110 @@ }, { "access_level": "List", - "description": "Grants permission to list the nodes within a member of an Amazon Managed Blockchain network", - "privilege": "ListNodes", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "member" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "network" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to list all votes for a proposal, including the value of the vote and the unique identifier of the member that cast the vote for the given Amazon Managed Blockchain network", - "privilege": "ListProposalVotes", + "description": "Grants permission to list all channels in a channel group", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal*" + "resource_type": "ChannelGroup*" } ] }, { "access_level": "List", - "description": "Grants permission to list proposals for the given Amazon Managed Blockchain network", - "privilege": "ListProposals", + "description": "Grants permission to list all origin endpoints of a channel", + "privilege": "ListOriginEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "Channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to view tags associated with an Amazon Managed Blockchain resource", + "description": "Grants permission to list tags for the specified resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accessor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "invitation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "member" + "resource_type": "Channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network" + "resource_type": "ChannelGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "node" - }, + "resource_type": "OriginEndpoint" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to attach a resource policy for a channel", + "privilege": "PutChannelPolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal" + "resource_type": "Channel*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to send HTTP POST requests to an Ethereum node", - "privilege": "POST", + "access_level": "Write", + "description": "Grants permission to make PutObject requests to MediaPackage", + "privilege": "PutObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to reject the invitation to join the blockchain network", - "privilege": "RejectInvitation", + "description": "Grants permission to attach a resource policy to an origin endpoint", + "privilege": "PutOriginEndpointPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "invitation*" + "resource_type": "OriginEndpoint*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to an Amazon Managed Blockchain resource", + "description": "Grants permission to add specified tags to the specified resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accessor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "invitation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "member" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "network" + "resource_type": "Channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "node" + "resource_type": "ChannelGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal" + "resource_type": "OriginEndpoint" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -157290,38 +181171,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from an Amazon Managed Blockchain resource", + "description": "Grants permission to remove the specified tags from the specified resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "accessor" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "invitation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "member" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "network" + "resource_type": "Channel" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "node" + "resource_type": "ChannelGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal" + "resource_type": "OriginEndpoint" }, { "condition_keys": [ @@ -157334,194 +181200,96 @@ }, { "access_level": "Write", - "description": "Grants permission to update a member of an Amazon Managed Blockchain network", - "privilege": "UpdateMember", + "description": "Grants permission to update a channel in a channel group", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "member*" + "dependent_actions": [], + "resource_type": "Channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a node from a member of an Amazon Managed Blockchain network", - "privilege": "UpdateNode", + "description": "Grants permission to update a channel group", + "privilege": "UpdateChannelGroup", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "node*" + "dependent_actions": [], + "resource_type": "ChannelGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to cast a vote for a proposal on behalf of the blockchain network member specified", - "privilege": "VoteOnProposal", + "description": "Grants permission to update an origin endpoint of a channel", + "privilege": "UpdateOriginEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "proposal*" + "resource_type": "OriginEndpoint*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:managedblockchain:${Region}::networks/${NetworkId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "network" - }, - { - "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:members/${MemberId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "member" - }, - { - "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:nodes/${NodeId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "node" - }, - { - "arn": "arn:${Partition}:managedblockchain:${Region}::proposals/${ProposalId}", + "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "proposal" + "resource": "ChannelGroup" }, { - "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:invitations/${InvitationId}", + "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "invitation" + "resource": "Channel" }, { - "arn": "arn:${Partition}:managedblockchain:${Region}:${Account}:accessors/${AccessorId}", + "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}/originEndpoint/${OriginEndpointName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "accessor" + "resource": "OriginEndpoint" } ], - "service_name": "Amazon Managed Blockchain" + "service_name": "AWS Elemental MediaPackage V2" }, { - "conditions": [], - "prefix": "marketplacecommerceanalytics", - "privileges": [ + "conditions": [ { - "access_level": "Write", - "description": "Request a data set to be published to your Amazon S3 bucket.", - "privilege": "GenerateDataSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "Write", - "description": "Request a support data set to be published to your Amazon S3 bucket.", - "privilege": "StartSupportDataExport", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" } ], - "resources": [], - "service_name": "AWS Marketplace Commerce Analytics Service" - }, - { - "conditions": [], - "prefix": "mechanicalturk", + "prefix": "mediastore", "privileges": [ { "access_level": "Write", - "description": "The AcceptQualificationRequest operation grants a Worker's request for a Qualification", - "privilege": "AcceptQualificationRequest", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The ApproveAssignment operation approves the results of a completed assignment", - "privilege": "ApproveAssignment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The AssociateQualificationWithWorker operation gives a Worker a Qualification", - "privilege": "AssociateQualificationWithWorker", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The CreateAdditionalAssignmentsForHIT operation increases the maximum number of assignments of an existing HIT", - "privilege": "CreateAdditionalAssignmentsForHIT", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The CreateHIT operation creates a new HIT (Human Intelligence Task)", - "privilege": "CreateHIT", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The CreateHITType operation creates a new HIT type", - "privilege": "CreateHITType", + "description": "Grants permission to create a container", + "privilege": "CreateContainer", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -157529,164 +181297,164 @@ }, { "access_level": "Write", - "description": "The CreateHITWithHITType operation creates a new Human Intelligence Task (HIT) using an existing HITTypeID generated by the CreateHITType operation", - "privilege": "CreateHITWithHITType", + "description": "Grants permission to delete a container", + "privilege": "DeleteContainer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "Write", - "description": "The CreateQualificationType operation creates a new Qualification type, which is represented by a QualificationType data structure", - "privilege": "CreateQualificationType", + "access_level": "Permissions management", + "description": "Grants permission to delete the access policy of a container", + "privilege": "DeleteContainerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "The CreateWorkerBlock operation allows you to prevent a Worker from working on your HITs", - "privilege": "CreateWorkerBlock", + "description": "Grants permission to delete the CORS policy from a container", + "privilege": "DeleteCorsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "The DeleteHIT operation disposes of a HIT that is no longer needed", - "privilege": "DeleteHIT", + "description": "Grants permission to delete the lifecycle policy from a container", + "privilege": "DeleteLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "The DeleteQualificationType disposes a Qualification type and disposes any HIT types that are associated with the Qualification type", - "privilege": "DeleteQualificationType", + "description": "Grants permission to delete the metric policy from a container", + "privilege": "DeleteMetricPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Write", - "description": "The DeleteWorkerBlock operation allows you to reinstate a blocked Worker to work on your HITs", - "privilege": "DeleteWorkerBlock", + "description": "Grants permission to delete an object", + "privilege": "DeleteObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { - "access_level": "Write", - "description": "The DisassociateQualificationFromWorker revokes a previously granted Qualification from a user", - "privilege": "DisassociateQualificationFromWorker", + "access_level": "List", + "description": "Grants permission to retrieve details on a container", + "privilege": "DescribeContainer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "Read", - "description": "The GetAccountBalance operation retrieves the amount of money in your Amazon Mechanical Turk account", - "privilege": "GetAccountBalance", + "access_level": "List", + "description": "Grants permission to retrieve metadata for an object", + "privilege": "DescribeObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { "access_level": "Read", - "description": "The GetAssignment retrieves an assignment with an AssignmentStatus value of Submitted, Approved, or Rejected, using the assignment's ID", - "privilege": "GetAssignment", + "description": "Grants permission to retrieve the access policy of a container", + "privilege": "GetContainerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "The GetFileUploadURL operation generates and returns a temporary URL", - "privilege": "GetFileUploadURL", + "description": "Grants permission to retrieve the CORS policy of a container", + "privilege": "GetCorsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "The GetHIT operation retrieves the details of the specified HIT", - "privilege": "GetHIT", + "description": "Grants permission to retrieve the lifecycle policy that is assigned to a container", + "privilege": "GetLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "The GetQualificationScore operation returns the value of a Worker's Qualification for a given Qualification type", - "privilege": "GetQualificationScore", + "description": "Grants permission to retrieve the metric policy that is assigned to a container", + "privilege": "GetMetricPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { "access_level": "Read", - "description": "The GetQualificationType operation retrieves information about a Qualification type using its ID", - "privilege": "GetQualificationType", + "description": "Grants permission to retrieve an object", + "privilege": "GetObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { "access_level": "List", - "description": "The ListAssignmentsForHIT operation retrieves completed assignments for a HIT", - "privilege": "ListAssignmentsForHIT", + "description": "Grants permission to retrieve a list of containers in the current account", + "privilege": "ListContainers", "resource_types": [ { "condition_keys": [], @@ -157697,268 +181465,267 @@ }, { "access_level": "List", - "description": "The ListBonusPayments operation retrieves the amounts of bonuses you have paid to Workers for a given HIT or assignment", - "privilege": "ListBonusPayments", + "description": "Grants permission to retrieve a list of objects and subfolders that are stored in a folder", + "privilege": "ListItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "folder" } ] }, { - "access_level": "List", - "description": "The ListHITs operation returns all of a Requester's HITs", - "privilege": "ListHITs", + "access_level": "Read", + "description": "Grants permission to list tags on a container", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container" } ] }, { - "access_level": "List", - "description": "The ListHITsForQualificationType operation returns the HITs that use the given QualififcationType for a QualificationRequirement", - "privilege": "ListHITsForQualificationType", + "access_level": "Permissions management", + "description": "Grants permission to create or replace the access policy of a container", + "privilege": "PutContainerPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "List", - "description": "The ListQualificationRequests operation retrieves requests for Qualifications of a particular Qualification type", - "privilege": "ListQualificationRequests", + "access_level": "Write", + "description": "Grants permission to add or modify the CORS policy of a container", + "privilege": "PutCorsPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "List", - "description": "The ListQualificationTypes operation searches for Qualification types using the specified search query, and returns a list of Qualification types", - "privilege": "ListQualificationTypes", + "access_level": "Write", + "description": "Grants permission to add or modify the lifecycle policy that is assigned to a container", + "privilege": "PutLifecyclePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "List", - "description": "The ListReviewPolicyResultsForHIT operation retrieves the computed results and the actions taken in the course of executing your Review Policies during a CreateHIT operation", - "privilege": "ListReviewPolicyResultsForHIT", + "access_level": "Write", + "description": "Grants permission to add or modify the metric policy that is assigned to a container", + "privilege": "PutMetricPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "List", - "description": "The ListReviewableHITs operation returns all of a Requester's HITs that have not been approved or rejected", - "privilege": "ListReviewableHITs", + "access_level": "Write", + "description": "Grants permission to upload an object", + "privilege": "PutObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object*" } ] }, { - "access_level": "List", - "description": "The ListWorkersBlocks operation retrieves a list of Workers who are blocked from working on your HITs", - "privilege": "ListWorkerBlocks", + "access_level": "Write", + "description": "Grants permission to start access logging on a container", + "privilege": "StartAccessLogging", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "container*" } ] }, { - "access_level": "List", - "description": "The ListWorkersWithQualificationType operation returns all of the Workers with a given Qualification type", - "privilege": "ListWorkersWithQualificationType", + "access_level": "Write", + "description": "Grants permission to stop access logging on a container", + "privilege": "StopAccessLogging", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "container*" } ] }, { - "access_level": "Write", - "description": "The NotifyWorkers operation sends an email to one or more Workers that you specify with the Worker ID", - "privilege": "NotifyWorkers", + "access_level": "Tagging", + "description": "Grants permission to add tags to a container", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The RejectAssignment operation rejects the results of a completed assignment", - "privilege": "RejectAssignment", - "resource_types": [ + "resource_type": "container" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "The RejectQualificationRequest operation rejects a user's request for a Qualification", - "privilege": "RejectQualificationRequest", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a container", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "The SendBonus operation issues a payment of money from your account to a Worker", - "privilege": "SendBonus", - "resource_types": [ + "resource_type": "container" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "container" }, { - "access_level": "Write", - "description": "The SendTestEventNotification operation causes Amazon Mechanical Turk to send a notification message as if a HIT event occurred, according to the provided notification specification", - "privilege": "SendTestEventNotification", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}/${ObjectPath}", + "condition_keys": [], + "resource": "object" }, { - "access_level": "Write", - "description": "The UpdateExpirationForHIT operation allows you extend the expiration time of a HIT beyond is current expiration or expire a HIT immediately", - "privilege": "UpdateExpirationForHIT", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}/${FolderPath}", + "condition_keys": [], + "resource": "folder" + } + ], + "service_name": "AWS Elemental MediaStore" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Write", - "description": "The UpdateHITReviewStatus operation toggles the status of a HIT", - "privilege": "UpdateHITReviewStatus", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "mediatailor", + "privileges": [ { "access_level": "Write", - "description": "The UpdateHITTypeOfHIT operation allows you to change the HITType properties of a HIT", - "privilege": "UpdateHITTypeOfHIT", + "description": "Grants permission to configure logs on the channel with the specified channel name", + "privilege": "ConfigureLogsForChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "The UpdateNotificationSettings operation creates, updates, disables or re-enables notifications for a HIT type", - "privilege": "UpdateNotificationSettings", + "description": "Grants permission to configure logs for a playback configuration", + "privilege": "ConfigureLogsForPlaybackConfiguration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "playbackConfiguration*" } ] }, { "access_level": "Write", - "description": "The UpdateQualificationType operation modifies the attributes of an existing Qualification type, which is represented by a QualificationType data structure", - "privilege": "UpdateQualificationType", + "description": "Grants permission to create a new channel", + "privilege": "CreateChannel", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [], - "service_name": "Amazon Mechanical Turk" - }, - { - "conditions": [], - "prefix": "mediaconnect", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to add outputs to an existing bridge", - "privilege": "AddBridgeOutputs", + "description": "Grants permission to create a new live source on the source location with the specified source location name", + "privilege": "CreateLiveSource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add sources to an existing bridge", - "privilege": "AddBridgeSources", + "description": "Grants permission to create a prefetch schedule for the playback configuration with the specified playback configuration name", + "privilege": "CreatePrefetchSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "playbackConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to add media streams to any flow", - "privilege": "AddFlowMediaStreams", + "description": "Grants permission to create a new program on the channel with the specified channel name", + "privilege": "CreateProgram", "resource_types": [ { "condition_keys": [], @@ -157969,11 +181736,14 @@ }, { "access_level": "Write", - "description": "Grants permission to add outputs to any flow", - "privilege": "AddFlowOutputs", + "description": "Grants permission to create a new source location", + "privilege": "CreateSourceLocation", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -157981,11 +181751,14 @@ }, { "access_level": "Write", - "description": "Grants permission to add sources to any flow", - "privilege": "AddFlowSources", + "description": "Grants permission to create a new VOD source on the source location with the specified source location name", + "privilege": "CreateVodSource", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -157993,212 +181766,222 @@ }, { "access_level": "Write", - "description": "Grants permission to add VPC interfaces to any flow", - "privilege": "AddFlowVpcInterfaces", + "description": "Grants permission to delete the channel with the specified channel name", + "privilege": "DeleteChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create bridges", - "privilege": "CreateBridge", + "access_level": "Permissions management", + "description": "Grants permission to delete the IAM policy on the channel with the specified channel name", + "privilege": "DeleteChannelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to create flows", - "privilege": "CreateFlow", + "description": "Grants permission to delete the live source with the specified live source name on the source location with the specified source location name", + "privilege": "DeleteLiveSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "liveSource*" } ] }, { "access_level": "Write", - "description": "Grants permission to create gateways", - "privilege": "CreateGateway", + "description": "Grants permission to delete the specified playback configuration", + "privilege": "DeletePlaybackConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Gateway*" + "resource_type": "playbackConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete bridges", - "privilege": "DeleteBridge", + "description": "Grants permission to delete a prefetch schedule for a playback configuration with the specified prefetch schedule name", + "privilege": "DeletePrefetchSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "playbackConfiguration*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prefetchSchedule*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete flows", - "privilege": "DeleteFlow", + "description": "Grants permission to delete the program with the specified program name on the channel with the specified channel name", + "privilege": "DeleteProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "program*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete gateways", - "privilege": "DeleteGateway", + "description": "Grants permission to delete the source location with the specified source location name", + "privilege": "DeleteSourceLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Gateway*" + "resource_type": "sourceLocation*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister gateway instance", - "privilege": "DeregisterGatewayInstance", + "description": "Grants permission to delete the VOD source with the specified VOD source name on the source location with the specified source location name", + "privilege": "DeleteVodSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayInstance*" + "resource_type": "vodSource*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of a bridge", - "privilege": "DescribeBridge", + "description": "Grants permission to retrieve the channel with the specified channel name", + "privilege": "DescribeChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of a flow including the flow ARN, name, and Availability Zone, as well as details about the source, outputs, and entitlements", - "privilege": "DescribeFlow", + "description": "Grants permission to retrieve the live source with the specified live source name on the source location with the specified source location name", + "privilege": "DescribeLiveSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "liveSource*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of a gateway including the gateway ARN, name, and CIDR blocks, as well as details about the networks", - "privilege": "DescribeGateway", + "description": "Grants permission to retrieve the program with the specified program name on the channel with the specified channel name", + "privilege": "DescribeProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Gateway*" + "resource_type": "program*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of a gateway instance", - "privilege": "DescribeGatewayInstance", + "description": "Grants permission to retrieve the source location with the specified source location name", + "privilege": "DescribeSourceLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayInstance*" + "resource_type": "sourceLocation*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of an offering", - "privilege": "DescribeOffering", + "description": "Grants permission to retrieve the VOD source with the specified VOD source name on the source location with the specified source location name", + "privilege": "DescribeVodSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "vodSource*" } ] }, { "access_level": "Read", - "description": "Grants permission to display the details of a reservation", - "privilege": "DescribeReservation", + "description": "Grants permission to read the IAM policy on the channel with the specified channel name", + "privilege": "GetChannelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to discover gateway poll endpoint", - "privilege": "DiscoverGatewayPollEndpoint", + "access_level": "Read", + "description": "Grants permission to retrieve the schedule of programs on the channel with the specified channel name", + "privilege": "GetChannelSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to grant entitlements on any flow", - "privilege": "GrantFlowEntitlements", + "access_level": "Read", + "description": "Grants permission to retrieve the configuration for the specified name", + "privilege": "GetPlaybackConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "playbackConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to display a list of bridges that are associated with this account and an optionally specified Arn", - "privilege": "ListBridges", + "access_level": "Read", + "description": "Grants permission to retrieve prefetch schedule for a playback configuration with the specified prefetch schedule name", + "privilege": "GetPrefetchSchedule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "playbackConfiguration*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "prefetchSchedule*" } ] }, { - "access_level": "List", - "description": "Grants permission to display a list of all entitlements that have been granted to the account", - "privilege": "ListEntitlements", + "access_level": "Read", + "description": "Grants permission to retrieve the list of alerts on a resource", + "privilege": "ListAlerts", "resource_types": [ { "condition_keys": [], @@ -158208,9 +181991,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to display a list of flows that are associated with this account", - "privilege": "ListFlows", + "access_level": "Read", + "description": "Grants permission to retrieve the list of existing channels", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], @@ -158220,21 +182003,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to display a list of instances that are associated with this gateway", - "privilege": "ListGatewayInstances", + "access_level": "Read", + "description": "Grants permission to retrieve the list of existing live sources on the source location with the specified source location name", + "privilege": "ListLiveSources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayInstance*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to display a list of gateways that are associated with this account", - "privilege": "ListGateways", + "description": "Grants permission to retrieve the list of available configurations", + "privilege": "ListPlaybackConfigurations", "resource_types": [ { "condition_keys": [], @@ -158245,20 +182028,20 @@ }, { "access_level": "List", - "description": "Grants permission to display a list of all offerings that are available to the account in the current AWS Region", - "privilege": "ListOfferings", + "description": "Grants permission to retrieve the list of prefetch schedules for a playback configuration", + "privilege": "ListPrefetchSchedules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "playbackConfiguration*" } ] }, { - "access_level": "List", - "description": "Grants permission to display a list of all reservations that have been purchased by the account in the current AWS Region", - "privilege": "ListReservations", + "access_level": "Read", + "description": "Grants permission to retrieve the list of existing source locations", + "privilege": "ListSourceLocations", "resource_types": [ { "condition_keys": [], @@ -158269,68 +182052,40 @@ }, { "access_level": "Read", - "description": "Grants permission to display a list of all tags associated with a resource", + "description": "Grants permission to list the tags assigned to the specified playback configuration resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to poll gateway", - "privilege": "PollGateway", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to purchase an offering", - "privilege": "PurchaseOffering", - "resource_types": [ + "resource_type": "liveSource" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove an output of an existing bridge", - "privilege": "RemoveBridgeOutput", - "resource_types": [ + "resource_type": "playbackConfiguration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove a source of an existing bridge", - "privilege": "RemoveBridgeSource", - "resource_types": [ + "resource_type": "sourceLocation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" + "resource_type": "vodSource" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove media streams from any flow", - "privilege": "RemoveFlowMediaStream", + "access_level": "Read", + "description": "Grants permission to retrieve the list of existing VOD sources on the source location with the specified source location name", + "privilege": "ListVodSources", "resource_types": [ { "condition_keys": [], @@ -158340,24 +182095,27 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to remove outputs from any flow", - "privilege": "RemoveFlowOutput", + "access_level": "Permissions management", + "description": "Grants permission to set the IAM policy on the channel with the specified channel name", + "privilege": "PutChannelPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove sources from any flow", - "privilege": "RemoveFlowSource", + "description": "Grants permission to add a new configuration", + "privilege": "PutPlaybackConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -158365,143 +182123,102 @@ }, { "access_level": "Write", - "description": "Grants permission to remove VPC interfaces from any flow", - "privilege": "RemoveFlowVpcInterface", + "description": "Grants permission to start the channel with the specified channel name", + "privilege": "StartChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to revoke entitlements on any flow", - "privilege": "RevokeFlowEntitlement", + "description": "Grants permission to stop the channel with the specified channel name", + "privilege": "StopChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start flows", - "privilege": "StartFlow", + "access_level": "Tagging", + "description": "Grants permission to add tags to the specified playback configuration resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop flows", - "privilege": "StopFlow", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to submit gateway state change", - "privilege": "SubmitGatewayStateChange", - "resource_types": [ + "resource_type": "liveSource" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to associate tags with resources", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "playbackConfiguration" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "sourceLocation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "vodSource" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from resources", + "description": "Grants permission to remove tags from the specified playback configuration resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update bridges", - "privilege": "UpdateBridge", - "resource_types": [ + "resource_type": "channel" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an output of an existing bridge", - "privilege": "UpdateBridgeOutput", - "resource_types": [ + "resource_type": "liveSource" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a source of an existing bridge", - "privilege": "UpdateBridgeSource", - "resource_types": [ + "resource_type": "playbackConfiguration" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the state of an existing bridge", - "privilege": "UpdateBridgeState", - "resource_types": [ + "resource_type": "sourceLocation" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Bridge*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update flows", - "privilege": "UpdateFlow", - "resource_types": [ + "resource_type": "vodSource" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -158509,207 +182226,155 @@ }, { "access_level": "Write", - "description": "Grants permission to update entitlements on any flow", - "privilege": "UpdateFlowEntitlement", + "description": "Grants permission to update the channel with the specified channel name", + "privilege": "UpdateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to update media streams on any flow", - "privilege": "UpdateFlowMediaStream", + "description": "Grants permission to update the live source with the specified live source name on the source location with the specified source location name", + "privilege": "UpdateLiveSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "liveSource*" } ] }, { "access_level": "Write", - "description": "Grants permission to update outputs on any flow", - "privilege": "UpdateFlowOutput", + "description": "Grants permission to update the program with the specified program name on the channel with the specified channel name", + "privilege": "UpdateProgram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "program*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the source of any flow", - "privilege": "UpdateFlowSource", + "description": "Grants permission to update the source location with the specified source location name", + "privilege": "UpdateSourceLocation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sourceLocation*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the configuration of an existing Gateway Instance", - "privilege": "UpdateGatewayInstance", + "description": "Grants permission to update the VOD source with the specified VOD source name on the source location with the specified source location name", + "privilege": "UpdateVodSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "GatewayInstance*" + "resource_type": "vodSource*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:entitlement:${FlowId}:${EntitlementName}", - "condition_keys": [], - "resource": "Entitlement" + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:playbackConfiguration/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "playbackConfiguration" }, { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:flow:${FlowId}:${FlowName}", + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:prefetchSchedule/${ResourceId}", "condition_keys": [], - "resource": "Flow" + "resource": "prefetchSchedule" }, { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:output:${OutputId}:${OutputName}", - "condition_keys": [], - "resource": "Output" + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "channel" }, { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:source:${SourceId}:${SourceName}", + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:program/${ChannelName}/${ProgramName}", "condition_keys": [], - "resource": "Source" + "resource": "program" }, { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:gateway:${GatewayId}:${GatewayName}", - "condition_keys": [], - "resource": "Gateway" + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:sourceLocation/${SourceLocationName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sourceLocation" }, { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:bridge:${FlowId}:${FlowName}", - "condition_keys": [], - "resource": "Bridge" + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/${VodSourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "vodSource" }, { - "arn": "arn:${Partition}:mediaconnect:${Region}:${Account}:gateway:${GatewayId}:${GatewayName}:instance:${InstanceId}", - "condition_keys": [], - "resource": "GatewayInstance" + "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:liveSource/${SourceLocationName}/${LiveSourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "liveSource" } ], - "service_name": "AWS Elemental MediaConnect" + "service_name": "AWS Elemental MediaTailor" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key-value pairs in the request", + "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access by a tag key and value pair of a resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by tag keys in the request", + "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" } ], - "prefix": "mediaconvert", + "prefix": "medical-imaging", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate an AWS Certificate Manager (ACM) Amazon Resource Name (ARN) with AWS Elemental MediaConvert", - "privilege": "AssociateCertificate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to cancel an AWS Elemental MediaConvert job that is waiting in queue", - "privilege": "CancelJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Job*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create and submit an AWS Elemental MediaConvert job", - "privilege": "CreateJob", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "JobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Preset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Queue" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an AWS Elemental MediaConvert custom job template", - "privilege": "CreateJobTemplate", + "description": "Grants permission to copy an image set", + "privilege": "CopyImageSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Preset" + "resource_type": "datastore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "imageset*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Elemental MediaConvert custom output preset", - "privilege": "CreatePreset", + "description": "Grants permission to create a data store to ingest imaging data", + "privilege": "CreateDatastore", "resource_types": [ { "condition_keys": [ @@ -158723,155 +182388,124 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Elemental MediaConvert job queue", - "privilege": "CreateQueue", + "description": "Grants permission to delete a data store", + "privilege": "DeleteDatastore", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Elemental MediaConvert custom job template", - "privilege": "DeleteJobTemplate", + "description": "Grants permission to delete an image set", + "privilege": "DeleteImageSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobTemplate*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an AWS Elemental MediaConvert policy", - "privilege": "DeletePolicy", - "resource_types": [ + "resource_type": "datastore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "imageset*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Elemental MediaConvert custom output preset", - "privilege": "DeletePreset", + "access_level": "Read", + "description": "Grants permission to get an import job's properties", + "privilege": "GetDICOMImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Preset*" + "resource_type": "datastore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an AWS Elemental MediaConvert job queue", - "privilege": "DeleteQueue", + "access_level": "Read", + "description": "Grants permission to get data store properties", + "privilege": "GetDatastore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue*" + "resource_type": "datastore*" } ] }, { - "access_level": "List", - "description": "Grants permission to subscribe to the AWS Elemental MediaConvert service, by sending a request for an account-specific endpoint. All transcoding requests must be sent to the endpoint that the service returns", - "privilege": "DescribeEndpoints", + "access_level": "Read", + "description": "Grants permission to get image frame properties", + "privilege": "GetImageFrame", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove an association between the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate and an AWS Elemental MediaConvert resource", - "privilege": "DisassociateCertificate", - "resource_types": [ + "resource_type": "datastore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "imageset*" } ] }, { "access_level": "Read", - "description": "Grants permission to get an AWS Elemental MediaConvert job", - "privilege": "GetJob", + "description": "Grants permission to get image set properties", + "privilege": "GetImageSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Job*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get an AWS Elemental MediaConvert job template", - "privilege": "GetJobTemplate", - "resource_types": [ + "resource_type": "datastore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobTemplate*" + "resource_type": "imageset*" } ] }, { "access_level": "Read", - "description": "Grants permission to get an AWS Elemental MediaConvert policy", - "privilege": "GetPolicy", + "description": "Grants permission to get image set metadata properties", + "privilege": "GetImageSetMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get an AWS Elemental MediaConvert output preset", - "privilege": "GetPreset", - "resource_types": [ + "resource_type": "datastore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Preset*" + "resource_type": "imageset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an AWS Elemental MediaConvert job queue", - "privilege": "GetQueue", + "access_level": "List", + "description": "Grants permission to list import jobs for a data store", + "privilege": "ListDICOMImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue*" + "resource_type": "datastore*" } ] }, { "access_level": "List", - "description": "Grants permission to list AWS Elemental MediaConvert job templates", - "privilege": "ListJobTemplates", + "description": "Grants permission to list data stores", + "privilege": "ListDatastores", "resource_types": [ { "condition_keys": [], @@ -158882,97 +182516,81 @@ }, { "access_level": "List", - "description": "Grants permission to list AWS Elemental MediaConvert jobs", - "privilege": "ListJobs", + "description": "Grants permission to list versions of an image set", + "privilege": "ListImageSetVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list AWS Elemental MediaConvert output presets", - "privilege": "ListPresets", - "resource_types": [ + "resource_type": "datastore*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "imageset*" } ] }, { "access_level": "List", - "description": "Grants permission to list AWS Elemental MediaConvert job queues", - "privilege": "ListQueues", + "description": "Grants permission to list tags for a medical imaging resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "imageset" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the tags for a MediaConvert queue, preset, or job template", - "privilege": "ListTagsForResource", + "description": "Grants permission to search image sets", + "privilege": "SearchImageSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Preset" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Queue" + "resource_type": "datastore*" } ] }, { "access_level": "Write", - "description": "Grants permission to put an AWS Elemental MediaConvert policy", - "privilege": "PutPolicy", + "description": "Grants permission to start a DICOM import job", + "privilege": "StartDICOMImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datastore*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to a MediaConvert queue, preset, or job template", + "description": "Grants permission to add tags to a medical imaging resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Preset" + "resource_type": "datastore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue" + "resource_type": "imageset" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -158982,23 +182600,18 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a MediaConvert queue, preset, or job template", + "description": "Grants permission to remove tags from a medical imaging resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobTemplate" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Preset" + "resource_type": "datastore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue" + "resource_type": "imageset" }, { "condition_keys": [ @@ -159011,171 +182624,131 @@ }, { "access_level": "Write", - "description": "Grants permission to update an AWS Elemental MediaConvert custom job template", - "privilege": "UpdateJobTemplate", + "description": "Grants permission to update image set metadata properties", + "privilege": "UpdateImageSetMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobTemplate*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Preset" + "resource_type": "datastore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "Queue" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an AWS Elemental MediaConvert custom output preset", - "privilege": "UpdatePreset", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Preset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an AWS Elemental MediaConvert job queue", - "privilege": "UpdateQueue", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Queue*" + "resource_type": "imageset*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:jobs/${JobId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Job" - }, - { - "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:queues/${QueueName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Queue" - }, - { - "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:presets/${PresetName}", + "arn": "arn:${Partition}:medical-imaging:${Region}:${Account}:datastore/${DatastoreId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "Preset" + "resource": "datastore" }, { - "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:jobTemplates/${JobTemplateName}", + "arn": "arn:${Partition}:medical-imaging:${Region}:${Account}:datastore/${DatastoreId}/imageset/${ImageSetId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "JobTemplate" - }, - { - "arn": "arn:${Partition}:mediaconvert:${Region}:${Account}:certificates/${CertificateArn}", - "condition_keys": [], - "resource": "CertificateAssociation" - } - ], - "service_name": "AWS Elemental MediaConvert" - }, - { - "conditions": [], - "prefix": "mediaimport", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a database binary snapshot on the customer's aws account", - "privilege": "CreateDatabaseBinarySnapshot", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "resource": "imageset" } ], - "resources": [], - "service_name": "AmazonMediaImport" + "service_name": "AWS HealthImaging" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters actions based on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters actions based on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters actions based on the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "medialive", + "prefix": "memorydb", "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept an input device transfer", - "privilege": "AcceptInputDeviceTransfer", + "description": "Grants permissions to apply service updates", + "privilege": "BatchUpdateCluster", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "s3:GetObject" + ], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "input-device*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete channels, inputs, input security groups, and multiplexes", - "privilege": "BatchDelete", + "description": "Allows an IAM user or role to connect as a specified MemoryDB user to a node in a cluster", + "privilege": "Connect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start channels and multiplexes", - "privilege": "BatchStart", - "resource_types": [ + "resource_type": "cluster*" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop channels and multiplexes", - "privilege": "BatchStop", + "description": "Grants permissions to make a copy of an existing snapshot", + "privilege": "CopySnapshot", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "memorydb:TagResource", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:PutObject" + ], + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -159183,57 +182756,63 @@ }, { "access_level": "Write", - "description": "Grants permission to add and remove actions from a channel's schedule", - "privilege": "BatchUpdateSchedule", + "description": "Grants permissions to create a new access control list", + "privilege": "CreateAcl", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "memorydb:TagResource" + ], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an input device transfer", - "privilege": "CancelInputDeviceTransfer", + "description": "Grants permissions to create a cluster", + "privilege": "CreateCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to claim an input device", - "privilege": "ClaimDevice", - "resource_types": [ + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "memorydb:TagResource", + "s3:GetObject" + ], + "resource_type": "acl*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a channel", - "privilege": "CreateChannel", - "resource_types": [ + "resource_type": "parametergroup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "subnetgroup*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "snapshot" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -159244,41 +182823,39 @@ }, { "access_level": "Write", - "description": "Grants permission to create an input", - "privilege": "CreateInput", + "description": "Grants permissions to create a new parameter group", + "privilege": "CreateParameterGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input-security-group*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "memorydb:TagResource" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an input security group", - "privilege": "CreateInputSecurityGroup", + "description": "Grants permissions to create a backup of a cluster at the current point in time", + "privilege": "CreateSnapshot", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "input-security-group*" + "dependent_actions": [ + "memorydb:TagResource", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:PutObject" + ], + "resource_type": "cluster*" }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -159289,50 +182866,51 @@ }, { "access_level": "Write", - "description": "Grants permission to create a multiplex", - "privilege": "CreateMultiplex", + "description": "Grants permissions to create a new subnet group", + "privilege": "CreateSubnetGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multiplex*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "memorydb:TagResource" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a multiplex program", - "privilege": "CreateMultiplexProgram", + "description": "Grants permissions to create a new user", + "privilege": "CreateUser", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multiplex*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "memorydb:TagResource" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a partner input", - "privilege": "CreatePartnerInput", + "description": "Grants permissions to delete an access control list", + "privilege": "DeleteAcl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "acl*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -159340,39 +182918,29 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to create tags for channels, inputs, input security groups, multiplexes, and reservations", - "privilege": "CreateTags", + "access_level": "Write", + "description": "Grants permissions to delete a previously provisioned cluster", + "privilege": "DeleteCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input-security-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multiplex" + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "cluster*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservation" + "resource_type": "snapshot" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -159381,121 +182949,99 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a channel", - "privilege": "DeleteChannel", + "description": "Grants permissions to delete a parameter group", + "privilege": "DeleteParameterGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an input", - "privilege": "DeleteInput", - "resource_types": [ + "resource_type": "parametergroup*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an input security group", - "privilege": "DeleteInputSecurityGroup", + "description": "Grants permissions to delete a snapshot", + "privilege": "DeleteSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-security-group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a multiplex", - "privilege": "DeleteMultiplex", - "resource_types": [ + "resource_type": "snapshot*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a multiplex program", - "privilege": "DeleteMultiplexProgram", + "description": "Grants permissions to delete a subnet group", + "privilege": "DeleteSubnetGroup", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "subnetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an expired reservation", - "privilege": "DeleteReservation", + "description": "Grants permissions to delete a user", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservation*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete all schedule actions for a channel", - "privilege": "DeleteSchedule", - "resource_types": [ + "resource_type": "user*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete tags from channels, inputs, input security groups, multiplexes, and reservations", - "privilege": "DeleteTags", + "access_level": "Read", + "description": "Grants permissions to retrieve information about access control lists", + "privilege": "DescribeAcls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "input-security-group" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "multiplex" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "reservation" + "resource_type": "acl*" }, { "condition_keys": [ - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -159504,283 +183050,360 @@ }, { "access_level": "Read", - "description": "Grants permission to get details about a channel", - "privilege": "DescribeChannel", + "description": "Grants permissions to retrieve information about all provisioned clusters if no cluster identifier is specified, or about a specific cluster if a cluster identifier is supplied", + "privilege": "DescribeClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an input", - "privilege": "DescribeInput", + "description": "Grants permissions to list of the available engines and their versions", + "privilege": "DescribeEngineVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an input device", - "privilege": "DescribeInputDevice", + "description": "Grants permissions to retrieve events related to clusters, subnet groups, and parameter groups", + "privilege": "DescribeEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an input device thumbnail", - "privilege": "DescribeInputDeviceThumbnail", + "description": "Grants permissions to retrieve information about parameter groups", + "privilege": "DescribeParameterGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an input security group", - "privilege": "DescribeInputSecurityGroup", + "description": "Grants permissions to retrieve a detailed parameter list for a particular parameter group", + "privilege": "DescribeParameters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-security-group*" + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a multiplex", - "privilege": "DescribeMultiplex", + "description": "Grants permissions to retrieve reserved nodes", + "privilege": "DescribeReservedNodes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "reservednode*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a multiplex program", - "privilege": "DescribeMultiplexProgram", + "description": "Grants permissions to retrieve reserved nodes offerings", + "privilege": "DescribeReservedNodesOfferings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a reservation offering", - "privilege": "DescribeOffering", + "description": "Grants permissions to retrieve details of the service updates", + "privilege": "DescribeServiceUpdates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "offering*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get details about a reservation", - "privilege": "DescribeReservation", + "description": "Grants permissions to retrieve information about cluster snapshots", + "privilege": "DescribeSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservation*" + "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view a list of actions scheduled on a channel", - "privilege": "DescribeSchedule", + "description": "Grants permissions to retrieve a list of subnet group", + "privilege": "DescribeSubnetGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list channels", - "privilege": "ListChannels", - "resource_types": [ + "resource_type": "subnetgroup*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list input device transfers", - "privilege": "ListInputDeviceTransfers", + "access_level": "Read", + "description": "Grants permissions to retrieve information about users", + "privilege": "DescribeUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list input devices", - "privilege": "ListInputDevices", + "access_level": "Write", + "description": "Grants permissions to test automatic failover on a specified shard in a cluster", + "privilege": "FailoverShard", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list input security groups", - "privilege": "ListInputSecurityGroups", + "access_level": "Read", + "description": "Grants permissions to list available node type updates", + "privilege": "ListAllowedNodeTypeUpdates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list inputs", - "privilege": "ListInputs", + "access_level": "Read", + "description": "Grants permissions to list cost allocation tags", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list multiplex programs", - "privilege": "ListMultiplexPrograms", - "resource_types": [ + "resource_type": "acl" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list multiplexes", - "privilege": "ListMultiplexes", - "resource_types": [ + "resource_type": "cluster" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "parametergroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subnetgroup" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "user" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list reservation offerings", - "privilege": "ListOfferings", + "access_level": "Write", + "description": "Grants permissions to purchase a new reserved node", + "privilege": "PurchaseReservedNodesOffering", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "memorydb:TagResource" + ], + "resource_type": "reservednode*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list reservations", - "privilege": "ListReservations", + "access_level": "Write", + "description": "Grants permissions to modify the parameters of a parameter group to the engine or system default value", + "privilege": "ResetParameterGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list tags for channels, inputs, input security groups, multiplexes, and reservations", - "privilege": "ListTagsForResource", + "access_level": "Tagging", + "description": "Grants permissions to add up to 10 cost allocation tags to the named resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" + "resource_type": "acl" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input" + "resource_type": "cluster" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-security-group" + "resource_type": "parametergroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiplex" + "resource_type": "reservednode" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservation" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to purchase a reservation offering", - "privilege": "PurchaseOffering", - "resource_types": [ + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "offering*" + "resource_type": "subnetgroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservation*" + "resource_type": "user" }, { "condition_keys": [ + "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -159788,163 +183411,103 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to reboot an input device", - "privilege": "RebootInputDevice", + "access_level": "Tagging", + "description": "Grants permissions to remove the tags identified by the TagKeys list from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reject an input device transfer", - "privilege": "RejectInputDeviceTransfer", - "resource_types": [ + "resource_type": "acl" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a channel", - "privilege": "StartChannel", - "resource_types": [ + "resource_type": "cluster" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a maintenance window for an input device", - "privilege": "StartInputDeviceMaintenanceWindow", - "resource_types": [ + "resource_type": "parametergroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a multiplex", - "privilege": "StartMultiplex", - "resource_types": [ + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiplex*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a channel", - "privilege": "StopChannel", - "resource_types": [ + "resource_type": "subnetgroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a multiplex", - "privilege": "StopMultiplex", - "resource_types": [ + "resource_type": "user" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to transfer an input device", - "privilege": "TransferInputDevice", + "description": "Grants permissions to update an access control list", + "privilege": "UpdateAcl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a channel", - "privilege": "UpdateChannel", - "resource_types": [ + "resource_type": "acl*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the class of a channel", - "privilege": "UpdateChannelClass", - "resource_types": [ + "resource_type": "user*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update an input", - "privilege": "UpdateInput", + "description": "Grants permissions to update the settings for a cluster", + "privilege": "UpdateCluster", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "input*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an input device", - "privilege": "UpdateInputDevice", - "resource_types": [ + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "resource_type": "cluster*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-device*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an input security group", - "privilege": "UpdateInputSecurityGroup", - "resource_types": [ + "resource_type": "acl" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "input-security-group*" + "resource_type": "parametergroup" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -159953,149 +183516,150 @@ }, { "access_level": "Write", - "description": "Grants permission to update a multiplex", - "privilege": "UpdateMultiplex", + "description": "Grants permissions to update parameters in a parameter group", + "privilege": "UpdateParameterGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "parametergroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a multiplex program", - "privilege": "UpdateMultiplexProgram", + "description": "Grants permissions to update a subnet group", + "privilege": "UpdateSubnetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "multiplex*" + "resource_type": "subnetgroup*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a reservation", - "privilege": "UpdateReservation", + "description": "Grants permissions to update a user", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservation*" + "resource_type": "user*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:channel:${ChannelId}", + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:parametergroup/${ParameterGroupName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "channel" + "resource": "parametergroup" }, { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:input:${InputId}", + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:subnetgroup/${SubnetGroupName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "input" + "resource": "subnetgroup" }, { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:inputDevice:${DeviceId}", - "condition_keys": [], - "resource": "input-device" + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:cluster/${ClusterName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "cluster" }, { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:${InputSecurityGroupId}", + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:snapshot/${SnapshotName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "input-security-group" + "resource": "snapshot" }, { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:multiplex:${MultiplexId}", + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:user/${UserName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "multiplex" + "resource": "user" }, { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:reservation:${ReservationId}", + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:acl/${AclName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "reservation" + "resource": "acl" }, { - "arn": "arn:${Partition}:medialive:${Region}:${Account}:offering:${OfferingId}", - "condition_keys": [], - "resource": "offering" + "arn": "arn:${Partition}:memorydb:${Region}:${Account}:reservednode/${ReservationID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "reservednode" } ], - "service_name": "AWS Elemental MediaLive" + "service_name": "Amazon MemoryDB" }, { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag for a MediaPackage request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag for a MediaPackage resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys for a MediaPackage resource or request", - "type": "ArrayOfString" - } - ], - "prefix": "mediapackage", + "conditions": [], + "prefix": "mgh", "privileges": [ { "access_level": "Write", - "description": "Grants permission to configure access logs for a Channel", - "privilege": "ConfigureLogs", + "description": "Grants permission to associate a given AWS artifact to a MigrationTask", + "privilege": "AssociateCreatedArtifact", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "channels*" + "dependent_actions": [], + "resource_type": "migrationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a channel in AWS Elemental MediaPackage", - "privilege": "CreateChannel", + "description": "Grants permission to associate a given ADS resource to a MigrationTask", + "privilege": "AssociateDiscoveredResource", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "migrationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a harvest job in AWS Elemental MediaPackage", - "privilege": "CreateHarvestJob", + "description": "Grants permission to create a Migration Hub Home Region Control", + "privilege": "CreateHomeRegionControl", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -160103,107 +183667,104 @@ }, { "access_level": "Write", - "description": "Grants permission to create an endpoint in AWS Elemental MediaPackage", - "privilege": "CreateOriginEndpoint", + "description": "Grants permission to create a ProgressUpdateStream", + "privilege": "CreateProgressUpdateStream", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "progressUpdateStream*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a channel in AWS Elemental MediaPackage", - "privilege": "DeleteChannel", + "description": "Grants permission to delete a Migration Hub Home Region Control", + "privilege": "DeleteHomeRegionControl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an endpoint in AWS Elemental MediaPackage", - "privilege": "DeleteOriginEndpoint", + "description": "Grants permission to delete a ProgressUpdateStream", + "privilege": "DeleteProgressUpdateStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin_endpoints*" + "resource_type": "progressUpdateStream*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the details of a channel in AWS Elemental MediaPackage", - "privilege": "DescribeChannel", + "description": "Grants permission to get an Application Discovery Service Application's state", + "privilege": "DescribeApplicationState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of a harvest job in AWS Elemental MediaPackage", - "privilege": "DescribeHarvestJob", + "access_level": "List", + "description": "Grants permission to list Home Region Controls", + "privilege": "DescribeHomeRegionControls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "harvest_jobs*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to view the details of an endpoint in AWS Elemental MediaPackage", - "privilege": "DescribeOriginEndpoint", + "description": "Grants permission to describe a MigrationTask", + "privilege": "DescribeMigrationTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin_endpoints*" + "resource_type": "migrationTask*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view a list of channels in AWS Elemental MediaPackage", - "privilege": "ListChannels", + "access_level": "Write", + "description": "Grants permission to disassociate a given AWS artifact from a MigrationTask", + "privilege": "DisassociateCreatedArtifact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "migrationTask*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view a list of harvest jobs in AWS Elemental MediaPackage", - "privilege": "ListHarvestJobs", + "access_level": "Write", + "description": "Grants permission to disassociate a given ADS resource from a MigrationTask", + "privilege": "DisassociateDiscoveredResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "migrationTask*" } ] }, { "access_level": "Read", - "description": "Grants permission to view a list of endpoints in AWS Elemental MediaPackage", - "privilege": "ListOriginEndpoints", + "description": "Grants permission to get the Migration Hub Home Region", + "privilege": "GetHomeRegion", "resource_types": [ { "condition_keys": [], @@ -160213,198 +183774,266 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags assigned to a Channel or OriginEndpoint", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to import a MigrationTask", + "privilege": "ImportMigrationTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "harvest_jobs" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "origin_endpoints" + "resource_type": "migrationTask*" } ] }, { - "access_level": "Write", - "description": "Grants permission to rotate credentials for the first IngestEndpoint of a Channel in AWS Elemental MediaPackage", - "privilege": "RotateChannelCredentials", + "access_level": "List", + "description": "Grants permission to list Application statuses", + "privilege": "ListApplicationStates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to rotate IngestEndpoint credentials for a Channel in AWS Elemental MediaPackage", - "privilege": "RotateIngestEndpointCredentials", + "access_level": "List", + "description": "Grants permission to list associated created artifacts for a MigrationTask", + "privilege": "ListCreatedArtifacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels*" + "resource_type": "migrationTask*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a MediaPackage resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list associated ADS resources from MigrationTask", + "privilege": "ListDiscoveredResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "harvest_jobs" - }, + "resource_type": "migrationTask*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list MigrationTasks", + "privilege": "ListMigrationTasks", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin_endpoints" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete tags to a Channel or OriginEndpoint", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to to list ProgressUpdateStreams", + "privilege": "ListProgressUpdateStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "harvest_jobs" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an Application Discovery Service Application's state", + "privilege": "NotifyApplicationState", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin_endpoints" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to make changes to a channel in AWS Elemental MediaPackage", - "privilege": "UpdateChannel", + "description": "Grants permission to notify latest MigrationTask state", + "privilege": "NotifyMigrationTaskState", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels*" + "resource_type": "migrationTask*" } ] }, { "access_level": "Write", - "description": "Grants permission to make changes to an endpoint in AWS Elemental MediaPackage", - "privilege": "UpdateOriginEndpoint", + "description": "Grants permission to put ResourceAttributes", + "privilege": "PutResourceAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "origin_endpoints*" + "resource_type": "migrationTask*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:mediapackage:${Region}:${Account}:channels/${ChannelIdentifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channels" - }, - { - "arn": "arn:${Partition}:mediapackage:${Region}:${Account}:origin_endpoints/${OriginEndpointIdentifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "origin_endpoints" + "arn": "arn:${Partition}:mgh:${Region}:${Account}:progressUpdateStream/${Stream}", + "condition_keys": [], + "resource": "progressUpdateStream" }, { - "arn": "arn:${Partition}:mediapackage:${Region}:${Account}:harvest_jobs/${HarvestJobIdentifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "harvest_jobs" + "arn": "arn:${Partition}:mgh:${Region}:${Account}:progressUpdateStream/${Stream}/migrationTask/${Task}", + "condition_keys": [], + "resource": "migrationTask" } ], - "service_name": "AWS Elemental MediaPackage" + "service_name": "AWS Migration Hub" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by presence of tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "mgn:CreateAction", + "description": "Filters access by the name of a resource-creating API action", + "type": "String" } ], - "prefix": "mediapackage-vod", + "prefix": "mgn", "privileges": [ { "access_level": "Write", - "description": "Grants permission to configure egress access logs for a PackagingGroup", - "privilege": "ConfigureLogs", + "description": "Grants permission to archive an application", + "privilege": "ArchiveApplication", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "dependent_actions": [], + "resource_type": "ApplicationResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to archive a wave", + "privilege": "ArchiveWave", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WaveResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate applications to a wave", + "privilege": "AssociateApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApplicationResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WaveResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate source servers to an application", + "privilege": "AssociateSourceServers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApplicationResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create volume snapshot group", + "privilege": "BatchCreateVolumeSnapshotGroupForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to batch delete snapshot request", + "privilege": "BatchDeleteSnapshotRequestForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to change source server life cycle state", + "privilege": "ChangeServerLifeCycleState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "packaging-groups*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an asset in AWS Elemental MediaPackage", - "privilege": "CreateAsset", + "description": "Grants permission to create connector", + "privilege": "CreateConnector", "resource_types": [ { "condition_keys": [ @@ -160418,8 +184047,8 @@ }, { "access_level": "Write", - "description": "Grants permission to create a packaging configuration in AWS Elemental MediaPackage", - "privilege": "CreatePackagingConfiguration", + "description": "Grants permission to create launch configuration template", + "privilege": "CreateLaunchConfigurationTemplate", "resource_types": [ { "condition_keys": [ @@ -160433,8 +184062,23 @@ }, { "access_level": "Write", - "description": "Grants permission to create a packaging group in AWS Elemental MediaPackage", - "privilege": "CreatePackagingGroup", + "description": "Grants permission to create replication configuration template", + "privilege": "CreateReplicationConfigurationTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create vcenter client", + "privilege": "CreateVcenterClientForMgn", "resource_types": [ { "condition_keys": [ @@ -160442,86 +184086,137 @@ "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a wave", + "privilege": "CreateWave", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApplicationResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete connector", + "privilege": "DeleteConnector", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ConnectorResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete job", + "privilege": "DeleteJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "JobResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an asset in AWS Elemental MediaPackage", - "privilege": "DeleteAsset", + "description": "Grants permission to delete launch configuration template", + "privilege": "DeleteLaunchConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" + "resource_type": "LaunchConfigurationTemplateResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a packaging configuration in AWS Elemental MediaPackage", - "privilege": "DeletePackagingConfiguration", + "description": "Grants permission to delete replication configuration template", + "privilege": "DeleteReplicationConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "packaging-configurations*" + "resource_type": "ReplicationConfigurationTemplateResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a packaging group in AWS Elemental MediaPackage", - "privilege": "DeletePackagingGroup", + "description": "Grants permission to delete source server", + "privilege": "DeleteSourceServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "packaging-groups*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of an asset in AWS Elemental MediaPackage", - "privilege": "DescribeAsset", + "access_level": "Write", + "description": "Grants permission to delete vcenter client", + "privilege": "DeleteVcenterClient", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets*" + "resource_type": "VcenterClientResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view the details of a packaging configuration in AWS Elemental MediaPackage", - "privilege": "DescribePackagingConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a wave", + "privilege": "DeleteWave", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "packaging-configurations*" + "resource_type": "WaveResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to view the details of a packaging group in AWS Elemental MediaPackage", - "privilege": "DescribePackagingGroup", + "description": "Grants permission to describe job log items", + "privilege": "DescribeJobLogItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "packaging-groups*" + "resource_type": "JobResource*" } ] }, { "access_level": "List", - "description": "Grants permission to view a list of assets in AWS Elemental MediaPackage", - "privilege": "ListAssets", + "description": "Grants permission to describe jobs", + "privilege": "DescribeJobs", "resource_types": [ { "condition_keys": [], @@ -160532,8 +184227,8 @@ }, { "access_level": "List", - "description": "Grants permission to view a list of packaging configurations in AWS Elemental MediaPackage", - "privilege": "ListPackagingConfigurations", + "description": "Grants permission to describe launch configuration template", + "privilege": "DescribeLaunchConfigurationTemplates", "resource_types": [ { "condition_keys": [], @@ -160544,8 +184239,8 @@ }, { "access_level": "List", - "description": "Grants permission to view a list of packaging groups in AWS Elemental MediaPackage", - "privilege": "ListPackagingGroups", + "description": "Grants permission to describe replication configuration template", + "privilege": "DescribeReplicationConfigurationTemplates", "resource_types": [ { "condition_keys": [], @@ -160556,446 +184251,323 @@ }, { "access_level": "Read", - "description": "Grants permission to list the tags assigned to a PackagingGroup, PackagingConfiguration, or Asset", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe replication server associations", + "privilege": "DescribeReplicationServerAssociationsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packaging-configurations" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packaging-groups" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign tags to a PackagingGroup, PackagingConfiguration, or Asset", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to describe snapshots requests", + "privilege": "DescribeSnapshotRequestsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packaging-configurations" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packaging-groups" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete tags from a PackagingGroup, PackagingConfiguration, or Asset", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to describe source servers", + "privilege": "DescribeSourceServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "assets" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packaging-configurations" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "packaging-groups" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a packaging group in AWS Elemental MediaPackage", - "privilege": "UpdatePackagingGroup", + "access_level": "List", + "description": "Grants permission to describe vcenter clients", + "privilege": "DescribeVcenterClients", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "packaging-groups*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:assets/${AssetIdentifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "assets" - }, - { - "arn": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-configurations/${PackagingConfigurationIdentifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "packaging-configurations" - }, - { - "arn": "arn:${Partition}:mediapackage-vod:${Region}:${Account}:packaging-groups/${PackagingGroupIdentifier}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "packaging-groups" - } - ], - "service_name": "AWS Elemental MediaPackage VOD" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tags that are passed in the request", - "type": "String" }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "mediapackagev2", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a channel in a channel group", - "privilege": "CreateChannel", + "description": "Grants permission to disassociate applications from a wave", + "privilege": "DisassociateApplications", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "ApplicationResource*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "WaveResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a channel group", - "privilege": "CreateChannelGroup", + "description": "Grants permission to disassociate source servers from an application", + "privilege": "DisassociateSourceServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "ApplicationResource*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an origin endpoint for a channel", - "privilege": "CreateOriginEndpoint", + "description": "Grants permission to disconnect source server from service", + "privilege": "DisconnectFromService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OriginEndpoint*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a channel in a channel group", - "privilege": "DeleteChannel", + "description": "Grants permission to finalize cutover", + "privilege": "FinalizeCutover", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a channel group", - "privilege": "DeleteChannelGroup", + "access_level": "Read", + "description": "Grants permission to get agent command", + "privilege": "GetAgentCommandForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a resource policy from a channel", - "privilege": "DeleteChannelPolicy", + "access_level": "Read", + "description": "Grants permission to get agent confirmed resume info", + "privilege": "GetAgentConfirmedResumeInfoForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelPolicy*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an origin endpoint of a channel", - "privilege": "DeleteOriginEndpoint", + "access_level": "Read", + "description": "Grants permission to get agent installation assets", + "privilege": "GetAgentInstallationAssetsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OriginEndpoint*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a resource policy from an origin endpoint", - "privilege": "DeleteOriginEndpointPolicy", + "access_level": "Read", + "description": "Grants permission to get agent replication info", + "privilege": "GetAgentReplicationInfoForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OriginEndpoint*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "OriginEndpointPolicy*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of a channel in a channel group", - "privilege": "GetChannel", + "description": "Grants permission to get agent runtime configuration", + "privilege": "GetAgentRuntimeConfigurationForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of a channel group", - "privilege": "GetChannelGroup", + "description": "Grants permission to get agent snapshots credits", + "privilege": "GetAgentSnapshotCreditsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a resource policy for a channel", - "privilege": "GetChannelPolicy", + "description": "Grants permission to get channel commands", + "privilege": "GetChannelCommandsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get launch configuration", + "privilege": "GetLaunchConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelPolicy*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to make GetHeadObject requests to MediaPackage", - "privilege": "GetHeadObject", + "description": "Grants permission to get replication configuration", + "privilege": "GetReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to make GetObject requests to MediaPackage", - "privilege": "GetObject", + "description": "Grants permission to get vcenter client commands", + "privilege": "GetVcenterClientCommandsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "VcenterClientResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve details of an origin endpoint", - "privilege": "GetOriginEndpoint", + "access_level": "Write", + "description": "Grants permission to initialize service", + "privilege": "InitializeService", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Channel*" - }, + "dependent_actions": [ + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:CreateServiceLinkedRole", + "iam:GetInstanceProfile" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to issue a client certificate", + "privilege": "IssueClientCertificateForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, + "resource_type": "SourceServerResource" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list application summaries", + "privilege": "ListApplications", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of a resource policy for an origin endpoint", - "privilege": "GetOriginEndpointPolicy", + "description": "Grants permission to list connectors", + "privilege": "ListConnectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the errors of an export task", + "privilege": "ListExportErrors", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, + "resource_type": "ExportResource*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list export tasks", + "privilege": "ListExports", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the errors of an import task", + "privilege": "ListImportErrors", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpointPolicy*" + "resource_type": "ImportResource*" } ] }, { "access_level": "List", - "description": "Grants permission to list all channel groups for an aws account", - "privilege": "ListChannelGroups", + "description": "Grants permission to list the import tasks", + "privilege": "ListImports", "resource_types": [ { "condition_keys": [], @@ -161006,136 +184578,177 @@ }, { "access_level": "List", - "description": "Grants permission to list all channels in a channel group", - "privilege": "ListChannels", + "description": "Grants permission to list managed accounts", + "privilege": "ListManagedAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all origin endpoints of a channel", - "privilege": "ListOriginEndpoints", + "description": "Grants permission to list source server action documents", + "privilege": "ListSourceServerActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for the specified resource", + "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list launch configuration template action documents", + "privilege": "ListTemplateActions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup" - }, + "resource_type": "LaunchConfigurationTemplateResource*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list wave summaries", + "privilege": "ListWaves", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a resource policy for a channel", - "privilege": "PutChannelPolicy", + "description": "Grants permission to mark source server as archived", + "privilege": "MarkAsArchived", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ChannelPolicy*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to make PutObject requests to MediaPackage", - "privilege": "PutObject", + "description": "Grants permission to notify agent authentication", + "privilege": "NotifyAgentAuthenticationForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach a resource policy to an origin endpoint", - "privilege": "PutOriginEndpointPolicy", + "description": "Grants permission to notify agent is connected", + "privilege": "NotifyAgentConnectedForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify agent is disconnected", + "privilege": "NotifyAgentDisconnectedForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify agent replication progress", + "privilege": "NotifyAgentReplicationProgressForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint*" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to notify vcenter client started", + "privilege": "NotifyVcenterClientStartedForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpointPolicy*" + "resource_type": "VcenterClientResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add specified tags to the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to pause replication", + "privilege": "PauseReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put source server action document", + "privilege": "PutSourceServerAction", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to put launch configuration template action document", + "privilege": "PutTemplateAction", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint" - }, + "resource_type": "LaunchConfigurationTemplateResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to register agent", + "privilege": "RegisterAgentForMgn", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -161147,151 +184760,200 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tags from the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to remove source server action document", + "privilege": "RemoveSourceServerAction", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove launch configuration template action document", + "privilege": "RemoveTemplateAction", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup" - }, + "resource_type": "LaunchConfigurationTemplateResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to resume replication", + "privilege": "ResumeReplication", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a channel in a channel group", - "privilege": "UpdateChannel", + "description": "Grants permission to retry replication", + "privilege": "RetryDataReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, + "resource_type": "SourceServerResource*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send agent logs", + "privilege": "SendAgentLogsForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a channel group", - "privilege": "UpdateChannelGroup", + "description": "Grants permission to send agent metrics", + "privilege": "SendAgentMetricsForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an origin endpoint of a channel", - "privilege": "UpdateOriginEndpoint", + "description": "Grants permission to send channel command result", + "privilege": "SendChannelCommandResultForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Channel*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send client logs", + "privilege": "SendClientLogsForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ChannelGroup*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send client metrics", + "privilege": "SendClientMetricsForMgn", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "OriginEndpoint*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ChannelGroup" - }, - { - "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}", - "condition_keys": [], - "resource": "ChannelPolicy" - }, - { - "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Channel" }, { - "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}/originEndpoint/${OriginEndpointName}", - "condition_keys": [], - "resource": "OriginEndpointPolicy" + "access_level": "Write", + "description": "Grants permission to send vcenter client command result", + "privilege": "SendVcenterClientCommandResultForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] }, { - "arn": "arn:${Partition}:mediapackagev2:${Region}:${Account}:channelGroup/${ChannelGroupName}/channel/${ChannelName}/originEndpoint/${OriginEndpointName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "OriginEndpoint" - } - ], - "service_name": "AWS Elemental MediaPackage V2" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "access_level": "Write", + "description": "Grants permission to send vcenter client logs", + "privilege": "SendVcenterClientLogsForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to send vcenter client metrics", + "privilege": "SendVcenterClientMetricsForMgn", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource*" + } + ] }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "mediastore", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a container", - "privilege": "CreateContainer", + "description": "Grants permission to start cutover", + "privilege": "StartCutover", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:CreateSecurityGroup", + "ec2:CreateSnapshot", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DeleteSnapshot", + "ec2:DeleteVolume", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyLaunchTemplate", + "ec2:ReportInstanceStatus", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "iam:PassRole", + "mgn:ListTagsForResource" + ], + "resource_type": "SourceServerResource*" + }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -161300,318 +184962,462 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a container", - "privilege": "DeleteContainer", + "description": "Grants permission to start an export task", + "privilege": "StartExport", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "container*" + "dependent_actions": [ + "ec2:DescribeLaunchTemplateVersions", + "mgn:DescribeSourceServers", + "mgn:GetLaunchConfiguration", + "mgn:ListApplications", + "mgn:ListWaves", + "s3:PutObject" + ], + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to delete the access policy of a container", - "privilege": "DeleteContainerPolicy", + "access_level": "Write", + "description": "Grants permission to create an import task", + "privilege": "StartImport", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "container*" + "dependent_actions": [ + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplateVersions", + "ec2:ModifyLaunchTemplate", + "mgn:DescribeSourceServers", + "mgn:GetLaunchConfiguration", + "mgn:ListApplications", + "mgn:ListWaves", + "mgn:TagResource", + "mgn:UpdateLaunchConfiguration", + "s3:PutObject" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the CORS policy from a container", - "privilege": "DeleteCorsPolicy", + "description": "Grants permission to start replication", + "privilege": "StartReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the lifecycle policy from a container", - "privilege": "DeleteLifecyclePolicy", + "description": "Grants permission to start test", + "privilege": "StartTest", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:CreateSecurityGroup", + "ec2:CreateSnapshot", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DeleteSnapshot", + "ec2:DeleteVolume", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyLaunchTemplate", + "ec2:ReportInstanceStatus", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "iam:PassRole", + "mgn:ListTagsForResource" + ], + "resource_type": "SourceServerResource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the metric policy from a container", - "privilege": "DeleteMetricPolicy", + "description": "Grants permission to stop replication", + "privilege": "StopReplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an object", - "privilege": "DeleteObject", + "access_level": "Tagging", + "description": "Grants permission to assign a resource tag", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "ApplicationResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ConnectorResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "JobResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LaunchConfigurationTemplateResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationConfigurationTemplateResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WaveResource" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "mgn:CreateAction", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve details on a container", - "privilege": "DescribeContainer", + "access_level": "Write", + "description": "Grants permission to terminate target instances", + "privilege": "TerminateTargetInstances", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteVolume", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:TerminateInstances" + ], + "resource_type": "SourceServerResource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve metadata for an object", - "privilege": "DescribeObject", + "access_level": "Write", + "description": "Grants permission to unarchive an application", + "privilege": "UnarchiveApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "ApplicationResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the access policy of a container", - "privilege": "GetContainerPolicy", + "access_level": "Write", + "description": "Grants permission to unarchive a wave", + "privilege": "UnarchiveWave", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "WaveResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the CORS policy of a container", - "privilege": "GetCorsPolicy", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "ApplicationResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ConnectorResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "JobResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "LaunchConfigurationTemplateResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ReplicationConfigurationTemplateResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SourceServerResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VcenterClientResource" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "WaveResource" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the lifecycle policy that is assigned to a container", - "privilege": "GetLifecyclePolicy", + "access_level": "Write", + "description": "Grants permission to update agent backlog", + "privilege": "UpdateAgentBacklogForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the metric policy that is assigned to a container", - "privilege": "GetMetricPolicy", + "access_level": "Write", + "description": "Grants permission to update agent conversion info", + "privilege": "UpdateAgentConversionInfoForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve an object", - "privilege": "GetObject", + "access_level": "Write", + "description": "Grants permission to update agent replication info", + "privilege": "UpdateAgentReplicationInfoForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of containers in the current account", - "privilege": "ListContainers", + "access_level": "Write", + "description": "Grants permission to update agent replication process state", + "privilege": "UpdateAgentReplicationProcessStateForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of objects and subfolders that are stored in a folder", - "privilege": "ListItems", + "access_level": "Write", + "description": "Grants permission to update agent source properties", + "privilege": "UpdateAgentSourcePropertiesForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "folder" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags on a container", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container" + "resource_type": "ApplicationResource*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to create or replace the access policy of a container", - "privilege": "PutContainerPolicy", + "access_level": "Write", + "description": "Grants permission to update connector", + "privilege": "UpdateConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "ConnectorResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or modify the CORS policy of a container", - "privilege": "PutCorsPolicy", + "description": "Grants permission to update launch configuration", + "privilege": "UpdateLaunchConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or modify the lifecycle policy that is assigned to a container", - "privilege": "PutLifecyclePolicy", + "description": "Grants permission to update launch configuration", + "privilege": "UpdateLaunchConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "LaunchConfigurationTemplateResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or modify the metric policy that is assigned to a container", - "privilege": "PutMetricPolicy", + "description": "Grants permission to update replication configuration", + "privilege": "UpdateReplicationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to upload an object", - "privilege": "PutObject", + "description": "Grants permission to update replication configuration template", + "privilege": "UpdateReplicationConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object*" + "resource_type": "ReplicationConfigurationTemplateResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to start access logging on a container", - "privilege": "StartAccessLogging", + "description": "Grants permission to update source server", + "privilege": "UpdateSourceServer", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "container*" + "dependent_actions": [], + "resource_type": "SourceServerResource*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop access logging on a container", - "privilege": "StopAccessLogging", + "description": "Grants permission to update source server replication type", + "privilege": "UpdateSourceServerReplicationType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container*" + "resource_type": "SourceServerResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a container", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update a wave", + "privilege": "UpdateWave", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "WaveResource*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a container", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to verify client role", + "privilege": "VerifyClientRoleForMgn", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "container" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] @@ -161619,96 +185425,105 @@ ], "resources": [ { - "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}", + "arn": "arn:${Partition}:mgn:${Region}:${Account}:job/${JobID}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "container" + "resource": "JobResource" }, { - "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}/${ObjectPath}", - "condition_keys": [], - "resource": "object" + "arn": "arn:${Partition}:mgn:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ReplicationConfigurationTemplateResource" }, { - "arn": "arn:${Partition}:mediastore:${Region}:${Account}:container/${ContainerName}/${FolderPath}", - "condition_keys": [], - "resource": "folder" + "arn": "arn:${Partition}:mgn:${Region}:${Account}:launch-configuration-template/${LaunchConfigurationTemplateID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "LaunchConfigurationTemplateResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:vcenter-client/${VcenterClientID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VcenterClientResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:source-server/${SourceServerID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "SourceServerResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:application/${ApplicationID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ApplicationResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:wave/${WaveID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "WaveResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:import/${ImportID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ImportResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:export/${ExportID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ExportResource" + }, + { + "arn": "arn:${Partition}:mgn:${Region}:${Account}:connector/${ConnectorID}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "ConnectorResource" } ], - "service_name": "AWS Elemental MediaStore" + "service_name": "AWS Application Migration Service" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", + "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "mediatailor", + "prefix": "migrationhub-orchestrator", "privileges": [ { "access_level": "Write", - "description": "Grants permission to configure logs on the channel with the specified channel name", - "privilege": "ConfigureLogsForChannel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to configure logs for a playback configuration", - "privilege": "ConfigureLogsForPlaybackConfiguration", + "description": "Grants permission to create a custom template", + "privilege": "CreateTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "playbackConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new channel", - "privilege": "CreateChannel", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new live source on the source location with the specified source location name", - "privilege": "CreateLiveSource", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } @@ -161716,48 +185531,14 @@ }, { "access_level": "Write", - "description": "Grants permission to create a prefetch schedule for the playback configuration with the specified playback configuration name", - "privilege": "CreatePrefetchSchedule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "playbackConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new program on the channel with the specified channel name", - "privilege": "CreateProgram", + "description": "Grants permission to create a workflow based on the selected template", + "privilege": "CreateWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new source location", - "privilege": "CreateSourceLocation", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new VOD source on the source location with the specified source location name", - "privilege": "CreateVodSource", - "resource_types": [ + "resource_type": "template*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -161770,246 +185551,217 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the channel with the specified channel name", - "privilege": "DeleteChannel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete the IAM policy on the channel with the specified channel name", - "privilege": "DeleteChannelPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the live source with the specified live source name on the source location with the specified source location name", - "privilege": "DeleteLiveSource", + "description": "Grants permission to create a step under a workflow and a specific step group", + "privilege": "CreateWorkflowStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "liveSource*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the specified playback configuration", - "privilege": "DeletePlaybackConfiguration", + "description": "Grants permission to to create a custom step group for a given workflow", + "privilege": "CreateWorkflowStepGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "playbackConfiguration*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a prefetch schedule for a playback configuration with the specified prefetch schedule name", - "privilege": "DeletePrefetchSchedule", + "description": "Grants permission to delete a custom template", + "privilege": "DeleteTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "playbackConfiguration*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "prefetchSchedule*" + "resource_type": "template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the program with the specified program name on the channel with the specified channel name", - "privilege": "DeleteProgram", + "description": "Grants permission to a workflow", + "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "program*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the source location with the specified source location name", - "privilege": "DeleteSourceLocation", + "description": "Grants permission to delete a step from a specific step group under a workflow", + "privilege": "DeleteWorkflowStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sourceLocation*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the VOD source with the specified VOD source name on the source location with the specified source location name", - "privilege": "DeleteVodSource", + "description": "Grants permission to delete a step group associated with a workflow", + "privilege": "DeleteWorkflowStepGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vodSource*" + "resource_type": "workflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the channel with the specified channel name", - "privilege": "DescribeChannel", + "description": "Grants permission to the plugin to receive information from the service", + "privilege": "GetMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the live source with the specified live source name on the source location with the specified source location name", - "privilege": "DescribeLiveSource", + "description": "Grants permission to get retrieve metadata for a Template", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "liveSource*" + "resource_type": "template*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the program with the specified program name on the channel with the specified channel name", - "privilege": "DescribeProgram", + "description": "Grants permission to retrieve details of a step associated with a template and a step group", + "privilege": "GetTemplateStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "program*" + "resource_type": "template*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the source location with the specified source location name", - "privilege": "DescribeSourceLocation", + "description": "Grants permission to retrieve metadata of a step group under a template", + "privilege": "GetTemplateStepGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sourceLocation*" + "resource_type": "template*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the VOD source with the specified VOD source name on the source location with the specified source location name", - "privilege": "DescribeVodSource", + "description": "Grants permission to retrieve metadata asscociated with a workflow", + "privilege": "GetWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vodSource*" + "resource_type": "workflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to read the IAM policy on the channel with the specified channel name", - "privilege": "GetChannelPolicy", + "description": "Grants permission to get details of step associated with a workflow and a step group", + "privilege": "GetWorkflowStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "workflow*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the schedule of programs on the channel with the specified channel name", - "privilege": "GetChannelSchedule", + "description": "Grants permission to get details of a step group associated with a workflow", + "privilege": "GetWorkflowStepGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "workflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the configuration for the specified name", - "privilege": "GetPlaybackConfiguration", + "access_level": "List", + "description": "Grants permission to get a list all registered Plugins", + "privilege": "ListPlugins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "playbackConfiguration*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve prefetch schedule for a playback configuration with the specified prefetch schedule name", - "privilege": "GetPrefetchSchedule", + "description": "Grants permission to get a list of all the tags tied to a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "playbackConfiguration*" + "resource_type": "template*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "prefetchSchedule*" + "resource_type": "workflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the list of alerts on a resource", - "privilege": "ListAlerts", + "access_level": "List", + "description": "Grants permission to lists step groups of a template", + "privilege": "ListTemplateStepGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the list of existing channels", - "privilege": "ListChannels", + "access_level": "List", + "description": "Grants permission to get a list of steps in a step group", + "privilege": "ListTemplateSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the list of existing live sources on the source location with the specified source location name", - "privilege": "ListLiveSources", + "access_level": "List", + "description": "Grants permission to get a list of all Templates available to customer", + "privilege": "ListTemplates", "resource_types": [ { "condition_keys": [], @@ -162020,32 +185772,32 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve the list of available configurations", - "privilege": "ListPlaybackConfigurations", + "description": "Grants permission to get list of step groups associated with a workflow", + "privilege": "ListWorkflowStepGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve the list of prefetch schedules for a playback configuration", - "privilege": "ListPrefetchSchedules", + "description": "Grants permission to get a list of steps within step group associated with a workflow", + "privilege": "ListWorkflowSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "playbackConfiguration*" + "resource_type": "workflow*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the list of existing source locations", - "privilege": "ListSourceLocations", + "access_level": "List", + "description": "Grants permission to list all workflows", + "privilege": "ListWorkflows", "resource_types": [ { "condition_keys": [], @@ -162055,41 +185807,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags assigned to the specified playback configuration resource", - "privilege": "ListTagsForResource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "liveSource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "playbackConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sourceLocation" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "vodSource" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve the list of existing VOD sources on the source location with the specified source location name", - "privilege": "ListVodSources", + "access_level": "Write", + "description": "Grants permission to register the plugin to receive an ID and to start receiving messages from the service", + "privilege": "RegisterPlugin", "resource_types": [ { "condition_keys": [], @@ -162099,27 +185819,24 @@ ] }, { - "access_level": "Permissions management", - "description": "Grants permission to set the IAM policy on the channel with the specified channel name", - "privilege": "PutChannelPolicy", + "access_level": "Write", + "description": "Grants permission to retry a failed step within a workflow", + "privilege": "RetryWorkflowStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to add a new configuration", - "privilege": "PutPlaybackConfiguration", + "description": "Grants permission to the plugin to send information to the service", + "privilege": "SendMessage", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -162127,62 +185844,47 @@ }, { "access_level": "Write", - "description": "Grants permission to start the channel with the specified channel name", - "privilege": "StartChannel", + "description": "Grants permission to start a workflow or resume a stopped workflow", + "privilege": "StartWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop the channel with the specified channel name", - "privilege": "StopChannel", + "description": "Grants permission to stop a workflow", + "privilege": "StopWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "workflow*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to add tags to the specified playback configuration resource", + "description": "Grants permission to add tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "liveSource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "playbackConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sourceLocation" + "resource_type": "template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "vodSource" + "resource_type": "workflow" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -162191,37 +185893,21 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from the specified playback configuration resource", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "liveSource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "playbackConfiguration" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sourceLocation" + "resource_type": "template" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "vodSource" + "resource_type": "workflow" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -162231,436 +185917,298 @@ }, { "access_level": "Write", - "description": "Grants permission to update the channel with the specified channel name", - "privilege": "UpdateChannel", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the live source with the specified live source name on the source location with the specified source location name", - "privilege": "UpdateLiveSource", + "description": "Grants permission to update a custom template", + "privilege": "UpdateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "liveSource*" + "resource_type": "template*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the program with the specified program name on the channel with the specified channel name", - "privilege": "UpdateProgram", + "description": "Grants permission to update the metadata associated with the workflow", + "privilege": "UpdateWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "program*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the source location with the specified source location name", - "privilege": "UpdateSourceLocation", + "description": "Grants permission to update metadata and status of a custom step within a workflow", + "privilege": "UpdateWorkflowStep", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sourceLocation*" + "resource_type": "workflow*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the VOD source with the specified VOD source name on the source location with the specified source location name", - "privilege": "UpdateVodSource", + "description": "Grants permission to update metadata associated with a step group in a given workflow", + "privilege": "UpdateWorkflowStepGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "vodSource*" + "resource_type": "workflow*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:playbackConfiguration/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "playbackConfiguration" - }, - { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:prefetchSchedule/${ResourceId}", - "condition_keys": [], - "resource": "prefetchSchedule" - }, - { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:channel/${ChannelName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:program/${ChannelName}/${ProgramName}", - "condition_keys": [], - "resource": "program" - }, - { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:sourceLocation/${SourceLocationName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "sourceLocation" - }, - { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:vodSource/${SourceLocationName}/${VodSourceName}", + "arn": "arn:${Partition}:migrationhub-orchestrator:${Region}:${Account}:workflow/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "vodSource" + "resource": "workflow" }, { - "arn": "arn:${Partition}:mediatailor:${Region}:${Account}:liveSource/${SourceLocationName}/${LiveSourceName}", + "arn": "arn:${Partition}:migrationhub-orchestrator:${Region}:${Account}:template/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "liveSource" + "resource": "template" } ], - "service_name": "AWS Elemental MediaTailor" + "service_name": "AWS Migration Hub Orchestrator" }, { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "memorydb", + "conditions": [], + "prefix": "migrationhub-strategy", "privileges": [ { - "access_level": "Write", - "description": "Grants permissions to apply service updates", - "privilege": "BatchUpdateCluster", + "access_level": "Read", + "description": "Grants permission to get details of each anti pattern that collector should look at in a customer's environment", + "privilege": "GetAntiPattern", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "s3:GetObject" - ], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Allows an IAM user or role to connect as a specified MemoryDB user to a node in a cluster", - "privilege": "Connect", + "access_level": "Read", + "description": "Grants permission to get details of an application", + "privilege": "GetApplicationComponentDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a list of all recommended strategies and tools for an application running in a server", + "privilege": "GetApplicationComponentStrategies", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to make a copy of an existing snapshot", - "privilege": "CopySnapshot", + "access_level": "Read", + "description": "Grants permission to retrieve status of an on-going assessment", + "privilege": "GetAssessment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "memorydb:TagResource", - "s3:DeleteObject", - "s3:GetBucketAcl", - "s3:PutObject" - ], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a new access control list", - "privilege": "CreateAcl", + "access_level": "Read", + "description": "Grants permission to get details of a specific import task", + "privilege": "GetImportFileTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "memorydb:TagResource" - ], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a cluster", - "privilege": "CreateCluster", + "access_level": "Read", + "description": "Grants permission to retrieve the latest assessment id", + "privilege": "GetLatestAssessmentId", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "memorydb:TagResource", - "s3:GetObject" - ], - "resource_type": "acl*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to the collector to receive information from the service", + "privilege": "GetMessage", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve customer migration/Modernization preferences", + "privilege": "GetPortfolioPreferences", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a new parameter group", - "privilege": "CreateParameterGroup", + "access_level": "Read", + "description": "Grants permission to retrieve overall summary (number-of servers to rehost etc as well as overall number of anti patterns)", + "privilege": "GetPortfolioSummary", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "memorydb:TagResource" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a backup of a cluster at the current point in time", - "privilege": "CreateSnapshot", + "access_level": "Read", + "description": "Grants permission to retrieve detailed information about a recommendation report", + "privilege": "GetRecommendationReportDetails", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "memorydb:TagResource", - "s3:DeleteObject", - "s3:GetBucketAcl", - "s3:PutObject" - ], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a new subnet group", - "privilege": "CreateSubnetGroup", + "access_level": "Read", + "description": "Grants permission to get info about a specific server", + "privilege": "GetServerDetails", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "memorydb:TagResource" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to create a new user", - "privilege": "CreateUser", + "access_level": "Read", + "description": "Grants permission to get recommended strategies and tools for a specific server", + "privilege": "GetServerStrategies", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "memorydb:TagResource" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to delete an access control list", - "privilege": "DeleteAcl", + "access_level": "List", + "description": "Grants permission to get a list of all analyzable servers in a customer's vcenter environment", + "privilege": "ListAnalyzableServers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to delete a previously provisioned cluster", - "privilege": "DeleteCluster", + "access_level": "List", + "description": "Grants permission to get a list of all anti patterns that collector should look for in a customer's environment", + "privilege": "ListAntiPatterns", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "cluster*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all applications running on servers on customer's servers", + "privilege": "ListApplicationComponents", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to delete a parameter group", - "privilege": "DeleteParameterGroup", + "access_level": "List", + "description": "Grants permission to get a list of all collectors installed by the customer", + "privilege": "ListCollectors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get list of all imports performed by the customer", + "privilege": "ListImportFileTask", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permissions to delete a snapshot", - "privilege": "DeleteSnapshot", + "access_level": "List", + "description": "Grants permission to get a list of binaries that collector should assess", + "privilege": "ListJarArtifacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of all servers in a customer's environment", + "privilege": "ListServers", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -162668,24 +186216,11 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a subnet group", - "privilege": "DeleteSubnetGroup", + "description": "Grants permission to the collector to send logs to the service", + "privilege": "PutLogData", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "subnetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -162693,65 +186228,44 @@ }, { "access_level": "Write", - "description": "Grants permissions to delete a user", - "privilege": "DeleteUser", + "description": "Grants permission to the collector to send metrics to the service", + "privilege": "PutMetricData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve information about access control lists", - "privilege": "DescribeAcls", + "access_level": "Write", + "description": "Grants permission to save customer's Migration/Modernization preferences", + "privilege": "PutPortfolioPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve information about all provisioned clusters if no cluster identifier is specified, or about a specific cluster if a cluster identifier is supplied", - "privilege": "DescribeClusters", + "access_level": "Write", + "description": "Grants permission to register the collector to receive an ID and to start receiving messages from the service", + "privilege": "RegisterCollector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to list of the available engines and their versions", - "privilege": "DescribeEngineVersions", + "access_level": "Write", + "description": "Grants permission to the collector to send information to the service", + "privilege": "SendMessage", "resource_types": [ { "condition_keys": [], @@ -162761,9 +186275,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve events related to clusters, subnet groups, and parameter groups", - "privilege": "DescribeEvents", + "access_level": "Write", + "description": "Grants permission to start assessment in a customer's environment (collect data from all servers and provide recommendations)", + "privilege": "StartAssessment", "resource_types": [ { "condition_keys": [], @@ -162773,66 +186287,57 @@ ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve information about parameter groups", - "privilege": "DescribeParameterGroups", + "access_level": "Write", + "description": "Grants permission to start importing data from a file provided by customer", + "privilege": "StartImportFileTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start generating a recommendation report", + "privilege": "StartRecommendationReportGeneration", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve a detailed parameter list for a particular parameter group", - "privilege": "DescribeParameters", + "access_level": "Write", + "description": "Grants permission to stop an on-going assessment", + "privilege": "StopAssessment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve reserved nodes", - "privilege": "DescribeReservedNodes", + "access_level": "Write", + "description": "Grants permission to update details for an application", + "privilege": "UpdateApplicationComponentConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reservednode*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve reserved nodes offerings", - "privilege": "DescribeReservedNodesOfferings", + "access_level": "Write", + "description": "Grants permission to the collector to send configuration information to the service", + "privilege": "UpdateCollectorConfiguration", "resource_types": [ { "condition_keys": [], @@ -162842,9 +186347,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve details of the service updates", - "privilege": "DescribeServiceUpdates", + "access_level": "Write", + "description": "Grants permission to update info on a server along with the recommended strategy", + "privilege": "UpdateServerConfig", "resource_types": [ { "condition_keys": [], @@ -162852,82 +186357,89 @@ "resource_type": "" } ] - }, + } + ], + "resources": [], + "service_name": "AWS Migration Hub Strategy Recommendations" + }, + { + "conditions": [], + "prefix": "mobileanalytics", + "privileges": [ { "access_level": "Read", - "description": "Grants permissions to retrieve information about cluster snapshots", - "privilege": "DescribeSnapshots", + "description": "Grant access to financial metrics for an app", + "privilege": "GetFinancialReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "snapshot*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permissions to retrieve a list of subnet group", - "privilege": "DescribeSubnetGroups", + "description": "Grant access to standard metrics for an app", + "privilege": "GetReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permissions to retrieve information about users", - "privilege": "DescribeUsers", + "access_level": "Write", + "description": "The PutEvents operation records one or more events", + "privilege": "PutEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "Amazon Mobile Analytics" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a key that is present in the request the user makes to the pinpoint service", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the list of all the tag key names present in the request the user makes to the pinpoint service", + "type": "ArrayOfString" + } + ], + "prefix": "mobiletargeting", + "privileges": [ { "access_level": "Write", - "description": "Grants permissions to test automatic failover on a specified shard in a cluster", - "privilege": "FailoverShard", + "description": "Grants permission to create an app", + "privilege": "CreateApp", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "cluster*" + "dependent_actions": [], + "resource_type": "apps*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -162936,17 +186448,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permissions to list available node type updates", - "privilege": "ListAllowedNodeTypeUpdates", + "access_level": "Write", + "description": "Grants permission to create a campaign for an app", + "privilege": "CreateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" + "resource_type": "app*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -162955,42 +186469,19 @@ ] }, { - "access_level": "Read", - "description": "Grants permissions to list cost allocation tags", - "privilege": "ListTags", + "access_level": "Write", + "description": "Grants permission to create an email template", + "privilege": "CreateEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "parametergroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subnetgroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" + "resource_type": "template*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -163000,90 +186491,42 @@ }, { "access_level": "Write", - "description": "Grants permissions to purchase a new reserved node", - "privilege": "PurchaseReservedNodesOffering", + "description": "Grants permission to create an export job that exports endpoint definitions to Amazon S3", + "privilege": "CreateExportJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "memorydb:TagResource" - ], - "resource_type": "reservednode*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { "access_level": "Write", - "description": "Grants permissions to modify the parameters of a parameter group to the engine or system default value", - "privilege": "ResetParameterGroup", + "description": "Grants permission to import endpoint definitions from to create a segment", + "privilege": "CreateImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { - "access_level": "Tagging", - "description": "Grants permissions to add up to 10 cost allocation tags to the named resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create an in-app message template", + "privilege": "CreateInAppTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "parametergroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "reservednode" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subnetgroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" + "resource_type": "template*" }, { "condition_keys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -163092,42 +186535,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permissions to remove the tags identified by the TagKeys list from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a Journey for an app", + "privilege": "CreateJourney", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "cluster" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "parametergroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "snapshot" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "subnetgroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user" + "resource_type": "journeys*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], @@ -163138,21 +186557,18 @@ }, { "access_level": "Write", - "description": "Grants permissions to update an access control list", - "privilege": "UpdateAcl", + "description": "Grants permission to create a push notification template", + "privilege": "CreatePushTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" + "resource_type": "template*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -163162,32 +186578,30 @@ }, { "access_level": "Write", - "description": "Grants permissions to update the settings for a cluster", - "privilege": "UpdateCluster", + "description": "Grants permission to create an Amazon Pinpoint configuration for a recommender model", + "privilege": "CreateRecommenderConfiguration", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "resource_type": "cluster*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "acl" - }, + "resource_type": "recommenders*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a segment that is based on endpoint data reported to Pinpoint by your app. To allow a user to create a segment by importing endpoint data from outside of Pinpoint, allow the mobiletargeting:CreateImportJob action", + "privilege": "CreateSegment", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup" + "resource_type": "app*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -163197,16 +186611,18 @@ }, { "access_level": "Write", - "description": "Grants permissions to update parameters in a parameter group", - "privilege": "UpdateParameterGroup", + "description": "Grants permission to create an sms message template", + "privilege": "CreateSmsTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "parametergroup*" + "resource_type": "template*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -163216,16 +186632,18 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a subnet group", - "privilege": "UpdateSubnetGroup", + "description": "Grants permission to create a voice message template", + "privilege": "CreateVoiceTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "subnetgroup*" + "resource_type": "template*" }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -163235,1350 +186653,1313 @@ }, { "access_level": "Write", - "description": "Grants permissions to update a user", - "privilege": "UpdateUser", + "description": "Grants permission to delete the ADM channel for an app", + "privilege": "DeleteAdmChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:parametergroup/${ParameterGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "parametergroup" - }, - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:subnetgroup/${SubnetGroupName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "subnetgroup" - }, - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:cluster/${ClusterName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "cluster" - }, - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:snapshot/${SnapshotName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "snapshot" - }, - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:user/${UserName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "user" }, - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:acl/${AclName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "acl" - }, - { - "arn": "arn:${Partition}:memorydb:${Region}:${Account}:reservednode/${ReservationID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "reservednode" - } - ], - "service_name": "Amazon MemoryDB" - }, - { - "conditions": [], - "prefix": "mgh", - "privileges": [ { "access_level": "Write", - "description": "Associate a given AWS artifact to a MigrationTask", - "privilege": "AssociateCreatedArtifact", + "description": "Grants permission to delete the APNs channel for an app", + "privilege": "DeleteApnsChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Associate a given ADS resource to a MigrationTask", - "privilege": "AssociateDiscoveredResource", + "description": "Grants permission to delete the APNs sandbox channel for an app", + "privilege": "DeleteApnsSandboxChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Create a Migration Hub Home Region Control", - "privilege": "CreateHomeRegionControl", + "description": "Grants permission to delete the APNs VoIP channel for an app", + "privilege": "DeleteApnsVoipChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Create a ProgressUpdateStream", - "privilege": "CreateProgressUpdateStream", + "description": "Grants permission to delete the APNs VoIP sandbox channel for an app", + "privilege": "DeleteApnsVoipSandboxChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "progressUpdateStream*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Delete a ProgressUpdateStream", - "privilege": "DeleteProgressUpdateStream", + "description": "Grants permission to delete a specific campaign", + "privilege": "DeleteApp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "progressUpdateStream*" + "resource_type": "app*" } ] }, { - "access_level": "Read", - "description": "Get an Application Discovery Service Application's state", - "privilege": "DescribeApplicationState", + "access_level": "Write", + "description": "Grants permission to delete the Baidu channel for an app", + "privilege": "DeleteBaiduChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "List Home Region Controls", - "privilege": "DescribeHomeRegionControls", + "access_level": "Write", + "description": "Grants permission to delete a specific campaign", + "privilege": "DeleteCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Describe a MigrationTask", - "privilege": "DescribeMigrationTask", + "access_level": "Write", + "description": "Grants permission to delete the email channel for an app", + "privilege": "DeleteEmailChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Disassociate a given AWS artifact from a MigrationTask", - "privilege": "DisassociateCreatedArtifact", + "description": "Grants permission to delete an email template or an email template version", + "privilege": "DeleteEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "template*" } ] }, { "access_level": "Write", - "description": "Disassociate a given ADS resource from a MigrationTask", - "privilege": "DisassociateDiscoveredResource", + "description": "Grants permission to delete an endpoint", + "privilege": "DeleteEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "endpoint*" } ] }, { - "access_level": "Read", - "description": "Get the Migration Hub Home Region", - "privilege": "GetHomeRegion", + "access_level": "Write", + "description": "Grants permission to delete the event stream for an app", + "privilege": "DeleteEventStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-stream*" } ] }, { "access_level": "Write", - "description": "Import a MigrationTask", - "privilege": "ImportMigrationTask", + "description": "Grants permission to delete the GCM channel for an app", + "privilege": "DeleteGcmChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "List Application statuses", - "privilege": "ListApplicationStates", + "access_level": "Write", + "description": "Grants permission to delete an in-app message template or an in-app message template version", + "privilege": "DeleteInAppTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { - "access_level": "List", - "description": "List associated created artifacts for a MigrationTask", - "privilege": "ListCreatedArtifacts", + "access_level": "Write", + "description": "Grants permission to delete a specific journey", + "privilege": "DeleteJourney", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "journey*" } ] }, { - "access_level": "List", - "description": "List associated ADS resources from MigrationTask", - "privilege": "ListDiscoveredResources", + "access_level": "Write", + "description": "Grants permission to delete a push notification template or a push notification template version", + "privilege": "DeletePushTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "template*" } ] }, { - "access_level": "List", - "description": "List MigrationTasks", - "privilege": "ListMigrationTasks", + "access_level": "Write", + "description": "Grants permission to delete an Amazon Pinpoint configuration for a recommender model", + "privilege": "DeleteRecommenderConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "recommender*" } ] }, { - "access_level": "List", - "description": "List ProgressUpdateStreams", - "privilege": "ListProgressUpdateStreams", + "access_level": "Write", + "description": "Grants permission to delete a specific segment", + "privilege": "DeleteSegment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "segment*" } ] }, { "access_level": "Write", - "description": "Update an Application Discovery Service Application's state", - "privilege": "NotifyApplicationState", + "description": "Grants permission to delete the SMS channel for an app", + "privilege": "DeleteSmsChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Notify latest MigrationTask state", - "privilege": "NotifyMigrationTaskState", + "description": "Grants permission to delete an sms message template or an sms message template version", + "privilege": "DeleteSmsTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "template*" } ] }, { "access_level": "Write", - "description": "Put ResourceAttributes", - "privilege": "PutResourceAttributes", + "description": "Grants permission to delete all of the endpoints that are associated with a user ID", + "privilege": "DeleteUserEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "migrationTask*" + "resource_type": "user*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mgh:${Region}:${Account}:progressUpdateStream/${Stream}", - "condition_keys": [], - "resource": "progressUpdateStream" - }, - { - "arn": "arn:${Partition}:mgh:${Region}:${Account}:progressUpdateStream/${Stream}/migrationTask/${Task}", - "condition_keys": [], - "resource": "migrationTask" - } - ], - "service_name": "AWS Migration Hub" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by presence of tag keys in the request", - "type": "ArrayOfString" }, - { - "condition": "mgn:CreateAction", - "description": "Filters access by the name of a resource-creating API action", - "type": "String" - } - ], - "prefix": "mgn", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to archive an application", - "privilege": "ArchiveApplication", + "description": "Grants permission to delete the Voice channel for an app", + "privilege": "DeleteVoiceChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to archive a wave", - "privilege": "ArchiveWave", + "description": "Grants permission to delete a voice message template or a voice message template version", + "privilege": "DeleteVoiceTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WaveResource*" + "resource_type": "template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate applications to a wave", - "privilege": "AssociateApplications", + "access_level": "Read", + "description": "Grants permission to retrieve information about the Amazon Device Messaging (ADM) channel for an app", + "privilege": "GetAdmChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource*" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the APNs channel for an app", + "privilege": "GetApnsChannel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WaveResource*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate source servers to an application", - "privilege": "AssociateSourceServers", + "access_level": "Read", + "description": "Grants permission to retrieve information about the APNs sandbox channel for an app", + "privilege": "GetApnsSandboxChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource*" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the APNs VoIP channel for an app", + "privilege": "GetApnsVoipChannel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create volume snapshot group", - "privilege": "BatchCreateVolumeSnapshotGroupForMgn", + "access_level": "Read", + "description": "Grants permission to retrieve information about the APNs VoIP sandbox channel for an app", + "privilege": "GetApnsVoipSandboxChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch delete snapshot request", - "privilege": "BatchDeleteSnapshotRequestForMgn", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific app in your Amazon Pinpoint account", + "privilege": "GetApp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { - "access_level": "Write", - "description": "Grants permission to change source server life cycle state", - "privilege": "ChangeServerLifeCycleState", + "access_level": "Read", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard metric that applies to an application", + "privilege": "GetApplicationDateRangeKpi", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "application-metrics*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an application", - "privilege": "CreateApplication", + "access_level": "List", + "description": "Grants permission to retrieve the default settings for an app", + "privilege": "GetApplicationSettings", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create launch configuration template", - "privilege": "CreateLaunchConfigurationTemplate", + "access_level": "Read", + "description": "Grants permission to retrieve a list of apps in your Amazon Pinpoint account", + "privilege": "GetApps", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "apps*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create replication configuration template", - "privilege": "CreateReplicationConfigurationTemplate", + "access_level": "Read", + "description": "Grants permission to retrieve information about the Baidu channel for an app", + "privilege": "GetBaiduChannel", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create vcenter client", - "privilege": "CreateVcenterClientForMgn", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific campaign", + "privilege": "GetCampaign", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a wave", - "privilege": "CreateWave", + "access_level": "List", + "description": "Grants permission to retrieve information about the activities performed by a campaign", + "privilege": "GetCampaignActivities", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an application", - "privilege": "DeleteApplication", + "access_level": "Read", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard metric that applies to a campaign", + "privilege": "GetCampaignDateRangeKpi", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource*" + "resource_type": "campaign-metrics*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete job", - "privilege": "DeleteJob", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific campaign version", + "privilege": "GetCampaignVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobResource*" + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete launch configuration template", - "privilege": "DeleteLaunchConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to retrieve information about the current and prior versions of a campaign", + "privilege": "GetCampaignVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete replication configuration template", - "privilege": "DeleteReplicationConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to retrieve information about all campaigns for an app", + "privilege": "GetCampaigns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource*" + "resource_type": "app*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete source server", - "privilege": "DeleteSourceServer", + "access_level": "List", + "description": "Grants permission to get all channels information for your app", + "privilege": "GetChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channels*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete vcenter client", - "privilege": "DeleteVcenterClient", + "access_level": "Read", + "description": "Grants permission to obtain information about the email channel in an app", + "privilege": "GetEmailChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource*" + "resource_type": "channel*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a wave", - "privilege": "DeleteWave", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific or the active version of an email template", + "privilege": "GetEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WaveResource*" + "resource_type": "template*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe job log items", - "privilege": "DescribeJobLogItems", + "description": "Grants permission to retrieve information about a specific endpoint", + "privilege": "GetEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "JobResource*" + "resource_type": "endpoint*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe jobs", - "privilege": "DescribeJobs", + "access_level": "Read", + "description": "Grants permission to retrieve information about the event stream for an app", + "privilege": "GetEventStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-stream*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe launch configuration template", - "privilege": "DescribeLaunchConfigurationTemplates", + "access_level": "Read", + "description": "Grants permission to obtain information about a specific export job", + "privilege": "GetExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "export-job*" } ] }, { "access_level": "List", - "description": "Grants permission to describe replication configuration template", - "privilege": "DescribeReplicationConfigurationTemplates", + "description": "Grants permission to retrieve a list of all of the export jobs for an app", + "privilege": "GetExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe replication server associations", - "privilege": "DescribeReplicationServerAssociationsForMgn", + "description": "Grants permission to retrieve information about the GCM channel for an app", + "privilege": "GetGcmChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe snapshots requests", - "privilege": "DescribeSnapshotRequestsForMgn", + "description": "Grants permission to retrieve information about a specific import job", + "privilege": "GetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "import-job*" } ] }, { "access_level": "List", - "description": "Grants permission to describe source servers", - "privilege": "DescribeSourceServers", + "description": "Grants permission to retrieve information about all import jobs for an app", + "privilege": "GetImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe vcenter clients", - "privilege": "DescribeVcenterClients", + "access_level": "Read", + "description": "Grants permission to retrive in-app messages for the given endpoint id", + "privilege": "GetInAppMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate applications from a wave", - "privilege": "DisassociateApplications", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific or the active version of an in-app message template", + "privilege": "GetInAppTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource*" - }, + "resource_type": "template*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific journey", + "privilege": "GetJourney", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WaveResource*" + "resource_type": "journey*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate source servers from an application", - "privilege": "DisassociateSourceServers", + "access_level": "Read", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard engagement metric that applies to a journey", + "privilege": "GetJourneyDateRangeKpi", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource*" - }, + "resource_type": "journey-metrics*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey activity", + "privilege": "GetJourneyExecutionActivityMetrics", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "journey-execution-activity-metrics*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disconnect source server from service", - "privilege": "DisconnectFromService", + "access_level": "Read", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey", + "privilege": "GetJourneyExecutionMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "journey-execution-metrics*" } ] }, { - "access_level": "Write", - "description": "Grants permission to finalize cutover", - "privilege": "FinalizeCutover", + "access_level": "Read", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey activity for a single journey run", + "privilege": "GetJourneyRunExecutionActivityMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "journey*" } ] }, { "access_level": "Read", - "description": "Grants permission to get agent command", - "privilege": "GetAgentCommandForMgn", + "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey for a single journey run", + "privilege": "GetJourneyRunExecutionMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "journey*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent confirmed resume info", - "privilege": "GetAgentConfirmedResumeInfoForMgn", + "access_level": "List", + "description": "Grants permission to retrieve information about all journey runs for a journey", + "privilege": "GetJourneyRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "journey*" } ] }, { "access_level": "Read", - "description": "Grants permission to get agent installation assets", - "privilege": "GetAgentInstallationAssetsForMgn", + "description": "Grants permission to retrieve information about a specific or the active version of an push notification template", + "privilege": "GetPushTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { "access_level": "Read", - "description": "Grants permission to get agent replication info", - "privilege": "GetAgentReplicationInfoForMgn", + "description": "Grants permission to retrieve information about an Amazon Pinpoint configuration for a recommender model", + "privilege": "GetRecommenderConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "recommender*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get agent runtime configuration", - "privilege": "GetAgentRuntimeConfigurationForMgn", + "access_level": "List", + "description": "Grants permission to retrieve information about all the recommender model configurations that are associated with an Amazon Pinpoint account", + "privilege": "GetRecommenderConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "recommenders*" } ] }, { "access_level": "Read", - "description": "Grants permission to get agent snapshots credits", - "privilege": "GetAgentSnapshotCreditsForMgn", + "description": "Grants permission to mobiletargeting:GetReports", + "privilege": "GetReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "reports*" } ] }, { "access_level": "Read", - "description": "Grants permission to get channel commands", - "privilege": "GetChannelCommandsForMgn", + "description": "Grants permission to retrieve information about a specific segment", + "privilege": "GetSegment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "segment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get launch configuration", - "privilege": "GetLaunchConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve information about jobs that export endpoint definitions from segments to Amazon S3", + "privilege": "GetSegmentExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "segment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get replication configuration", - "privilege": "GetReplicationConfiguration", + "access_level": "List", + "description": "Grants permission to retrieve information about jobs that create segments by importing endpoint definitions from", + "privilege": "GetSegmentImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "segment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get vcenter client commands", - "privilege": "GetVcenterClientCommandsForMgn", + "description": "Grants permission to retrieve information about a specific segment version", + "privilege": "GetSegmentVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource*" + "resource_type": "segment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to initialize service", - "privilege": "InitializeService", + "access_level": "List", + "description": "Grants permission to retrieve information about the current and prior versions of a segment", + "privilege": "GetSegmentVersions", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:AddRoleToInstanceProfile", - "iam:CreateInstanceProfile", - "iam:CreateServiceLinkedRole", - "iam:GetInstanceProfile" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "segment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to issue a client certificate", - "privilege": "IssueClientCertificateForMgn", + "access_level": "List", + "description": "Grants permission to retrieve information about the segments for an app", + "privilege": "GetSegments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource" + "resource_type": "app*" } ] }, { - "access_level": "List", - "description": "Grants permission to list application summaries", - "privilege": "ListApplications", + "access_level": "Read", + "description": "Grants permission to obtain information about the SMS channel in an app", + "privilege": "GetSmsChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the errors of an export task", - "privilege": "ListExportErrors", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific or the active version of an sms message template", + "privilege": "GetSmsTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ExportResource*" + "resource_type": "template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list export tasks", - "privilege": "ListExports", + "access_level": "Read", + "description": "Grants permission to retrieve information about the endpoints that are associated with a user ID", + "privilege": "GetUserEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "user*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the errors of an import task", - "privilege": "ListImportErrors", + "access_level": "Read", + "description": "Grants permission to obtain information about the Voice channel in an app", + "privilege": "GetVoiceChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ImportResource*" + "resource_type": "channel*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the import tasks", - "privilege": "ListImports", + "access_level": "Read", + "description": "Grants permission to retrieve information about a specific or the active version of a voice message template", + "privilege": "GetVoiceTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { "access_level": "List", - "description": "Grants permission to list managed accounts", - "privilege": "ListManagedAccounts", + "description": "Grants permission to retrieve information about all journeys for an app", + "privilege": "ListJourneys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "app*" } ] }, { - "access_level": "List", - "description": "Grants permission to list source server action documents", - "privilege": "ListSourceServerActions", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "journey" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "segment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to retrieve all versions about a specific template", + "privilege": "ListTemplateVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "template*" } ] }, { "access_level": "List", - "description": "Grants permission to list launch configuration template action documents", - "privilege": "ListTemplateActions", + "description": "Grants permission to retrieve metadata about the queried templates", + "privilege": "ListTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "templates*" } ] }, { - "access_level": "List", - "description": "Grants permission to list wave summaries", - "privilege": "ListWaves", + "access_level": "Read", + "description": "Grants permission to obtain metadata for a phone number, such as the number type (mobile, landline, or VoIP), location, and provider", + "privilege": "PhoneNumberValidate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "phone-number-validate*" } ] }, { "access_level": "Write", - "description": "Grants permission to mark source server as archived", - "privilege": "MarkAsArchived", + "description": "Grants permission to create or update an event stream for an app", + "privilege": "PutEventStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "event-stream*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify agent authentication", - "privilege": "NotifyAgentAuthenticationForMgn", + "description": "Grants permission to create or update events for an app", + "privilege": "PutEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "events*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify agent is connected", - "privilege": "NotifyAgentConnectedForMgn", + "description": "Grants permission to remove the attributes for an app", + "privilege": "RemoveAttributes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "attribute*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify agent is disconnected", - "privilege": "NotifyAgentDisconnectedForMgn", + "description": "Grants permission to send an SMS message or push notification to specific endpoints", + "privilege": "SendMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "messages*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify agent replication progress", - "privilege": "NotifyAgentReplicationProgressForMgn", + "description": "Grants permission to send an OTP code to a user of your application", + "privilege": "SendOTPMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "otp*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify vcenter client started", - "privilege": "NotifyVcenterClientStartedForMgn", + "description": "Grants permission to send an SMS message or push notification to all endpoints that are associated with a specific user ID", + "privilege": "SendUsersMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource*" + "resource_type": "messages*" } ] }, { - "access_level": "Write", - "description": "Grants permission to pause replication", - "privilege": "PauseReplication", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "journey" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "segment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to put source server action document", - "privilege": "PutSourceServerAction", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "app" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "journey" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "segment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to put launch configuration template action document", - "privilege": "PutTemplateAction", + "description": "Grants permission to update the Amazon Device Messaging (ADM) channel for an app", + "privilege": "UpdateAdmChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to register agent", - "privilege": "RegisterAgentForMgn", + "description": "Grants permission to update the Apple Push Notification service (APNs) channel for an app", + "privilege": "UpdateApnsChannel", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove source server action document", - "privilege": "RemoveSourceServerAction", + "description": "Grants permission to update the Apple Push Notification service (APNs) sandbox channel for an app", + "privilege": "UpdateApnsSandboxChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to remove launch configuration template action document", - "privilege": "RemoveTemplateAction", + "description": "Grants permission to update the Apple Push Notification service (APNs) VoIP channel for an app", + "privilege": "UpdateApnsVoipChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to resume replication", - "privilege": "ResumeReplication", + "description": "Grants permission to update the Apple Push Notification service (APNs) VoIP sandbox channel for an app", + "privilege": "UpdateApnsVoipSandboxChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to retry replication", - "privilege": "RetryDataReplication", + "description": "Grants permission to update the default settings for an app", + "privilege": "UpdateApplicationSettings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "app*" } ] }, { "access_level": "Write", - "description": "Grants permission to send agent logs", - "privilege": "SendAgentLogsForMgn", + "description": "Grants permission to update the Baidu channel for an app", + "privilege": "UpdateBaiduChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to send agent metrics", - "privilege": "SendAgentMetricsForMgn", + "description": "Grants permission to update a specific campaign", + "privilege": "UpdateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "campaign*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send channel command result", - "privilege": "SendChannelCommandResultForMgn", + "description": "Grants permission to update the email channel for an app", + "privilege": "UpdateEmailChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to send client logs", - "privilege": "SendClientLogsForMgn", + "description": "Grants permission to update a specific email template under the same version or generate a new version", + "privilege": "UpdateEmailTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send client metrics", - "privilege": "SendClientMetricsForMgn", + "description": "Grants permission to create an endpoint or update the information for an endpoint", + "privilege": "UpdateEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "endpoint*" } ] }, { "access_level": "Write", - "description": "Grants permission to send vcenter client command result", - "privilege": "SendVcenterClientCommandResultForMgn", + "description": "Grants permission to create or update endpoints as a batch operation", + "privilege": "UpdateEndpointsBatch", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource*" + "resource_type": "app*" } ] }, { "access_level": "Write", - "description": "Grants permission to send vcenter client logs", - "privilege": "SendVcenterClientLogsForMgn", + "description": "Grants permission to update the Firebase Cloud Messaging (FCM) or Google Cloud Messaging (GCM) API key that allows to send push notifications to your Android app", + "privilege": "UpdateGcmChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource*" + "resource_type": "channel*" } ] }, { "access_level": "Write", - "description": "Grants permission to send vcenter client metrics", - "privilege": "SendVcenterClientMetricsForMgn", + "description": "Grants permission to update a specific in-app message template under the same version or generate a new version", + "privilege": "UpdateInAppTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource*" + "resource_type": "template*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start cutover", - "privilege": "StartCutover", + "description": "Grants permission to update a specific journey", + "privilege": "UpdateJourney", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:CreateSecurityGroup", - "ec2:CreateSnapshot", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteLaunchTemplateVersions", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyLaunchTemplate", - "ec2:ReportInstanceStatus", - "ec2:RevokeSecurityGroupEgress", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "iam:PassRole", - "mgn:ListTagsForResource" - ], - "resource_type": "SourceServerResource*" + "dependent_actions": [], + "resource_type": "journey*" }, { "condition_keys": [ @@ -164592,104 +187973,65 @@ }, { "access_level": "Write", - "description": "Grants permission to start an export task", - "privilege": "StartExport", + "description": "Grants permission to update a specific journey state", + "privilege": "UpdateJourneyState", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeLaunchTemplateVersions", - "mgn:DescribeSourceServers", - "mgn:GetLaunchConfiguration", - "mgn:ListApplications", - "mgn:ListWaves", - "s3:PutObject" + "dependent_actions": [], + "resource_type": "journey*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an import task", - "privilege": "StartImport", + "description": "Grants permission to update a specific push notification template under the same version or generate a new version", + "privilege": "UpdatePushTemplate", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:DescribeLaunchTemplateVersions", - "ec2:ModifyLaunchTemplate", - "mgn:DescribeSourceServers", - "mgn:GetLaunchConfiguration", - "mgn:ListApplications", - "mgn:ListWaves", - "mgn:TagResource", - "mgn:UpdateLaunchConfiguration", - "s3:PutObject" + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start replication", - "privilege": "StartReplication", + "description": "Grants permission to update an Amazon Pinpoint configuration for a recommender model", + "privilege": "UpdateRecommenderConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "recommender*" } ] }, { "access_level": "Write", - "description": "Grants permission to start test", - "privilege": "StartTest", + "description": "Grants permission to update a specific segment", + "privilege": "UpdateSegment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:CreateSecurityGroup", - "ec2:CreateSnapshot", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteLaunchTemplateVersions", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyLaunchTemplate", - "ec2:ReportInstanceStatus", - "ec2:RevokeSecurityGroupEgress", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "iam:PassRole", - "mgn:ListTagsForResource" - ], - "resource_type": "SourceServerResource*" + "dependent_actions": [], + "resource_type": "segment*" }, { "condition_keys": [ @@ -164703,60 +188045,73 @@ }, { "access_level": "Write", - "description": "Grants permission to stop replication", - "privilege": "StopReplication", + "description": "Grants permission to update the SMS channel for an app", + "privilege": "UpdateSmsChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "channel*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to assign a resource tag", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to update a specific sms message template under the same version or generate a new version", + "privilege": "UpdateSmsTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ApplicationResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "JobResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource" + "resource_type": "template*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the active version parameter of a specific template", + "privilege": "UpdateTemplateActiveVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource" - }, + "resource_type": "template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the Voice channel for an app", + "privilege": "UpdateVoiceChannel", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VcenterClientResource" - }, + "resource_type": "channel*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a specific voice message template under the same version or generate a new version", + "privilege": "UpdateVoiceTemplate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WaveResource" + "resource_type": "template*" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "mgn:CreateAction", "aws:TagKeys" ], "dependent_actions": [], @@ -164766,325 +188121,499 @@ }, { "access_level": "Write", - "description": "Grants permission to terminate target instances", - "privilege": "TerminateTargetInstances", + "description": "Grants permission to check the validity of One-Time Passwords (OTPs)", + "privilege": "VerifyOTPMessage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "verify-otp*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "app" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/*", + "condition_keys": [], + "resource": "apps" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/campaigns/${CampaignId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "campaign" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "journey" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys", + "condition_keys": [], + "resource": "journeys" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/segments/${SegmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "segment" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/${TemplateType}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "template" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:templates", + "condition_keys": [], + "resource": "templates" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:recommenders/${RecommenderId}", + "condition_keys": [], + "resource": "recommender" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:recommenders/*", + "condition_keys": [], + "resource": "recommenders" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:phone/number/validate", + "condition_keys": [], + "resource": "phone-number-validate" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/channels", + "condition_keys": [], + "resource": "channels" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/channels/${ChannelType}", + "condition_keys": [], + "resource": "channel" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/eventstream", + "condition_keys": [], + "resource": "event-stream" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/events", + "condition_keys": [], + "resource": "events" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/messages", + "condition_keys": [], + "resource": "messages" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/verify-otp", + "condition_keys": [], + "resource": "verify-otp" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/otp", + "condition_keys": [], + "resource": "otp" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/attributes/${AttributeType}", + "condition_keys": [], + "resource": "attribute" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/users/${UserId}", + "condition_keys": [], + "resource": "user" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/endpoints/${EndpointId}", + "condition_keys": [], + "resource": "endpoint" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/jobs/import/${JobId}", + "condition_keys": [], + "resource": "import-job" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/jobs/export/${JobId}", + "condition_keys": [], + "resource": "export-job" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/kpis/daterange/${KpiName}", + "condition_keys": [], + "resource": "application-metrics" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/campaigns/${CampaignId}/kpis/daterange/${KpiName}", + "condition_keys": [], + "resource": "campaign-metrics" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}/kpis/daterange/${KpiName}", + "condition_keys": [], + "resource": "journey-metrics" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}/execution-metrics", + "condition_keys": [], + "resource": "journey-execution-metrics" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}/activities/${JourneyActivityId}/execution-metrics", + "condition_keys": [], + "resource": "journey-execution-activity-metrics" + }, + { + "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:reports", + "condition_keys": [], + "resource": "reports" + } + ], + "service_name": "Amazon Pinpoint" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "monitron", + "privileges": [ + { + "access_level": "Permissions management", + "description": "Grants permission to associate a user with the project as an administrator", + "privilege": "AssociateProjectAdminUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ec2:DeleteVolume", - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "ec2:TerminateInstances" + "sso-directory:DescribeUsers", + "sso:AssociateProfile", + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListDirectoryAssociations", + "sso:ListProfileAssociations", + "sso:ListProfiles" ], - "resource_type": "SourceServerResource*" - }, + "resource_type": "project*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a project", + "privilege": "CreateProject", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:DescribeRegisteredRegions" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to unarchive an application", - "privilege": "UnarchiveApplication", + "access_level": "Permissions management", + "description": "Grants permission to associate a user with the project", + "privilege": "CreateProjectUserAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ApplicationResource*" + "dependent_actions": [ + "sso-directory:DescribeUsers", + "sso:AssociateProfile", + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListDirectoryAssociations", + "sso:ListProfileAssociations", + "sso:ListProfiles" + ], + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to unarchive a wave", - "privilege": "UnarchiveWave", + "access_level": "Permissions management", + "description": "Grants permission to associate an access role with the user", + "privilege": "CreateUserAccessRoleAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "WaveResource*" + "dependent_actions": [ + "sso-directory:DescribeUsers", + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListDirectoryAssociations", + "sso:ListProfileAssociations", + "sso:ListProfiles" + ], + "resource_type": "project*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a project", + "privilege": "DeleteProject", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ApplicationResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "JobResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "VcenterClientResource" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "WaveResource" - }, - { - "condition_keys": [ - "aws:TagKeys" + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent backlog", - "privilege": "UpdateAgentBacklogForMgn", + "access_level": "Permissions management", + "description": "Grants permission to disassociate a user from the project", + "privilege": "DeleteProjectUserAssociation", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "dependent_actions": [ + "sso-directory:DescribeUsers", + "sso:DisassociateProfile", + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListDirectoryAssociations", + "sso:ListProfiles" + ], + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent conversion info", - "privilege": "UpdateAgentConversionInfoForMgn", + "access_level": "Permissions management", + "description": "Grants permission to disassociate an access role from the user", + "privilege": "DeleteUserAccessRoleAssociation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent replication info", - "privilege": "UpdateAgentReplicationInfoForMgn", + "access_level": "Permissions management", + "description": "Grants permission to disassociate an administrator from the project", + "privilege": "DisassociateProjectAdminUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "dependent_actions": [ + "sso-directory:DescribeUsers", + "sso:DisassociateProfile", + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListDirectoryAssociations", + "sso:ListProfiles" + ], + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent replication process state", - "privilege": "UpdateAgentReplicationProcessStateForMgn", + "access_level": "Read", + "description": "Grants permission to get information about a project", + "privilege": "GetProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update agent source properties", - "privilege": "UpdateAgentSourcePropertiesForMgn", + "access_level": "Read", + "description": "Grants permission to describe an administrator who is associated with the project", + "privilege": "GetProjectAdminUser", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "dependent_actions": [ + "sso-directory:DescribeUsers", + "sso:GetManagedApplicationInstance", + "sso:ListProfileAssociations" + ], + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an application", - "privilege": "UpdateApplication", + "access_level": "Permissions management", + "description": "Grants permission to list all administrators associated with the project", + "privilege": "ListProjectAdminUsers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "ApplicationResource*" + "dependent_actions": [ + "sso-directory:DescribeUsers", + "sso:GetManagedApplicationInstance" + ], + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update launch configuration", - "privilege": "UpdateLaunchConfiguration", + "access_level": "List", + "description": "Grants permission to list all users associated with the project", + "privilege": "ListProjectUserAssociations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "SourceServerResource*" + "dependent_actions": [ + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListDirectoryAssociations", + "sso:ListProfileAssociations", + "sso:ListProfiles" + ], + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update launch configuration", - "privilege": "UpdateLaunchConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list all projects", + "privilege": "ListProjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "LaunchConfigurationTemplateResource*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update replication configuration", - "privilege": "UpdateReplicationConfiguration", + "access_level": "Read", + "description": "Grants permission to list all tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "project" } ] }, { - "access_level": "Write", - "description": "Grants permission to update replication configuration template", - "privilege": "UpdateReplicationConfigurationTemplate", + "access_level": "List", + "description": "Grants permission to list all access roles associated with the user", + "privilege": "ListUserAccessRoleAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ReplicationConfigurationTemplateResource*" + "resource_type": "project*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update source server replication type", - "privilege": "UpdateSourceServerReplicationType", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "SourceServerResource*" + "resource_type": "project" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a wave", - "privilege": "UpdateWave", + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "WaveResource*" + "resource_type": "project" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to verify client role", - "privilege": "VerifyClientRoleForMgn", + "access_level": "Write", + "description": "Grants permission to update a project", + "privilege": "UpdateProject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "project*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:job/${JobID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "JobResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ReplicationConfigurationTemplateResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:launch-configuration-template/${LaunchConfigurationTemplateID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "LaunchConfigurationTemplateResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:vcenter-client/${VcenterClientID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "VcenterClientResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:source-server/${SourceServerID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "SourceServerResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:application/${ApplicationID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ApplicationResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:wave/${WaveID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "WaveResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:import/${ImportID}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "ImportResource" - }, - { - "arn": "arn:${Partition}:mgn:${Region}:${Account}:export/${ExportID}", + "arn": "arn:${Partition}:monitron:${Region}:${Account}:project/${ResourceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "ExportResource" + "resource": "project" } ], - "service_name": "AWS Application Migration Service" + "service_name": "Amazon Monitron" }, { "conditions": [ @@ -165104,12 +188633,42 @@ "type": "ArrayOfString" } ], - "prefix": "migrationhub-orchestrator", + "prefix": "mq", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a workflow based on the selected template", - "privilege": "CreateWorkflow", + "description": "Grants permission to create a broker", + "privilege": "CreateBroker", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateSecurityGroup", + "ec2:CreateVpcEndpoint", + "ec2:DescribeInternetGateways", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "iam:CreateServiceLinkedRole", + "route53:AssociateVPCWithHostedZone" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and engine version)", + "privilege": "CreateConfiguration", "resource_types": [ { "condition_keys": [ @@ -165123,92 +188682,122 @@ }, { "access_level": "Write", - "description": "Grants permission to create a step under a workflow and a specific step group", - "privilege": "CreateWorkflowStep", + "description": "Grants permission to create a replica broker", + "privilege": "CreateReplicaBroker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers*" } ] }, { - "access_level": "Write", - "description": "Grants permission to to create a custom step group for a given workflow", - "privilege": "CreateWorkflowStepGroup", + "access_level": "Tagging", + "description": "Grants permission to create tags", + "privilege": "CreateTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurations" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to a workflow", - "privilege": "DeleteWorkflow", + "description": "Grants permission to create an ActiveMQ user", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a step from a specific step group under a workflow", - "privilege": "DeleteWorkflowStep", + "description": "Grants permission to delete a broker", + "privilege": "DeleteBroker", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "workflow*" + "dependent_actions": [ + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteVpcEndpoints", + "ec2:DetachNetworkInterface" + ], + "resource_type": "brokers*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a step group associated with a workflow", - "privilege": "DeleteWorkflowStepGroup", + "access_level": "Tagging", + "description": "Grants permission to delete tags", + "privilege": "DeleteTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configurations" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to the plugin to receive information from the service", - "privilege": "GetMessage", + "access_level": "Write", + "description": "Grants permission to delete an ActiveMQ user", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "brokers*" } ] }, { "access_level": "Read", - "description": "Grants permission to get retrieve metadata for a Template", - "privilege": "GetTemplate", + "description": "Grants permission to return information about the specified broker", + "privilege": "DescribeBroker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "brokers*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details of a step associated with a template and a step group", - "privilege": "GetTemplateStep", + "description": "Grants permission to return information about broker engines", + "privilege": "DescribeBrokerEngineTypes", "resource_types": [ { "condition_keys": [], @@ -165219,8 +188808,8 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve metadata of a step group under a template", - "privilege": "GetTemplateStepGroup", + "description": "Grants permission to return information about the broker instance options", + "privilege": "DescribeBrokerInstanceOptions", "resource_types": [ { "condition_keys": [], @@ -165231,44 +188820,44 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve metadata asscociated with a workflow", - "privilege": "GetWorkflow", + "description": "Grants permission to return information about the specified configuration", + "privilege": "DescribeConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "configurations*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details of step associated with a workflow and a step group", - "privilege": "GetWorkflowStep", + "description": "Grants permission to return the specified configuration revision for the specified configuration", + "privilege": "DescribeConfigurationRevision", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "configurations*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details of a step group associated with a workflow", - "privilege": "GetWorkflowStepGroup", + "description": "Grants permission to return information about an ActiveMQ user", + "privilege": "DescribeUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers*" } ] }, { "access_level": "List", - "description": "Grants permission to get a list all registered Plugins", - "privilege": "ListPlugins", + "description": "Grants permission to return a list of all brokers", + "privilege": "ListBrokers", "resource_types": [ { "condition_keys": [], @@ -165278,21 +188867,21 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of all the tags tied to a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to return a list of all existing revisions for the specified configuration", + "privilege": "ListConfigurationRevisions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "configurations*" } ] }, { "access_level": "List", - "description": "Grants permission to lists step groups of a template", - "privilege": "ListTemplateStepGroups", + "description": "Grants permission to return a list of all configurations", + "privilege": "ListConfigurations", "resource_types": [ { "condition_keys": [], @@ -165303,463 +188892,457 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of steps in a step group", - "privilege": "ListTemplateSteps", + "description": "Grants permission to return a list of tags", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to get a list of all Templates available to customer", - "privilege": "ListTemplates", - "resource_types": [ + "resource_type": "brokers" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "configurations" } ] }, { "access_level": "List", - "description": "Grants permission to get list of step groups associated with a workflow", - "privilege": "ListWorkflowStepGroups", + "description": "Grants permission to return a list of all ActiveMQ users", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of steps within step group associated with a workflow", - "privilege": "ListWorkflowSteps", + "access_level": "Write", + "description": "Grants permission to promote a broker", + "privilege": "Promote", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "brokers*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all workflows", - "privilege": "ListWorkflows", + "access_level": "Write", + "description": "Grants permission to reboot a broker", + "privilege": "RebootBroker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "brokers*" } ] }, { "access_level": "Write", - "description": "Grants permission to register the plugin to receive an ID and to start receiving messages from the service", - "privilege": "RegisterPlugin", + "description": "Grants permission to add a pending configuration change to a broker", + "privilege": "UpdateBroker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "brokers*" } ] }, { "access_level": "Write", - "description": "Grants permission to retry a failed step within a workflow", - "privilege": "RetryWorkflowStep", + "description": "Grants permission to update the specified configuration", + "privilege": "UpdateConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "configurations*" } ] }, { "access_level": "Write", - "description": "Grants permission to the plugin to send information to the service", - "privilege": "SendMessage", + "description": "Grants permission to update the information for an ActiveMQ user", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "brokers*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:mq:${Region}:${Account}:broker:${BrokerName}:${BrokerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "brokers" }, + { + "arn": "arn:${Partition}:mq:${Region}:${Account}:configuration:${ConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "configurations" + } + ], + "service_name": "Amazon MQ" + }, + { + "conditions": [ + { + "condition": "neptune-db:QueryLanguage", + "description": "Filters access by graph model", + "type": "String" + } + ], + "prefix": "neptune-db", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to start a workflow or resume a stopped workflow", - "privilege": "StartWorkflow", + "description": "Grants permission to cancel a loader job", + "privilege": "CancelLoaderJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a workflow", - "privilege": "StopWorkflow", + "description": "Grants permission to cancel an ML data processing job", + "privilege": "CancelMLDataProcessingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "database*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to cancel an ML model training job", + "privilege": "CancelMLModelTrainingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to cancel an ML model transform job", + "privilege": "CancelMLModelTransformJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the metadata associated with the workflow", - "privilege": "UpdateWorkflow", + "description": "Grants permission to cancel a query", + "privilege": "CancelQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to update metadata and status of a custom step within a workflow", - "privilege": "UpdateWorkflowStep", + "description": "Grants permission to create an ML endpoint", + "privilege": "CreateMLEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to update metadata associated with a step group in a given workflow", - "privilege": "UpdateWorkflowStepGroup", + "description": "Grants permission to run delete data via query APIs on database", + "privilege": "DeleteDataViaQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:migrationhub-orchestrator:${Region}:${Account}:workflow/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workflow" - } - ], - "service_name": "AWS Migration Hub Orchestrator" - }, - { - "conditions": [], - "prefix": "migrationhub-strategy", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to get details of each anti pattern that collector should look at in a customer's environment", - "privilege": "GetAntiPattern", - "resource_types": [ + "resource_type": "database*" + }, { - "condition_keys": [], + "condition_keys": [ + "neptune-db:QueryLanguage" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details of an application", - "privilege": "GetApplicationComponentDetails", + "access_level": "Write", + "description": "Grants permission to delete an ML endpoint", + "privilege": "DeleteMLEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a list of all recommended strategies and tools for an application running in a server", - "privilege": "GetApplicationComponentStrategies", + "access_level": "Write", + "description": "Grants permission to delete all the statistics in the database", + "privilege": "DeleteStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve status of an on-going assessment", - "privilege": "GetAssessment", + "description": "Grants permission to check the status of the Neptune engine", + "privilege": "GetEngineStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to get details of a specific import task", - "privilege": "GetImportFileTask", + "description": "Grants permission to get the graph summary from the database", + "privilege": "GetGraphSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the latest assessment id", - "privilege": "GetLatestAssessmentId", + "description": "Grants permission to check the status of a loader job", + "privilege": "GetLoaderJobStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to the collector to receive information from the service", - "privilege": "GetMessage", + "description": "Grants permission to check the status of an ML data processing job", + "privilege": "GetMLDataProcessingJobStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve customer migration/Modernization preferences", - "privilege": "GetPortfolioPreferences", + "description": "Grants permission to check the status of an ML endpoint", + "privilege": "GetMLEndpointStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve overall summary (number-of servers to rehost etc as well as overall number of anti patterns)", - "privilege": "GetPortfolioSummary", + "description": "Grants permission to check the status of an ML model training job", + "privilege": "GetMLModelTrainingJobStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve detailed information about a recommendation report", - "privilege": "GetRecommendationReportDetails", + "description": "Grants permission to check the status of an ML model transform job", + "privilege": "GetMLModelTransformJobStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Read", - "description": "Grants permission to get info about a specific server", - "privilege": "GetServerDetails", + "description": "Grants permission to check the status of all active queries", + "privilege": "GetQueryStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [ + "neptune-db:QueryLanguage" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get recommended strategies and tools for a specific server", - "privilege": "GetServerStrategies", + "description": "Grants permission to check the status of statistics of the database", + "privilege": "GetStatisticsStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of all anti patterns that collector should look for in a customer's environment", - "privilege": "ListAntiPatterns", + "access_level": "Read", + "description": "Grants permission to fetch stream records from Neptune", + "privilege": "GetStreamRecords", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [ + "neptune-db:QueryLanguage" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of all applications running on servers on customer's servers", - "privilege": "ListApplicationComponents", + "description": "Grants permission to list all the loader jobs", + "privilege": "ListLoaderJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of all collectors installed by the customer", - "privilege": "ListCollectors", + "description": "Grants permission to list all the ML data processing jobs", + "privilege": "ListMLDataProcessingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "List", - "description": "Grants permission to get list of all imports performed by the customer", - "privilege": "ListImportFileTask", + "description": "Grants permission to list all the ML endpoints", + "privilege": "ListMLEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of binaries that collector should assess", - "privilege": "ListJarArtifacts", + "description": "Grants permission to list all the ML model training jobs", + "privilege": "ListMLModelTrainingJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "List", - "description": "Grants permission to get a list of all servers in a customer's environment", - "privilege": "ListServers", + "description": "Grants permission to list all the ML model transform jobs", + "privilege": "ListMLModelTransformJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to save customer's Migration/Modernization preferences", - "privilege": "PutPortfolioPreferences", + "description": "Grants permission to manage statistics in the database", + "privilege": "ManageStatistics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register the collector to receive an ID and to start receiving messages from the service", - "privilege": "RegisterCollector", + "access_level": "Read", + "description": "Grants permission to run read data via query APIs on database", + "privilege": "ReadDataViaQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to the collector to send information to the service", - "privilege": "SendMessage", - "resource_types": [ + "resource_type": "database*" + }, { - "condition_keys": [], + "condition_keys": [ + "neptune-db:QueryLanguage" + ], "dependent_actions": [], "resource_type": "" } @@ -165767,183 +189350,176 @@ }, { "access_level": "Write", - "description": "Grants permission to start assessment in a customer's environment (collect data from all servers and provide recommendations)", - "privilege": "StartAssessment", + "description": "Grants permission to get the token needed for reset and resets the Neptune database", + "privilege": "ResetDatabase", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to start importing data from a file provided by customer", - "privilege": "StartImportFileTask", + "description": "Grants permission to start a loader job", + "privilege": "StartLoaderJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to start generating a recommendation report", - "privilege": "StartRecommendationReportGeneration", + "description": "Grants permission to start an ML data processing job", + "privilege": "StartMLDataProcessingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop an on-going assessment", - "privilege": "StopAssessment", + "description": "Grants permission to start an ML model training job", + "privilege": "StartMLModelTrainingJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to update details for an application", - "privilege": "UpdateApplicationComponentConfig", + "description": "Grants permission to start an ML model transform job", + "privilege": "StartMLModelTransformJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] }, { "access_level": "Write", - "description": "Grants permission to the collector to send configuration information to the service", - "privilege": "UpdateCollectorConfiguration", + "description": "Grants permission to run write data via query APIs on database", + "privilege": "WriteDataViaQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "database*" + }, + { + "condition_keys": [ + "neptune-db:QueryLanguage" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update info on a server along with the recommended strategy", - "privilege": "UpdateServerConfig", + "description": "Grants permission to all data-access actions in engine versions prior to 1.2.0.0", + "privilege": "connect", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "database*" } ] } ], - "resources": [], - "service_name": "AWS Migration Hub Strategy Recommendations" + "resources": [ + { + "arn": "arn:${Partition}:neptune-db:${Region}:${Account}:${RelativeId}/database", + "condition_keys": [], + "resource": "database" + } + ], + "service_name": "Amazon Neptune" }, { - "conditions": [], - "prefix": "mobileanalytics", - "privileges": [ + "conditions": [ { - "access_level": "Read", - "description": "Grant access to financial metrics for an app", - "privilege": "GetFinancialReports", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" }, { - "access_level": "Read", - "description": "Grant access to standard metrics for an app", - "privilege": "GetReports", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Write", - "description": "The PutEvents operation records one or more events", - "privilege": "PutEvents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" } ], - "resources": [], - "service_name": "Amazon Mobile Analytics" - }, - { - "conditions": [], - "prefix": "mobilehub", + "prefix": "neptune-graph", "privileges": [ { "access_level": "Write", - "description": "Create a project", - "privilege": "CreateProject", + "description": "Grants permission to cancel an ongoing import task", + "privilege": "CancelImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "import-task*" } ] }, { "access_level": "Write", - "description": "Enable AWS Mobile Hub in the account by creating the required service role", - "privilege": "CreateServiceRole", + "description": "Grants permission to cancel a query", + "privilege": "CancelQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Delete the specified project", - "privilege": "DeleteProject", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Delete a saved snapshot of project configuration", - "privilege": "DeleteProjectSnapshot", + "description": "Grants permission to create a new graph", + "privilege": "CreateGraph", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey" + ], + "resource_type": "graph*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -165951,83 +189527,96 @@ }, { "access_level": "Write", - "description": "Deploy changes to the specified stage", - "privilege": "DeployToStage", + "description": "Grants permission to create a new snapshot from an existing graph", + "privilege": "CreateGraphSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Describe the download bundle", - "privilege": "DescribeBundle", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Export the download bundle", - "privilege": "ExportBundle", + "access_level": "Write", + "description": "Grants permission to create a new graph while importing data into the new graph", + "privilege": "CreateGraphUsingImportTask", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey" + ], + "resource_type": "import-task*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Export the project configuration", - "privilege": "ExportProject", + "access_level": "Write", + "description": "Grants permission to create a new private graph endpoint to access the graph from within a vpc", + "privilege": "CreatePrivateGraphEndpoint", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Generate project parameters required for code generation", - "privilege": "GenerateProjectParameters", - "resource_types": [ + "dependent_actions": [ + "ec2:CreateVpcEndpoint", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint", + "route53:AssociateVPCWithHostedZone" + ], + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Get project configuration and resources", - "privilege": "GetProject", + "access_level": "Write", + "description": "Grants permission to delete data via query APIs on the graph", + "privilege": "DeleteDataViaQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Read", - "description": "Fetch the previously exported project configuration snapshot", - "privilege": "GetProjectSnapshot", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -166035,192 +189624,171 @@ }, { "access_level": "Write", - "description": "Create a new project from the previously exported project configuration", - "privilege": "ImportProject", + "description": "Grants permission to delete a graph", + "privilege": "DeleteGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "graph*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Install a bundle in the project deployments S3 bucket", - "privilege": "InstallBundle", + "description": "Grants permission to delete a snapshot", + "privilege": "DeleteGraphSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List the available SaaS (Software as a Service) connectors", - "privilege": "ListAvailableConnectors", - "resource_types": [ + "resource_type": "graph-snapshot*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "List available features", - "privilege": "ListAvailableFeatures", + "access_level": "Write", + "description": "Grants permission to delete a private graph endpoint of a graph", + "privilege": "DeletePrivateGraphEndpoint", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyVpcEndpoint", + "route53:DisassociateVPCFromHostedZone" + ], + "resource_type": "graph*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "List available regions for projects", - "privilege": "ListAvailableRegions", + "access_level": "Read", + "description": "Grants permission to get the engine status of the graph", + "privilege": "GetEngineStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List the available download bundles", - "privilege": "ListBundles", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "List saved snapshots of project configuration", - "privilege": "ListProjectSnapshots", + "access_level": "Read", + "description": "Grants permission to get details about a graph", + "privilege": "GetGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "List projects", - "privilege": "ListProjects", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Synchronize state of resources into project", - "privilege": "SynchronizeProject", + "access_level": "Read", + "description": "Grants permission to get details about a snapshot", + "privilege": "GetGraphSnapshot", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Update project", - "privilege": "UpdateProject", - "resource_types": [ + "resource_type": "graph-snapshot*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Validate a mobile hub project.", - "privilege": "ValidateProject", + "description": "Grants permission to get the summary for the data in the graph", + "privilege": "GetGraphSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "graph*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Verify AWS Mobile Hub is enabled in the account", - "privilege": "VerifyServiceRole", + "description": "Grants permission to get details about an import task", + "privilege": "GetImportTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "import-task*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mobilehub:${Region}:${Account}:project/${ProjectId}", - "condition_keys": [], - "resource": "project" - } - ], - "service_name": "AWS Mobile Hub" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a key that is present in the request the user makes to the pinpoint service", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names present in the request the user makes to the pinpoint service", - "type": "ArrayOfString" - } - ], - "prefix": "mobiletargeting", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an app", - "privilege": "CreateApp", + "access_level": "Read", + "description": "Grants permission to get details about a private graph endpoint of a graph", + "privilege": "GetPrivateGraphEndpoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "apps*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166229,19 +189797,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a campaign for an app", - "privilege": "CreateCampaign", + "access_level": "Read", + "description": "Grants permission to check the status of a given query", + "privilege": "GetQueryStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166250,19 +189816,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an email template", - "privilege": "CreateEmailTemplate", + "access_level": "Read", + "description": "Grants permission to get the statistics for the data in the graph", + "privilege": "GetStatisticsStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166271,64 +189835,53 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an export job that exports endpoint definitions to Amazon S3", - "privilege": "CreateExportJob", + "access_level": "Read", + "description": "Grants permission to list the snapshots in your account", + "privilege": "ListGraphSnapshots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "graph-snapshot*" } ] }, { - "access_level": "Write", - "description": "Grants permission to import endpoint definitions from to create a segment", - "privilege": "CreateImportJob", + "access_level": "Read", + "description": "Grants permission to list the graphs in your account", + "privilege": "ListGraphs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "graph*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an in-app message template", - "privilege": "CreateInAppTemplate", + "access_level": "Read", + "description": "Grants permission to list the import tasks in your account", + "privilege": "ListImportTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "import-task*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Journey for an app", - "privilege": "CreateJourney", + "access_level": "Read", + "description": "Grants permission to list the private graph endpoints for a given graph", + "privilege": "ListPrivateGraphEndpoints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "journeys*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166337,19 +189890,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a push notification template", - "privilege": "CreatePushTemplate", + "access_level": "Read", + "description": "Grants permission to check the status of all active queries", + "privilege": "ListQueries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166358,31 +189909,22 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an Amazon Pinpoint configuration for a recommender model", - "privilege": "CreateRecommenderConfiguration", + "access_level": "Read", + "description": "Grants permission to lists tag for a Neptune Analytics resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommenders*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a segment that is based on endpoint data reported to Pinpoint by your app. To allow a user to create a segment by importing endpoint data from outside of Pinpoint, allow the mobiletargeting:CreateImportJob action", - "privilege": "CreateSegment", - "resource_types": [ + "resource_type": "graph" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "graph-snapshot" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166391,19 +189933,17 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create an sms message template", - "privilege": "CreateSmsTemplate", + "access_level": "Read", + "description": "Grants permission to read data via query APIs on the graph", + "privilege": "ReadDataViaQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166413,18 +189953,16 @@ }, { "access_level": "Write", - "description": "Grants permission to create a voice message template", - "privilege": "CreateVoiceTemplate", + "description": "Grants permission to reset a graph which deletes all data within the graph", + "privilege": "ResetGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "graph*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], @@ -166434,1061 +189972,1167 @@ }, { "access_level": "Write", - "description": "Grants permission to delete the ADM channel for an app", - "privilege": "DeleteAdmChannel", + "description": "Grants permission to create a new graph from an existing snapshot", + "privilege": "RestoreGraphFromSnapshot", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey" + ], + "resource_type": "graph-snapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the APNs channel for an app", - "privilege": "DeleteApnsChannel", + "description": "Grants permission to import data into an existing graph", + "privilege": "StartImportTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "channel*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "graph*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the APNs sandbox channel for an app", - "privilege": "DeleteApnsSandboxChannel", + "access_level": "Tagging", + "description": "Grants permission to tag a Neptune Analytics resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the APNs VoIP channel for an app", - "privilege": "DeleteApnsVoipChannel", - "resource_types": [ + "resource_type": "graph" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the APNs VoIP sandbox channel for an app", - "privilege": "DeleteApnsVoipSandboxChannel", - "resource_types": [ + "resource_type": "graph-snapshot" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specific campaign", - "privilege": "DeleteApp", + "access_level": "Tagging", + "description": "Grants permission to untag a Neptune Analytics resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the Baidu channel for an app", - "privilege": "DeleteBaiduChannel", - "resource_types": [ + "resource_type": "graph" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a specific campaign", - "privilege": "DeleteCampaign", - "resource_types": [ + "resource_type": "graph-snapshot" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the email channel for an app", - "privilege": "DeleteEmailChannel", + "description": "Grants permission to modify a graph", + "privilege": "UpdateGraph", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an email template or an email template version", - "privilege": "DeleteEmailTemplate", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an endpoint", - "privilege": "DeleteEndpoint", + "description": "Grants permission to write data via query APIs on the graph", + "privilege": "WriteDataViaQuery", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the event stream for an app", - "privilege": "DeleteEventStream", - "resource_types": [ + "resource_type": "graph*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "event-stream*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:neptune-graph:${Region}:${Account}:graph/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "graph" + }, + { + "arn": "arn:${Partition}:neptune-graph:${Region}:${Account}:graph-snapshot/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "graph-snapshot" + }, + { + "arn": "arn:${Partition}:neptune-graph:${Region}:${Account}:import-task/${ResourceId}", + "condition_keys": [], + "resource": "import-task" + } + ], + "service_name": "Amazon Neptune Analytics" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by on the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag value associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "network-firewall", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete the GCM channel for an app", - "privilege": "DeleteGcmChannel", + "description": "Grants permission to create an association between a firewall policy and a firewall", + "privilege": "AssociateFirewallPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an in-app message template or an in-app message template version", - "privilege": "DeleteInAppTemplate", - "resource_types": [ + "resource_type": "Firewall*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "FirewallPolicy*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specific journey", - "privilege": "DeleteJourney", + "description": "Grants permission to associate VPC subnets to a firewall", + "privilege": "AssociateSubnets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" + "resource_type": "Firewall*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a push notification template or a push notification template version", - "privilege": "DeletePushTemplate", + "description": "Grants permission to create an AWS Network Firewall firewall", + "privilege": "CreateFirewall", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "Firewall*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "FirewallPolicy*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an Amazon Pinpoint configuration for a recommender model", - "privilege": "DeleteRecommenderConfiguration", + "description": "Grants permission to create an AWS Network Firewall firewall policy", + "privilege": "CreateFirewallPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" + "resource_type": "FirewallPolicy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TLSInspectionConfiguration" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specific segment", - "privilege": "DeleteSegment", + "description": "Grants permission to create an AWS Network Firewall rule group", + "privilege": "CreateRuleGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the SMS channel for an app", - "privilege": "DeleteSmsChannel", + "description": "Grants permission to create an AWS Network Firewall tls inspection configuration", + "privilege": "CreateTLSInspectionConfiguration", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "TLSInspectionConfiguration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an sms message template or an sms message template version", - "privilege": "DeleteSmsTemplate", + "description": "Grants permission to delete a firewall", + "privilege": "DeleteFirewall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "Firewall*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete all of the endpoints that are associated with a user ID", - "privilege": "DeleteUserEndpoints", + "description": "Grants permission to delete a firewall policy", + "privilege": "DeleteFirewallPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "FirewallPolicy*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the Voice channel for an app", - "privilege": "DeleteVoiceChannel", + "description": "Grants permission to delete a resource policy for a firewall policy or rule group", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "FirewallPolicy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a voice message template or a voice message template version", - "privilege": "DeleteVoiceTemplate", + "description": "Grants permission to delete a rule group", + "privilege": "DeleteRuleGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the Amazon Device Messaging (ADM) channel for an app", - "privilege": "GetAdmChannel", - "resource_types": [ + "resource_type": "StatefulRuleGroup*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "StatelessRuleGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the APNs channel for an app", - "privilege": "GetApnsChannel", + "access_level": "Write", + "description": "Grants permission to delete a tls inspection configuration", + "privilege": "DeleteTLSInspectionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "TLSInspectionConfiguration*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the APNs sandbox channel for an app", - "privilege": "GetApnsSandboxChannel", + "description": "Grants permission to retrieve the data objects that define a firewall", + "privilege": "DescribeFirewall", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "Firewall*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the APNs VoIP channel for an app", - "privilege": "GetApnsVoipChannel", + "description": "Grants permission to retrieve the data objects that define a firewall policy", + "privilege": "DescribeFirewallPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the APNs VoIP sandbox channel for an app", - "privilege": "GetApnsVoipSandboxChannel", - "resource_types": [ + "resource_type": "FirewallPolicy*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TLSInspectionConfiguration" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a specific app in your Amazon Pinpoint account", - "privilege": "GetApp", + "description": "Grants permission to describe the logging configuration of a firewall", + "privilege": "DescribeLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "Firewall*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard metric that applies to an application", - "privilege": "GetApplicationDateRangeKpi", + "description": "Grants permission to describe a resource policy for a firewall policy or rule group", + "privilege": "DescribeResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "application-metrics*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve the default settings for an app", - "privilege": "GetApplicationSettings", - "resource_types": [ + "resource_type": "FirewallPolicy" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve a list of apps in your Amazon Pinpoint account", - "privilege": "GetApps", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "apps*" + "resource_type": "StatelessRuleGroup" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about the Baidu channel for an app", - "privilege": "GetBaiduChannel", + "description": "Grants permission to retrieve the data objects that define a rule group", + "privilege": "DescribeRuleGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "StatefulRuleGroup" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "StatelessRuleGroup" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a specific campaign", - "privilege": "GetCampaign", + "description": "Grants permission to retrieve the high-level information about a rule group", + "privilege": "DescribeRuleGroupMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve information about the activities performed by a campaign", - "privilege": "GetCampaignActivities", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "StatelessRuleGroup" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard metric that applies to a campaign", - "privilege": "GetCampaignDateRangeKpi", + "description": "Grants permission to retrieve the data objects that define a tls inspection configuration", + "privilege": "DescribeTLSInspectionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign-metrics*" + "resource_type": "TLSInspectionConfiguration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific campaign version", - "privilege": "GetCampaignVersion", + "access_level": "Write", + "description": "Grants permission to disassociate VPC subnets from a firewall", + "privilege": "DisassociateSubnets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "Firewall*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve information about the current and prior versions of a campaign", - "privilege": "GetCampaignVersions", + "description": "Grants permission to retrieve the metadata for firewall policies", + "privilege": "ListFirewallPolicies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "FirewallPolicy*" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve information about all campaigns for an app", - "privilege": "GetCampaigns", + "description": "Grants permission to retrieve the metadata for firewalls", + "privilege": "ListFirewalls", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "Firewall*" } ] }, { "access_level": "List", - "description": "Grants permission to get all channels information for your app", - "privilege": "GetChannels", + "description": "Grants permission to retrieve the metadata for rule groups", + "privilege": "ListRuleGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channels*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about the email channel in an app", - "privilege": "GetEmailChannel", + "access_level": "List", + "description": "Grants permission to retrieve the metadata for tls inspection configurations", + "privilege": "ListTLSInspectionConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "TLSInspectionConfiguration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific or the active version of an email template", - "privilege": "GetEmailTemplate", + "access_level": "List", + "description": "Grants permission to retrieve the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific endpoint", - "privilege": "GetEndpoint", - "resource_types": [ + "resource_type": "Firewall*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about the event stream for an app", - "privilege": "GetEventStream", - "resource_types": [ + "resource_type": "FirewallPolicy*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-stream*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to obtain information about a specific export job", - "privilege": "GetExportJob", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "export-job*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve a list of all of the export jobs for an app", - "privilege": "GetExportJobs", - "resource_types": [ + "resource_type": "StatelessRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "TLSInspectionConfiguration" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the GCM channel for an app", - "privilege": "GetGcmChannel", + "access_level": "Write", + "description": "Grants permission to put a resource policy for a firewall policy or rule group", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific import job", - "privilege": "GetImportJob", - "resource_types": [ + "resource_type": "FirewallPolicy" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "import-job*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve information about all import jobs for an app", - "privilege": "GetImportJobs", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "StatelessRuleGroup" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrive in-app messages for the given endpoint id", - "privilege": "GetInAppMessages", + "access_level": "Tagging", + "description": "Grants permission to attach tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific or the active version of an in-app message template", - "privilege": "GetInAppTemplate", - "resource_types": [ + "resource_type": "Firewall" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific journey", - "privilege": "GetJourney", - "resource_types": [ + "resource_type": "FirewallPolicy" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard engagement metric that applies to a journey", - "privilege": "GetJourneyDateRangeKpi", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey-metrics*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey activity", - "privilege": "GetJourneyExecutionActivityMetrics", - "resource_types": [ + "resource_type": "StatelessRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey-execution-activity-metrics*" + "resource_type": "TLSInspectionConfiguration" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey", - "privilege": "GetJourneyExecutionMetrics", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey-execution-metrics*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey activity for a single journey run", - "privilege": "GetJourneyRunExecutionActivityMetrics", - "resource_types": [ + "resource_type": "Firewall" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve (queries) pre-aggregated data for a standard execution metric that applies to a journey for a single journey run", - "privilege": "GetJourneyRunExecutionMetrics", - "resource_types": [ + "resource_type": "FirewallPolicy" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve information about all journey runs for a journey", - "privilege": "GetJourneyRuns", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific or the active version of an push notification template", - "privilege": "GetPushTemplate", - "resource_types": [ + "resource_type": "StatelessRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "TLSInspectionConfiguration" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about an Amazon Pinpoint configuration for a recommender model", - "privilege": "GetRecommenderConfiguration", + "access_level": "Write", + "description": "Grants permission to add or remove delete protection for a firewall", + "privilege": "UpdateFirewallDeleteProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" + "resource_type": "Firewall*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all the recommender model configurations that are associated with an Amazon Pinpoint account", - "privilege": "GetRecommenderConfigurations", + "access_level": "Write", + "description": "Grants permission to modify the description for a firewall", + "privilege": "UpdateFirewallDescription", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommenders*" + "resource_type": "Firewall*" } ] }, { - "access_level": "Read", - "description": "Grants permission to mobiletargeting:GetReports", - "privilege": "GetReports", + "access_level": "Write", + "description": "Grants permission to modify the encryption configuration of a firewall", + "privilege": "UpdateFirewallEncryptionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reports*" + "resource_type": "Firewall*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific segment", - "privilege": "GetSegment", + "access_level": "Write", + "description": "Grants permission to modify a firewall policy", + "privilege": "UpdateFirewallPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve information about jobs that export endpoint definitions from segments to Amazon S3", - "privilege": "GetSegmentExportJobs", - "resource_types": [ + "resource_type": "FirewallPolicy*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve information about jobs that create segments by importing endpoint definitions from", - "privilege": "GetSegmentImportJobs", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific segment version", - "privilege": "GetSegmentVersion", - "resource_types": [ + "resource_type": "StatelessRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" + "resource_type": "TLSInspectionConfiguration" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the current and prior versions of a segment", - "privilege": "GetSegmentVersions", + "access_level": "Write", + "description": "Grants permission to add or remove firewall policy change protection for a firewall", + "privilege": "UpdateFirewallPolicyChangeProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" + "resource_type": "Firewall*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about the segments for an app", - "privilege": "GetSegments", + "access_level": "Write", + "description": "Grants permission to modify the logging configuration of a firewall", + "privilege": "UpdateLoggingConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "Firewall*" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about the SMS channel in an app", - "privilege": "GetSmsChannel", + "access_level": "Write", + "description": "Grants permission to modify a rule group", + "privilege": "UpdateRuleGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific or the active version of an sms message template", - "privilege": "GetSmsTemplate", - "resource_types": [ + "resource_type": "StatefulRuleGroup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "StatelessRuleGroup" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about the endpoints that are associated with a user ID", - "privilege": "GetUserEndpoints", + "access_level": "Write", + "description": "Grants permission to add or remove subnet change protection for a firewall", + "privilege": "UpdateSubnetChangeProtection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "user*" + "resource_type": "Firewall*" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain information about the Voice channel in an app", - "privilege": "GetVoiceChannel", + "access_level": "Write", + "description": "Grants permission to modify a tls inspection configuration", + "privilege": "UpdateTLSInspectionConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "TLSInspectionConfiguration*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:firewall/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Firewall" }, { - "access_level": "Read", - "description": "Grants permission to retrieve information about a specific or the active version of a voice message template", - "privilege": "GetVoiceTemplate", + "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:firewall-policy/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "FirewallPolicy" + }, + { + "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:stateful-rulegroup/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "StatefulRuleGroup" + }, + { + "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:stateless-rulegroup/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "StatelessRuleGroup" + }, + { + "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:tls-configuration/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "TLSInspectionConfiguration" + } + ], + "service_name": "AWS Network Firewall" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "networkmanager:cgwArn", + "description": "Filters access by which customer gateways can be associated or disassociated", + "type": "ARN" + }, + { + "condition": "networkmanager:subnetArns", + "description": "Filters access by which VPC subnets can be added or removed from a VPC attachment", + "type": "ArrayOfARN" + }, + { + "condition": "networkmanager:tgwArn", + "description": "Filters access by which transit gateways can be registered, deregistered, or peered", + "type": "ARN" + }, + { + "condition": "networkmanager:tgwConnectPeerArn", + "description": "Filters access by which transit gateway connect peers can be associated or disassociated", + "type": "ARN" + }, + { + "condition": "networkmanager:tgwRtbArn", + "description": "Filters access by which Transit Gateway Route Table can be used to create an attachment", + "type": "ARN" + }, + { + "condition": "networkmanager:vpcArn", + "description": "Filters access by which VPC can be used to a create/update attachment", + "type": "ARN" + }, + { + "condition": "networkmanager:vpnConnectionArn", + "description": "Filters access by which Site-to-Site VPN can be used to a create/update attachment", + "type": "ARN" + } + ], + "prefix": "networkmanager", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept creation of an attachment between a source and destination in a core network", + "privilege": "AcceptAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "attachment*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve information about all journeys for an app", - "privilege": "ListJourneys", + "access_level": "Write", + "description": "Grants permission to associate a Connect Peer", + "privilege": "AssociateConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "device*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to associate a customer gateway to a device", + "privilege": "AssociateCustomerGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign" + "resource_type": "device*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey" + "resource_type": "global-network*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment" + "resource_type": "link" }, { - "condition_keys": [], + "condition_keys": [ + "networkmanager:cgwArn" + ], "dependent_actions": [], - "resource_type": "template" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve all versions about a specific template", - "privilege": "ListTemplateVersions", + "access_level": "Write", + "description": "Grants permission to associate a link to a device", + "privilege": "AssociateLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve metadata about the queried templates", - "privilege": "ListTemplates", - "resource_types": [ + "resource_type": "device*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "templates*" + "resource_type": "global-network*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link*" } ] }, { - "access_level": "Read", - "description": "Grants permission to obtain metadata for a phone number, such as the number type (mobile, landline, or VoIP), location, and provider", - "privilege": "PhoneNumberValidate", + "access_level": "Write", + "description": "Grants permission to associate a transit gateway connect peer to a device", + "privilege": "AssociateTransitGatewayConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "phone-number-validate*" + "resource_type": "device*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link" + }, + { + "condition_keys": [ + "networkmanager:tgwConnectPeerArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update an event stream for an app", - "privilege": "PutEventStream", + "description": "Grants permission to create a Connect attachment", + "privilege": "CreateConnectAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-stream*" + "resource_type": "attachment*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update events for an app", - "privilege": "PutEvents", + "description": "Grants permission to create a Connect Peer connection", + "privilege": "CreateConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "events*" + "resource_type": "attachment*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove the attributes for an app", - "privilege": "RemoveAttributes", + "description": "Grants permission to create a new connection", + "privilege": "CreateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attribute*" + "resource_type": "global-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send an SMS message or push notification to specific endpoints", - "privilege": "SendMessages", + "description": "Grants permission to create a new core network", + "privilege": "CreateCoreNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "messages*" + "resource_type": "global-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send an OTP code to a user of your application", - "privilege": "SendOTPMessage", + "description": "Grants permission to create a new device", + "privilege": "CreateDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "otp*" + "resource_type": "global-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to send an SMS message or push notification to all endpoints that are associated with a specific user ID", - "privilege": "SendUsersMessages", + "description": "Grants permission to create a new global network", + "privilege": "CreateGlobalNetwork", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "messages*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create a new link", + "privilege": "CreateLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "journey" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "segment" + "resource_type": "global-network*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "template" + "resource_type": "site" }, { "condition_keys": [ @@ -167501,34 +191145,14 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a new site", + "privilege": "CreateSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "journey" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "segment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template" + "resource_type": "global-network*" }, { "condition_keys": [ @@ -167542,230 +191166,254 @@ }, { "access_level": "Write", - "description": "Grants permission to update the Amazon Device Messaging (ADM) channel for an app", - "privilege": "UpdateAdmChannel", + "description": "Grants permission to create a site-to-site VPN attachment", + "privilege": "CreateSiteToSiteVpnAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:vpnConnectionArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Apple Push Notification service (APNs) channel for an app", - "privilege": "UpdateApnsChannel", + "description": "Grants permission to create a Transit Gateway peering", + "privilege": "CreateTransitGatewayPeering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:tgwArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Apple Push Notification service (APNs) sandbox channel for an app", - "privilege": "UpdateApnsSandboxChannel", + "description": "Grants permission to create a TGW RTB attachment", + "privilege": "CreateTransitGatewayRouteTableAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "peering*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:tgwRtbArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Apple Push Notification service (APNs) VoIP channel for an app", - "privilege": "UpdateApnsVoipChannel", + "description": "Grants permission to create a VPC attachment", + "privilege": "CreateVpcAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "core-network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:vpcArn", + "networkmanager:subnetArns" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Apple Push Notification service (APNs) VoIP sandbox channel for an app", - "privilege": "UpdateApnsVoipSandboxChannel", + "description": "Grants permission to delete an attachment", + "privilege": "DeleteAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "attachment*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the default settings for an app", - "privilege": "UpdateApplicationSettings", + "description": "Grants permission to delete a Connect Peer", + "privilege": "DeleteConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "connect-peer*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Baidu channel for an app", - "privilege": "UpdateBaiduChannel", + "description": "Grants permission to delete a connection", + "privilege": "DeleteConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific campaign", - "privilege": "UpdateCampaign", + "description": "Grants permission to delete a core network", + "privilege": "DeleteCoreNetwork", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "campaign*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "core-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the email channel for an app", - "privilege": "UpdateEmailChannel", + "description": "Grants permission to delete the core network policy version", + "privilege": "DeleteCoreNetworkPolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "core-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific email template under the same version or generate a new version", - "privilege": "UpdateEmailTemplate", + "description": "Grants permission to delete a device", + "privilege": "DeleteDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "device*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "global-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an endpoint or update the information for an endpoint", - "privilege": "UpdateEndpoint", + "description": "Grants permission to delete a global network", + "privilege": "DeleteGlobalNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "endpoint*" + "resource_type": "global-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update endpoints as a batch operation", - "privilege": "UpdateEndpointsBatch", + "description": "Grants permission to delete a link", + "privilege": "DeleteLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "global-network*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the Firebase Cloud Messaging (FCM) or Google Cloud Messaging (GCM) API key that allows to send push notifications to your Android app", - "privilege": "UpdateGcmChannel", + "description": "Grants permission to delete a peering", + "privilege": "DeletePeering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "peering*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific in-app message template under the same version or generate a new version", - "privilege": "UpdateInAppTemplate", + "description": "Grants permission to delete a resource", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "core-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific journey", - "privilege": "UpdateJourney", + "description": "Grants permission to delete a site", + "privilege": "DeleteSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" + "resource_type": "global-network*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "site*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific journey state", - "privilege": "UpdateJourneyState", + "description": "Grants permission to deregister a transit gateway from a global network", + "privilege": "DeregisterTransitGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "journey*" + "resource_type": "global-network*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "networkmanager:tgwArn" ], "dependent_actions": [], "resource_type": "" @@ -167773,51 +191421,42 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a specific push notification template under the same version or generate a new version", - "privilege": "UpdatePushTemplate", + "access_level": "List", + "description": "Grants permission to describe global networks", + "privilege": "DescribeGlobalNetworks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "global-network" } ] }, { "access_level": "Write", - "description": "Grants permission to update an Amazon Pinpoint configuration for a recommender model", - "privilege": "UpdateRecommenderConfiguration", + "description": "Grants permission to disassociate a Connect Peer", + "privilege": "DisassociateConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" + "resource_type": "global-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific segment", - "privilege": "UpdateSegment", + "description": "Grants permission to disassociate a customer gateway from a device", + "privilege": "DisassociateCustomerGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "segment*" + "resource_type": "global-network*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "networkmanager:cgwArn" ], "dependent_actions": [], "resource_type": "" @@ -167826,30 +191465,39 @@ }, { "access_level": "Write", - "description": "Grants permission to update the SMS channel for an app", - "privilege": "UpdateSmsChannel", + "description": "Grants permission to disassociate a link from a device", + "privilege": "DisassociateLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "device*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specific sms message template under the same version or generate a new version", - "privilege": "UpdateSmsTemplate", + "description": "Grants permission to disassociate a transit gateway connect peer from a device", + "privilege": "DisassociateTransitGatewayConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "global-network*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "networkmanager:tgwConnectPeerArn" ], "dependent_actions": [], "resource_type": "" @@ -167858,726 +191506,410 @@ }, { "access_level": "Write", - "description": "Grants permission to update the active version parameter of a specific template", - "privilege": "UpdateTemplateActiveVersion", + "description": "Grants permission to apply changes to the core network", + "privilege": "ExecuteCoreNetworkChangeSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" + "resource_type": "core-network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the Voice channel for an app", - "privilege": "UpdateVoiceChannel", + "access_level": "Read", + "description": "Grants permission to retrieve a Connect attachment", + "privilege": "GetConnectAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "channel*" + "resource_type": "attachment*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a specific voice message template under the same version or generate a new version", - "privilege": "UpdateVoiceTemplate", + "access_level": "Read", + "description": "Grants permission to retrieve a Connect Peer", + "privilege": "GetConnectPeer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "connect-peer*" } ] }, { - "access_level": "Write", - "description": "Grants permission to check the validity of One-Time Passwords (OTPs)", - "privilege": "VerifyOTPMessage", + "access_level": "Read", + "description": "Grants permission to describe Connect Peer associations", + "privilege": "GetConnectPeerAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "verify-otp*" + "resource_type": "global-network*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "app" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/*", - "condition_keys": [], - "resource": "apps" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/campaigns/${CampaignId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "campaign" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "journey" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys", - "condition_keys": [], - "resource": "journeys" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/segments/${SegmentId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "segment" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:templates/${TemplateName}/${TemplateType}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "template" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:templates", - "condition_keys": [], - "resource": "templates" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:recommenders/${RecommenderId}", - "condition_keys": [], - "resource": "recommender" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:recommenders/*", - "condition_keys": [], - "resource": "recommenders" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:phone/number/validate", - "condition_keys": [], - "resource": "phone-number-validate" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/channels", - "condition_keys": [], - "resource": "channels" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/channels/${ChannelType}", - "condition_keys": [], - "resource": "channel" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/eventstream", - "condition_keys": [], - "resource": "event-stream" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/events", - "condition_keys": [], - "resource": "events" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/messages", - "condition_keys": [], - "resource": "messages" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/verify-otp", - "condition_keys": [], - "resource": "verify-otp" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/otp", - "condition_keys": [], - "resource": "otp" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/attributes/${AttributeType}", - "condition_keys": [], - "resource": "attribute" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/users/${UserId}", - "condition_keys": [], - "resource": "user" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/endpoints/${EndpointId}", - "condition_keys": [], - "resource": "endpoint" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/jobs/import/${JobId}", - "condition_keys": [], - "resource": "import-job" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/jobs/export/${JobId}", - "condition_keys": [], - "resource": "export-job" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/kpis/daterange/${KpiName}", - "condition_keys": [], - "resource": "application-metrics" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/campaigns/${CampaignId}/kpis/daterange/${KpiName}", - "condition_keys": [], - "resource": "campaign-metrics" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}/kpis/daterange/${KpiName}", - "condition_keys": [], - "resource": "journey-metrics" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}/execution-metrics", - "condition_keys": [], - "resource": "journey-execution-metrics" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/journeys/${JourneyId}/activities/${JourneyActivityId}/execution-metrics", - "condition_keys": [], - "resource": "journey-execution-activity-metrics" - }, - { - "arn": "arn:${Partition}:mobiletargeting:${Region}:${Account}:reports", - "condition_keys": [], - "resource": "reports" - } - ], - "service_name": "Amazon Pinpoint" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters actions by the tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "monitron", - "privileges": [ - { - "access_level": "Permissions management", - "description": "Grants permission to associate a user with the project as an administrator", - "privilege": "AssociateProjectAdminUser", + "access_level": "List", + "description": "Grants permission to describe connections", + "privilege": "GetConnections", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso-directory:DescribeUsers", - "sso:AssociateProfile", - "sso:GetManagedApplicationInstance", - "sso:GetProfile", - "sso:ListDirectoryAssociations", - "sso:ListProfileAssociations", - "sso:ListProfiles" - ], - "resource_type": "project*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a project", - "privilege": "CreateProject", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:CreateServiceLinkedRole", - "kms:CreateGrant", - "sso:CreateManagedApplicationInstance", - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a project", - "privilege": "DeleteProject", - "resource_types": [ + "dependent_actions": [], + "resource_type": "global-network*" + }, { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "project*" + "dependent_actions": [], + "resource_type": "connection" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to disassociate an administrator from the project", - "privilege": "DisassociateProjectAdminUser", + "access_level": "Read", + "description": "Grants permission to retrieve a core network", + "privilege": "GetCoreNetwork", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso-directory:DescribeUsers", - "sso:DisassociateProfile", - "sso:GetManagedApplicationInstance", - "sso:GetProfile", - "sso:ListDirectoryAssociations", - "sso:ListProfiles" - ], - "resource_type": "project*" + "dependent_actions": [], + "resource_type": "core-network*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about a project", - "privilege": "GetProject", + "description": "Grants permission to retrieve a list of core network change events", + "privilege": "GetCoreNetworkChangeEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" + "resource_type": "core-network*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an administrator who is associated with the project", - "privilege": "GetProjectAdminUser", + "description": "Grants permission to retrieve a list of core network change sets", + "privilege": "GetCoreNetworkChangeSet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso-directory:DescribeUsers", - "sso:GetManagedApplicationInstance", - "sso:ListProfileAssociations" - ], - "resource_type": "project*" + "dependent_actions": [], + "resource_type": "core-network*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to list all administrators associated with the project", - "privilege": "ListProjectAdminUsers", + "access_level": "Read", + "description": "Grants permission to retrieve core network policy", + "privilege": "GetCoreNetworkPolicy", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso-directory:DescribeUsers", - "sso:GetManagedApplicationInstance" - ], - "resource_type": "project*" + "dependent_actions": [], + "resource_type": "core-network*" } ] }, { "access_level": "List", - "description": "Grants permission to list all projects", - "privilege": "ListProjects", + "description": "Grants permission to describe customer gateway associations", + "privilege": "GetCustomerGatewayAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "global-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to describe devices", + "privilege": "GetDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "global-network*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to describe link associations", + "privilege": "GetLinkAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "global-network*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to describe links", + "privilege": "GetLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project" + "resource_type": "global-network*" }, { - "condition_keys": [ - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "link" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a project", - "privilege": "UpdateProject", + "access_level": "Read", + "description": "Grants permission to return the number of resources for a global network grouped by type", + "privilege": "GetNetworkResourceCounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "project*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "global-network*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:monitron:${Region}:${Account}:project/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "project" - } - ], - "service_name": "Amazon Monitron" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "mq", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a broker", - "privilege": "CreateBroker", + "access_level": "Read", + "description": "Grants permission to retrieve related resources for a resource within the global network", + "privilege": "GetNetworkResourceRelationships", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:CreateSecurityGroup", - "ec2:CreateVpcEndpoint", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "iam:CreateServiceLinkedRole", - "route53:AssociateVPCWithHostedZone" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and engine version)", - "privilege": "CreateConfiguration", + "access_level": "Read", + "description": "Grants permission to retrieve a global network resource", + "privilege": "GetNetworkResources", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "global-network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a replica broker", - "privilege": "CreateReplicaBroker", + "access_level": "Read", + "description": "Grants permission to retrieve routes for a route table within the global network", + "privilege": "GetNetworkRoutes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" + "resource_type": "global-network*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to create tags", - "privilege": "CreateTags", + "access_level": "Read", + "description": "Grants permission to retrieve network telemetry objects for the global network", + "privilege": "GetNetworkTelemetry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers" - }, + "resource_type": "global-network*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a resource policy", + "privilege": "GetResourcePolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurations" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "core-network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an ActiveMQ user", - "privilege": "CreateUser", + "access_level": "Read", + "description": "Grants permission to retrieve a route analysis configuration and result", + "privilege": "GetRouteAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" + "resource_type": "global-network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a broker", - "privilege": "DeleteBroker", + "access_level": "Read", + "description": "Grants permission to retrieve a site-to-site VPN attachment", + "privilege": "GetSiteToSiteVpnAttachment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DeleteVpcEndpoints", - "ec2:DetachNetworkInterface" - ], - "resource_type": "brokers*" + "dependent_actions": [], + "resource_type": "attachment*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to delete tags", - "privilege": "DeleteTags", + "access_level": "List", + "description": "Grants permission to describe global networks", + "privilege": "GetSites", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers" + "resource_type": "global-network*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurations" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "site" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an ActiveMQ user", - "privilege": "DeleteUser", + "access_level": "List", + "description": "Grants permission to describe transit gateway connect peer associations", + "privilege": "GetTransitGatewayConnectPeerAssociations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" + "resource_type": "global-network*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the specified broker", - "privilege": "DescribeBroker", + "description": "Grants permission to retrieve a Transit Gateway peering", + "privilege": "GetTransitGatewayPeering", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" + "resource_type": "peering*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about broker engines", - "privilege": "DescribeBrokerEngineTypes", + "access_level": "List", + "description": "Grants permission to describe transit gateway registrations", + "privilege": "GetTransitGatewayRegistrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "global-network*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the broker instance options", - "privilege": "DescribeBrokerInstanceOptions", + "description": "Grants permission to retrieve a TGW RTB attachment", + "privilege": "GetTransitGatewayRouteTableAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "attachment*" } ] }, { "access_level": "Read", - "description": "Grants permission to return information about the specified configuration", - "privilege": "DescribeConfiguration", + "description": "Grants permission to retrieve a VPC attachment", + "privilege": "GetVpcAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurations*" + "resource_type": "attachment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the specified configuration revision for the specified configuration", - "privilege": "DescribeConfigurationRevision", + "access_level": "List", + "description": "Grants permission to describe attachments", + "privilege": "ListAttachments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurations*" + "resource_type": "attachment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return information about an ActiveMQ user", - "privilege": "DescribeUser", + "access_level": "List", + "description": "Grants permission to describe Connect Peers", + "privilege": "ListConnectPeers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" + "resource_type": "connect-peer*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of all brokers", - "privilege": "ListBrokers", + "description": "Grants permission to list core network policy versions", + "privilege": "ListCoreNetworkPolicyVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "core-network*" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of all existing revisions for the specified configuration", - "privilege": "ListConfigurationRevisions", + "description": "Grants permission to list core networks", + "privilege": "ListCoreNetworks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurations*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of all configurations", - "privilege": "ListConfigurations", + "description": "Grants permission to list organization service access status", + "privilege": "ListOrganizationServiceAccessStatus", "resource_types": [ { "condition_keys": [], @@ -168588,195 +191920,221 @@ }, { "access_level": "List", - "description": "Grants permission to return a list of tags", - "privilege": "ListTags", + "description": "Grants permission to describe peerings", + "privilege": "ListPeerings", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "configurations" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of all ActiveMQ users", - "privilege": "ListUsers", + "access_level": "Read", + "description": "Grants permission to list tags for a Network Manager resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reboot a broker", - "privilege": "RebootBroker", - "resource_types": [ + "resource_type": "attachment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to add a pending configuration change to a broker", - "privilege": "UpdateBroker", - "resource_types": [ + "resource_type": "connect-peer" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the specified configuration", - "privilege": "UpdateConfiguration", - "resource_types": [ + "resource_type": "connection" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "configurations*" + "resource_type": "core-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "peering" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update the information for an ActiveMQ user", - "privilege": "UpdateUser", + "description": "Grants permission to create a core network policy", + "privilege": "PutCoreNetworkPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "brokers*" + "resource_type": "core-network*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:mq:${Region}:${Account}:broker:${BrokerId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "brokers" }, - { - "arn": "arn:${Partition}:mq:${Region}:${Account}:configuration:${ConfigurationId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "configurations" - } - ], - "service_name": "Amazon MQ" - }, - { - "conditions": [ - { - "condition": "neptune-db:QueryLanguage", - "description": "Filters access by graph model", - "type": "String" - } - ], - "prefix": "neptune-db", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel a loader job", - "privilege": "CancelLoaderJob", + "description": "Grants permission to create or update a resource policy", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "core-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an ML data processing job", - "privilege": "CancelMLDataProcessingJob", + "description": "Grants permission to register a transit gateway to a global network", + "privilege": "RegisterTransitGateway", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "global-network*" + }, + { + "condition_keys": [ + "networkmanager:tgwArn" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an ML model training job", - "privilege": "CancelMLModelTrainingJob", + "description": "Grants permission to reject attachment request", + "privilege": "RejectAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "attachment*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel an ML model transform job", - "privilege": "CancelMLModelTransformJob", + "description": "Grants permission to restore the core network policy to a previous version", + "privilege": "RestoreCoreNetworkPolicyVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "core-network*" } ] }, { "access_level": "Write", - "description": "Grants permission to cancel a query", - "privilege": "CancelQuery", + "description": "Grants permission to start organization service access update", + "privilege": "StartOrganizationServiceAccessUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an ML endpoint", - "privilege": "CreateMLEndpoint", + "description": "Grants permission to start a route analysis and stores analysis configuration", + "privilege": "StartRouteAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "global-network*" } ] }, { - "access_level": "Write", - "description": "Grants permission to run delete data via query APIs on database", - "privilege": "DeleteDataViaQuery", + "access_level": "Tagging", + "description": "Grants permission to tag a Network Manager resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "attachment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connect-peer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "peering" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site" }, { "condition_keys": [ - "neptune-db:QueryLanguage" + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -168784,158 +192142,292 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an ML endpoint", - "privilege": "DeleteMLEndpoint", + "access_level": "Tagging", + "description": "Grants permission to untag a Network Manager resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete all the statistics in the database", - "privilege": "DeleteStatistics", - "resource_types": [ + "resource_type": "attachment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "connect-peer" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "core-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "peering" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of the Neptune engine", - "privilege": "GetEngineStatus", + "access_level": "Write", + "description": "Grants permission to update a connection", + "privilege": "UpdateConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "connection*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the graph summary from the database", - "privilege": "GetGraphSummary", + "access_level": "Write", + "description": "Grants permission to update a core network", + "privilege": "UpdateCoreNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "core-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of a loader job", - "privilege": "GetLoaderJobStatus", + "access_level": "Write", + "description": "Grants permission to update a device", + "privilege": "UpdateDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "device*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of an ML data processing job", - "privilege": "GetMLDataProcessingJobStatus", + "access_level": "Write", + "description": "Grants permission to update a global network", + "privilege": "UpdateGlobalNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "global-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of an ML endpoint", - "privilege": "GetMLEndpointStatus", + "access_level": "Write", + "description": "Grants permission to update a link", + "privilege": "UpdateLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "global-network*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "link*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of an ML model training job", - "privilege": "GetMLModelTrainingJobStatus", + "access_level": "Write", + "description": "Grants permission to add or update metadata key/value pairs on network resource", + "privilege": "UpdateNetworkResourceMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "global-network*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of an ML model transform job", - "privilege": "GetMLModelTransformJobStatus", + "access_level": "Write", + "description": "Grants permission to update a site", + "privilege": "UpdateSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "global-network*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the status of all active queries", - "privilege": "GetQueryStatus", + "access_level": "Write", + "description": "Grants permission to update a VPC attachment", + "privilege": "UpdateVpcAttachment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "attachment*" }, { "condition_keys": [ - "neptune-db:QueryLanguage" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "networkmanager:subnetArns" ], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:networkmanager::${Account}:global-network/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "global-network" }, { - "access_level": "Read", - "description": "Grants permission to check the status of statistics of the database", - "privilege": "GetStatisticsStatus", + "arn": "arn:${Partition}:networkmanager::${Account}:site/${GlobalNetworkId}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "site" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:link/${GlobalNetworkId}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "link" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:device/${GlobalNetworkId}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:connection/${GlobalNetworkId}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connection" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:core-network/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "core-network" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:attachment/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "attachment" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:connect-peer/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "connect-peer" + }, + { + "arn": "arn:${Partition}:networkmanager::${Account}:peering/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "peering" + } + ], + "service_name": "AWS Network Manager" + }, + { + "conditions": [], + "prefix": "networkmanager-chat", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to cancel a response to a message", + "privilege": "CancelMessageResponse", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to fetch stream records from Neptune", - "privilege": "GetStreamRecords", + "access_level": "Write", + "description": "Grants permission to create a conversation", + "privilege": "CreateConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a conversation", + "privilege": "DeleteConversation", + "resource_types": [ { - "condition_keys": [ - "neptune-db:QueryLanguage" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -168943,168 +192435,212 @@ }, { "access_level": "List", - "description": "Grants permission to list all the loader jobs", - "privilege": "ListLoaderJobs", + "description": "Grants permission to list conversation messages", + "privilege": "ListConversationMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all the ML data processing jobs", - "privilege": "ListMLDataProcessingJobs", + "description": "Grants permission to list conversations", + "privilege": "ListConversations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the ML endpoints", - "privilege": "ListMLEndpoints", + "access_level": "Write", + "description": "Grants permission to notify whether there is activity in a conversation", + "privilege": "NotifyConversationIsActive", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the ML model training jobs", - "privilege": "ListMLModelTrainingJobs", + "access_level": "Write", + "description": "Grants permission to send a conversation message", + "privilege": "SendConversationMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Network Manager Chat" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tag key-value pairs in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list all the ML model transform jobs", - "privilege": "ListMLModelTransformJobs", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "networkmonitor", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a monitor", + "privilege": "CreateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "monitor*" } ] }, { "access_level": "Write", - "description": "Grants permission to manage statistics in the database", - "privilege": "ManageStatistics", + "description": "Grants permission to create a probe", + "privilege": "CreateProbe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to run read data via query APIs on database", - "privilege": "ReadDataViaQuery", + "access_level": "Write", + "description": "Grants permission to delete a monitor", + "privilege": "DeleteMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" - }, + "resource_type": "monitor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a probe", + "privilege": "DeleteProbe", + "resource_types": [ { - "condition_keys": [ - "neptune-db:QueryLanguage" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "probe*" } ] }, { - "access_level": "Write", - "description": "Grants permission to get the token needed for reset and resets the Neptune database", - "privilege": "ResetDatabase", + "access_level": "Read", + "description": "Grants permission to get information about a monitor", + "privilege": "GetMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "monitor*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a loader job", - "privilege": "StartLoaderJob", + "access_level": "Read", + "description": "Grants permission to get information about a probe", + "privilege": "GetProbe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "probe*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an ML data processing job", - "privilege": "StartMLDataProcessingJob", + "access_level": "List", + "description": "Grants permission to list all monitors in an account and their statuses", + "privilege": "ListMonitors", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an ML model training job", - "privilege": "StartMLModelTrainingJob", + "access_level": "Read", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "monitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "probe" } ] }, { - "access_level": "Write", - "description": "Grants permission to start an ML model transform job", - "privilege": "StartMLModelTransformJob", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "monitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "probe" } ] }, { - "access_level": "Write", - "description": "Grants permission to run write data via query APIs on database", - "privilege": "WriteDataViaQuery", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "monitor" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "probe" }, { "condition_keys": [ - "neptune-db:QueryLanguage" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -169113,96 +192649,152 @@ }, { "access_level": "Write", - "description": "Grants permission to all data-access actions in engine versions prior to 1.2.0.0", - "privilege": "connect", + "description": "Grants permission to update a monitor", + "privilege": "UpdateMonitor", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "database*" + "resource_type": "monitor*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a probe", + "privilege": "UpdateProbe", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "probe*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:neptune-db:${Region}:${Account}:${RelativeId}/database", - "condition_keys": [], - "resource": "database" + "arn": "arn:${Partition}:networkmonitor:${Region}:${Account}:monitor/${MonitorName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "monitor" + }, + { + "arn": "arn:${Partition}:networkmonitor:${Region}:${Account}:probe/${ProbeId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "probe" } ], - "service_name": "Amazon Neptune" + "service_name": "Amazon CloudWatch Network Monitor" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by on the allowed set of values for each of the tags", + "description": "Filters access by a tag key and value pair that is allowed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tag value associated with the resource", + "description": "Filters access by a tag key and value pair of a resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", + "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" + }, + { + "condition": "nimble:createdBy", + "description": "Filters access by the createdBy request parameter or the ID of the creator of the resource", + "type": "String" + }, + { + "condition": "nimble:ownedBy", + "description": "Filters access by the ownedBy request parameter or the ID of the owner of the resource", + "type": "String" + }, + { + "condition": "nimble:principalId", + "description": "Filters access by the principalId request parameter", + "type": "String" + }, + { + "condition": "nimble:requesterPrincipalId", + "description": "Filters access by the ID of the logged in user", + "type": "String" + }, + { + "condition": "nimble:studioId", + "description": "Filters access by a specific studio", + "type": "ARN" } ], - "prefix": "network-firewall", + "prefix": "nimble", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an association between a firewall policy and a firewall", - "privilege": "AssociateFirewallPolicy", + "description": "Grants permission to accept EULAs", + "privilege": "AcceptEulas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy*" + "resource_type": "eula*" } ] }, { "access_level": "Write", - "description": "Grants permission to associate VPC subnets to a firewall", - "privilege": "AssociateSubnets", + "description": "Grants permission to create a launch profile", + "privilege": "CreateLaunchProfile", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", + "ec2:RunInstances" + ], + "resource_type": "studio*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "Firewall*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Network Firewall firewall", - "privilege": "CreateFirewall", + "description": "Grants permission to create a streaming image", + "privilege": "CreateStreamingImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySnapshotAttribute", + "ec2:RegisterImage" ], - "resource_type": "Firewall*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy*" + "resource_type": "studio*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -169211,33 +192803,24 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Network Firewall firewall policy", - "privilege": "CreateFirewallPolicy", + "description": "Grants permission to create a streaming session", + "privilege": "CreateStreamingSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration" + "dependent_actions": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileInitialization", + "nimble:ListEulaAcceptances" + ], + "resource_type": "launch-profile*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -169246,23 +192829,17 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Network Firewall rule group", - "privilege": "CreateRuleGroup", + "description": "Grants permission to create a StreamingSessionStream", + "privilege": "CreateStreamingSessionStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "streaming-session*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -169271,20 +192848,21 @@ }, { "access_level": "Write", - "description": "Grants permission to create an AWS Network Firewall tls inspection configuration", - "privilege": "CreateTLSInspectionConfiguration", + "description": "Grants permission to create a studio", + "privilege": "CreateStudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "iam:PassRole", + "sso:CreateManagedApplicationInstance" ], - "resource_type": "TLSInspectionConfiguration*" + "resource_type": "studio*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -169293,346 +192871,233 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a firewall", - "privilege": "DeleteFirewall", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a firewall policy", - "privilege": "DeleteFirewallPolicy", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a resource policy for a firewall policy or rule group", - "privilege": "DeleteResourcePolicy", + "description": "Grants permission to create a studio component. A studio component designates a network resource to which a launch profile will provide access", + "privilege": "CreateStudioComponent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:DescribeDirectories", + "ec2:DescribeSecurityGroups", + "fsx:DescribeFileSystems", + "iam:PassRole" + ], + "resource_type": "studio*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a rule group", - "privilege": "DeleteRuleGroup", + "description": "Grants permission to delete a launch profile", + "privilege": "DeleteLaunchProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StatefulRuleGroup*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup*" + "resource_type": "launch-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a tls inspection configuration", - "privilege": "DeleteTLSInspectionConfiguration", + "description": "Grants permission to delete a launch profile member", + "privilege": "DeleteLaunchProfileMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration*" + "resource_type": "launch-profile*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the data objects that define a firewall", - "privilege": "DescribeFirewall", + "access_level": "Write", + "description": "Grants permission to delete a streaming image", + "privilege": "DeleteStreamingImage", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" + "dependent_actions": [ + "ec2:DeleteSnapshot", + "ec2:DeregisterImage", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySnapshotAttribute" + ], + "resource_type": "streaming-image*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the data objects that define a firewall policy", - "privilege": "DescribeFirewallPolicy", + "access_level": "Write", + "description": "Grants permission to delete a streaming session", + "privilege": "DeleteStreamingSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "dependent_actions": [ + "ec2:DeleteNetworkInterface" + ], + "resource_type": "streaming-session*" }, { - "condition_keys": [], + "condition_keys": [ + "nimble:requesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the logging configuration of a firewall", - "privilege": "DescribeLoggingConfiguration", + "access_level": "Write", + "description": "Grants permission to delete a studio", + "privilege": "DeleteStudio", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" + "dependent_actions": [ + "sso:DeleteManagedApplicationInstance" + ], + "resource_type": "studio*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a resource policy for a firewall policy or rule group", - "privilege": "DescribeResourcePolicy", + "access_level": "Write", + "description": "Grants permission to delete a studio component", + "privilege": "DeleteStudioComponent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "dependent_actions": [ + "ds:UnauthorizeApplication" + ], + "resource_type": "studio-component*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the data objects that define a rule group", - "privilege": "DescribeRuleGroup", + "access_level": "Write", + "description": "Grants permission to delete a studio member", + "privilege": "DeleteStudioMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "studio*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the high-level information about a rule group", - "privilege": "DescribeRuleGroupMetadata", + "description": "Grants permission to get a EULA", + "privilege": "GetEula", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "eula*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the data objects that define a tls inspection configuration", - "privilege": "DescribeTLSInspectionConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disassociate VPC subnets from a firewall", - "privilege": "DisassociateSubnets", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to retrieve the metadata for firewall policies", - "privilege": "ListFirewallPolicies", + "description": "Grants permission to allow Nimble Studio portal to show the appropriate features for this account", + "privilege": "GetFeatureMap", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FirewallPolicy*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the metadata for firewalls", - "privilege": "ListFirewalls", + "access_level": "Read", + "description": "Grants permission to get a launch profile", + "privilege": "GetLaunchProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall*" + "resource_type": "launch-profile*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the metadata for rule groups", - "privilege": "ListRuleGroups", + "access_level": "Read", + "description": "Grants permission to get a launch profile's details, which includes the summary of studio components and streaming images used by the launch profile", + "privilege": "GetLaunchProfileDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "launch-profile*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the metadata for tls inspection configurations", - "privilege": "ListTLSInspectionConfigurations", + "access_level": "Read", + "description": "Grants permission to get a launch profile initialization. A launch profile initialization is a dereferenced version of a launch profile, including attached studio component connection information", + "privilege": "GetLaunchProfileInitialization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration*" + "dependent_actions": [ + "ds:DescribeDirectories", + "ec2:DescribeSecurityGroups", + "fsx:DescribeFileSystems" + ], + "resource_type": "launch-profile*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Read", + "description": "Grants permission to get a launch profile member", + "privilege": "GetLaunchProfileMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration" + "resource_type": "launch-profile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put a resource policy for a firewall policy or rule group", - "privilege": "PutResourcePolicy", + "access_level": "Read", + "description": "Grants permission to get a streaming image", + "privilege": "GetStreamingImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FirewallPolicy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "streaming-image*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach tags to a resource", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get a streaming session", + "privilege": "GetStreamingSession", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration" + "resource_type": "streaming-session*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -169640,38 +193105,18 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get a streaming session backup", + "privilege": "GetStreamingSessionBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "FirewallPolicy" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration" + "resource_type": "streaming-session-backup*" }, { "condition_keys": [ - "aws:TagKeys" + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -169679,280 +193124,141 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to add or remove delete protection for a firewall", - "privilege": "UpdateFirewallDeleteProtection", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the description for a firewall", - "privilege": "UpdateFirewallDescription", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify the encryption configuration of a firewall", - "privilege": "UpdateFirewallEncryptionConfiguration", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Firewall*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to modify a firewall policy", - "privilege": "UpdateFirewallPolicy", + "access_level": "Read", + "description": "Grants permission to get a streaming session stream", + "privilege": "GetStreamingSessionStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "FirewallPolicy*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "streaming-session*" }, { - "condition_keys": [], + "condition_keys": [ + "nimble:requesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to add or remove firewall policy change protection for a firewall", - "privilege": "UpdateFirewallPolicyChangeProtection", + "access_level": "Read", + "description": "Grants permission to get a studio", + "privilege": "GetStudio", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall*" + "resource_type": "studio*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify the logging configuration of a firewall", - "privilege": "UpdateLoggingConfiguration", + "access_level": "Read", + "description": "Grants permission to get a studio component", + "privilege": "GetStudioComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall*" + "resource_type": "studio-component*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a rule group", - "privilege": "UpdateRuleGroup", + "access_level": "Read", + "description": "Grants permission to get a studio member", + "privilege": "GetStudioMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "StatefulRuleGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "StatelessRuleGroup" + "resource_type": "studio*" } ] }, { - "access_level": "Write", - "description": "Grants permission to add or remove subnet change protection for a firewall", - "privilege": "UpdateSubnetChangeProtection", + "access_level": "Read", + "description": "Grants permission to list EULA acceptances", + "privilege": "ListEulaAcceptances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Firewall*" + "resource_type": "eula-acceptance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify a tls inspection configuration", - "privilege": "UpdateTLSInspectionConfiguration", + "access_level": "Read", + "description": "Grants permission to list EULAs", + "privilege": "ListEulas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TLSInspectionConfiguration*" + "resource_type": "eula*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:firewall/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Firewall" - }, - { - "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:firewall-policy/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "FirewallPolicy" - }, - { - "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:stateful-rulegroup/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "StatefulRuleGroup" - }, - { - "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:stateless-rulegroup/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "StatelessRuleGroup" - }, - { - "arn": "arn:${Partition}:network-firewall:${Region}:${Account}:tls-configuration/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "TLSInspectionConfiguration" - } - ], - "service_name": "AWS Network Firewall" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "networkmanager:cgwArn", - "description": "Filters access by which customer gateways can be associated or disassociated", - "type": "ARN" - }, - { - "condition": "networkmanager:subnetArns", - "description": "Filters access by which VPC subnets can be added or removed from a VPC attachment", - "type": "ArrayOfARN" }, { - "condition": "networkmanager:tgwArn", - "description": "Filters access by which transit gateways can be registered, deregistered, or peered", - "type": "ARN" - }, - { - "condition": "networkmanager:tgwConnectPeerArn", - "description": "Filters access by which transit gateway connect peers can be associated or disassociated", - "type": "ARN" - }, - { - "condition": "networkmanager:tgwRtbArn", - "description": "Filters access by which Transit Gateway Route Table can be used to create an attachment", - "type": "ARN" - }, - { - "condition": "networkmanager:vpcArn", - "description": "Filters access by which VPC can be used to a create/update attachment", - "type": "ARN" - }, - { - "condition": "networkmanager:vpnConnectionArn", - "description": "Filters access by which Site-to-Site VPN can be used to a create/update attachment", - "type": "ARN" - } - ], - "prefix": "networkmanager", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to accept creation of an attachment between a source and destination in a core network", - "privilege": "AcceptAttachment", + "access_level": "Read", + "description": "Grants permission to list launch profile members", + "privilege": "ListLaunchProfileMembers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "launch-profile*" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a Connect Peer", - "privilege": "AssociateConnectPeer", + "access_level": "Read", + "description": "Grants permission to list launch profiles", + "privilege": "ListLaunchProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "studio*" }, { - "condition_keys": [], + "condition_keys": [ + "nimble:principalId", + "nimble:requesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a customer gateway to a device", - "privilege": "AssociateCustomerGateway", + "access_level": "Read", + "description": "Grants permission to list streaming images", + "privilege": "ListStreamingImages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" - }, + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list streaming session backups", + "privilege": "ListStreamingSessionBackups", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "link" + "resource_type": "studio*" }, { "condition_keys": [ - "networkmanager:cgwArn" + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -169960,197 +193266,160 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to associate a link to a device", - "privilege": "AssociateLink", + "access_level": "Read", + "description": "Grants permission to list streaming sessions", + "privilege": "ListStreamingSessions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "studio*" }, { - "condition_keys": [], + "condition_keys": [ + "nimble:createdBy", + "nimble:ownedBy", + "nimble:requesterPrincipalId" + ], "dependent_actions": [], - "resource_type": "link*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to associate a transit gateway connect peer to a device", - "privilege": "AssociateTransitGatewayConnectPeer", + "access_level": "Read", + "description": "Grants permission to list studio components", + "privilege": "ListStudioComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list studio members", + "privilege": "ListStudioMembers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, + "resource_type": "studio*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all studios", + "privilege": "ListStudios", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "link" - }, - { - "condition_keys": [ - "networkmanager:tgwConnectPeerArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Connect attachment", - "privilege": "CreateConnectAttachment", + "access_level": "Read", + "description": "Grants permission to list all tags on a Nimble Studio resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "launch-profile" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "streaming-image" }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a Connect Peer connection", - "privilege": "CreateConnectPeer", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "streaming-session" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a new connection", - "privilege": "CreateConnection", - "resource_types": [ + "resource_type": "streaming-session-backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "studio" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "studio-component" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new core network", - "privilege": "CreateCoreNetwork", + "description": "Grants permission to add/update launch profile members", + "privilege": "PutLaunchProfileMembers", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "sso-directory:DescribeUsers" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "launch-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new device", - "privilege": "CreateDevice", + "description": "Grants permission to report metrics and logs for the Nimble Studio portal to monitor application health", + "privilege": "PutStudioLogEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new global network", - "privilege": "CreateGlobalNetwork", + "description": "Grants permission to add/update studio members", + "privilege": "PutStudioMembers", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "sso-directory:DescribeUsers" ], - "resource_type": "" + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new link", - "privilege": "CreateLink", + "description": "Grants permission to start a streaming session", + "privilege": "StartStreamingSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" + "dependent_actions": [ + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileMember" + ], + "resource_type": "streaming-session*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "site" + "resource_type": "streaming-session-backup" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -170159,39 +193428,34 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new site", - "privilege": "CreateSite", + "description": "Grants permission to repair the studio's AWS IAM Identity Center configuration", + "privilege": "StartStudioSSOConfigurationRepair", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "dependent_actions": [ + "sso:CreateManagedApplicationInstance", + "sso:GetManagedApplicationInstance" ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a site-to-site VPN attachment", - "privilege": "CreateSiteToSiteVpnAttachment", + "description": "Grants permission to stop a streaming session", + "privilege": "StopStreamingSession", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "core-network*" + "dependent_actions": [ + "nimble:GetLaunchProfile" + ], + "resource_type": "streaming-session*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "networkmanager:vpnConnectionArn" + "nimble:requesterPrincipalId" ], "dependent_actions": [], "resource_type": "" @@ -170199,63 +193463,45 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a Transit Gateway peering", - "privilege": "CreateTransitGatewayPeering", + "access_level": "Tagging", + "description": "Grants permission to add or overwrite one or more tags for the specified Nimble Studio resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "launch-profile" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "networkmanager:tgwArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a TGW RTB attachment", - "privilege": "CreateTransitGatewayRouteTableAttachment", - "resource_types": [ + "resource_type": "streaming-image" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "peering*" + "resource_type": "streaming-session" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "networkmanager:tgwRtbArn" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a VPC attachment", - "privilege": "CreateVpcAttachment", - "resource_types": [ + "resource_type": "streaming-session-backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "studio" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "studio-component" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", - "networkmanager:vpcArn", - "networkmanager:subnetArns" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -170263,666 +193509,854 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete an attachment", - "privilege": "DeleteAttachment", + "access_level": "Tagging", + "description": "Grants permission to disassociate one or more tags from the specified Nimble Studio resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a Connect Peer", - "privilege": "DeleteConnectPeer", - "resource_types": [ + "resource_type": "launch-profile" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connect-peer*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a connection", - "privilege": "DeleteConnection", - "resource_types": [ + "resource_type": "streaming-image" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection*" + "resource_type": "streaming-session" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a core network", - "privilege": "DeleteCoreNetwork", - "resource_types": [ + "resource_type": "streaming-session-backup" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete the core network policy version", - "privilege": "DeleteCoreNetworkPolicyVersion", - "resource_types": [ + "resource_type": "studio" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "studio-component" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a device", - "privilege": "DeleteDevice", + "description": "Grants permission to update a launch profile", + "privilege": "UpdateLaunchProfile", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "device*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" + "dependent_actions": [ + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "launch-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a global network", - "privilege": "DeleteGlobalNetwork", + "description": "Grants permission to update a launch profile member", + "privilege": "UpdateLaunchProfileMember", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "launch-profile*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a link", - "privilege": "DeleteLink", + "description": "Grants permission to update a streaming image", + "privilege": "UpdateStreamingImage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "link*" + "resource_type": "streaming-image*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a peering", - "privilege": "DeletePeering", + "description": "Grants permission to update a studio", + "privilege": "UpdateStudio", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "peering*" + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "studio*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a resource", - "privilege": "DeleteResourcePolicy", + "description": "Grants permission to update a studio component", + "privilege": "UpdateStudioComponent", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "core-network*" + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:DescribeDirectories", + "ec2:DescribeSecurityGroups", + "fsx:DescribeFileSystems", + "iam:PassRole" + ], + "resource_type": "studio-component*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio/${StudioId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:studioId" + ], + "resource": "studio" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-image/${StreamingImageId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:studioId" + ], + "resource": "streaming-image" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio-component/${StudioComponentId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:studioId" + ], + "resource": "studio-component" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:launch-profile/${LaunchProfileId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:studioId" + ], + "resource": "launch-profile" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-session/${StreamingSessionId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:createdBy", + "nimble:ownedBy" + ], + "resource": "streaming-session" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-session-backup/${StreamingSessionBackupId}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys", + "nimble:ownedBy" + ], + "resource": "streaming-session-backup" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula/${EulaId}", + "condition_keys": [], + "resource": "eula" + }, + { + "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula-acceptance/${EulaAcceptanceId}", + "condition_keys": [ + "nimble:studioId" + ], + "resource": "eula-acceptance" + } + ], + "service_name": "Amazon Nimble Studio" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "notifications", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a site", - "privilege": "DeleteSite", + "description": "Grants permission to associate a new Channel with a particular NotificationConfiguration", + "privilege": "AssociateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "site*" + "resource_type": "NotificationConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister a transit gateway from a global network", - "privilege": "DeregisterTransitGateway", + "description": "Grants permission to create a new EventRule, associating it with a NotificationConfiguration", + "privilege": "CreateEventRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "networkmanager:tgwArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe global networks", - "privilege": "DescribeGlobalNetworks", + "access_level": "Write", + "description": "Grants permission to create a NotificationConfiguration", + "privilege": "CreateNotificationConfiguration", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "global-network" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a Connect Peer", - "privilege": "DisassociateConnectPeer", + "description": "Grants permission to delete an EventRule", + "privilege": "DeleteEventRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "EventRule*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a customer gateway from a device", - "privilege": "DisassociateCustomerGateway", + "description": "Grants permission to delete a NotificationConfiguration", + "privilege": "DeleteNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "networkmanager:cgwArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "NotificationConfiguration*" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a link from a device", - "privilege": "DisassociateLink", + "description": "Grants permission to deregister a NotificationHub", + "privilege": "DeregisterNotificationHub", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "link*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate a transit gateway connect peer from a device", - "privilege": "DisassociateTransitGatewayConnectPeer", + "description": "Grants permission to remove a Channel from a NotificationConfiguration", + "privilege": "DisassociateChannel", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "networkmanager:tgwConnectPeerArn" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "NotificationConfiguration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to apply changes to the core network", - "privilege": "ExecuteCoreNetworkChangeSet", + "access_level": "Read", + "description": "Grants permission to get an EventRule", + "privilege": "GetEventRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "EventRule*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a Connect attachment", - "privilege": "GetConnectAttachment", + "description": "Grants permission to get a NotificationConfiguration", + "privilege": "GetNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "NotificationConfiguration*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a Connect Peer", - "privilege": "GetConnectPeer", + "description": "Grants permission to get a NotificationEvent", + "privilege": "GetNotificationEvent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connect-peer*" + "resource_type": "NotificationEvent*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe Connect Peer associations", - "privilege": "GetConnectPeerAssociations", + "access_level": "List", + "description": "Grants permission to list Channels by NotificationConfiguration", + "privilege": "ListChannels", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to describe connections", - "privilege": "GetConnections", + "description": "Grants permission to list EventRules", + "privilege": "ListEventRules", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a core network", - "privilege": "GetCoreNetwork", + "access_level": "List", + "description": "Grants permission to list NotificationConfigurations", + "privilege": "ListNotificationConfigurations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of core network change events", - "privilege": "GetCoreNetworkChangeEvents", + "access_level": "List", + "description": "Grants permission to list NotificationEvents", + "privilege": "ListNotificationEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of core network change sets", - "privilege": "GetCoreNetworkChangeSet", + "access_level": "List", + "description": "Grants permission to list NotificationHubs", + "privilege": "ListNotificationHubs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve core network policy", - "privilege": "GetCoreNetworkPolicy", + "description": "Grants permission to get tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe customer gateway associations", - "privilege": "GetCustomerGatewayAssociations", + "access_level": "Write", + "description": "Grants permission to register a NotificationHub", + "privilege": "RegisterNotificationHub", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe devices", - "privilege": "GetDevices", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "NotificationConfiguration*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "device" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe link associations", - "privilege": "GetLinkAssociations", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device" + "resource_type": "NotificationConfiguration*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "link" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe links", - "privilege": "GetLinks", + "access_level": "Write", + "description": "Grants permission to update an EventRule", + "privilege": "UpdateEventRule", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "link" + "resource_type": "EventRule*" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the number of resources for a global network grouped by type", - "privilege": "GetNetworkResourceCounts", + "access_level": "Write", + "description": "Grants permission to update a NotificationConfiguration", + "privilege": "UpdateNotificationConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "NotificationConfiguration*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:notifications::${Account}:configuration/${NotificationConfigurationId}/rule/${EventRuleId}", + "condition_keys": [], + "resource": "EventRule" }, { - "access_level": "Read", - "description": "Grants permission to retrieve related resources for a resource within the global network", - "privilege": "GetNetworkResourceRelationships", + "arn": "arn:${Partition}:notifications::${Account}:configuration/${NotificationConfigurationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "NotificationConfiguration" + }, + { + "arn": "arn:${Partition}:notifications:${Region}:${Account}:configuration/${NotificationConfigurationId}/event/${NotificationEventId}", + "condition_keys": [], + "resource": "NotificationEvent" + } + ], + "service_name": "AWS User Notifications" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "notifications-contacts", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to activate the email contact associated with the given ARN if the provided code is valid", + "privilege": "ActivateEmailContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "EmailContactResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a global network resource", - "privilege": "GetNetworkResources", + "access_level": "Write", + "description": "Grants permission to create an email contact", + "privilege": "CreateEmailContact", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve routes for a route table within the global network", - "privilege": "GetNetworkRoutes", + "access_level": "Write", + "description": "Grants permission to delete an email contact associated with the given ARN", + "privilege": "DeleteEmailContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "EmailContactResource*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve network telemetry objects for the global network", - "privilege": "GetNetworkTelemetry", + "description": "Grants permission to get an email contact associated with the given ARN", + "privilege": "GetEmailContact", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "EmailContactResource*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a resource policy", - "privilege": "GetResourcePolicy", + "access_level": "List", + "description": "Grants permission to list email contacts", + "privilege": "ListEmailContacts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a route analysis configuration and result", - "privilege": "GetRouteAnalysis", + "description": "Grants permission to get tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a site-to-site VPN attachment", - "privilege": "GetSiteToSiteVpnAttachment", + "access_level": "Write", + "description": "Grants permission to send an activation link to the email associated with the given ARN", + "privilege": "SendActivationCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "EmailContactResource*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe global networks", - "privilege": "GetSites", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "EmailContactResource*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "site" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe transit gateway connect peer associations", - "privilege": "GetTransitGatewayConnectPeerAssociations", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "EmailContactResource*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:notifications-contacts::${Account}:emailcontact/${EmailContactId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "EmailContactResource" + } + ], + "service_name": "AWS User Notifications Contacts" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to retrieve a Transit Gateway peering", - "privilege": "GetTransitGatewayPeering", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "oam:ResourceTypes", + "description": "Filters access by the presence of resource types in the request", + "type": "ArrayOfString" + } + ], + "prefix": "oam", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a link between a monitoring account and a source account for cross-account monitoring", + "privilege": "CreateLink", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "oam:TagResource" + ], + "resource_type": "Sink*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "oam:ResourceTypes" + ], "dependent_actions": [], - "resource_type": "peering*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe transit gateway registrations", - "privilege": "GetTransitGatewayRegistrations", + "access_level": "Write", + "description": "Grants permission to create a sink in an account so that it can be used as a monitoring account for cross-account monitoring", + "privilege": "CreateSink", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network*" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "oam:TagResource" + ], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a TGW RTB attachment", - "privilege": "GetTransitGatewayRouteTableAttachment", + "access_level": "Write", + "description": "Grants permission to delete a link between a monitoring account and a source account for cross-account monitoring", + "privilege": "DeleteLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "Link*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a VPC attachment", - "privilege": "GetVpcAttachment", + "access_level": "Write", + "description": "Grants permission to delete a cross-account monitoring sink in a monitoring account", + "privilege": "DeleteSink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "Sink*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe attachments", - "privilege": "ListAttachments", + "access_level": "Read", + "description": "Grants permission to retrieve complete information about one cross-account monitoring link", + "privilege": "GetLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "Link*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe Connect Peers", - "privilege": "ListConnectPeers", + "access_level": "Read", + "description": "Grants permission to retrieve complete information about one cross-account monitoring sink", + "privilege": "GetSink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connect-peer*" + "resource_type": "Sink*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list core network policy versions", - "privilege": "ListCoreNetworkPolicyVersions", + "access_level": "Read", + "description": "Grants permission to retrieve information for the IAM policy for a cross-account monitoring sink", + "privilege": "GetSinkPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "Sink*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list core networks", - "privilege": "ListCoreNetworks", + "access_level": "Read", + "description": "Grants permission to retrieve a list of links that are linked for a cross-account monitoring sink", + "privilege": "ListAttachedLinks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Sink*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list organization service access status", - "privilege": "ListOrganizationServiceAccessStatus", + "access_level": "Read", + "description": "Grants permission to retrieve the ARNs of cross-account monitoring links in this account", + "privilege": "ListLinks", "resource_types": [ { "condition_keys": [], @@ -170932,9 +194366,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe peerings", - "privilege": "ListPeerings", + "access_level": "Read", + "description": "Grants permission to retrieve the ARNs of cross-account monitoring sinks in this account", + "privilege": "ListSinks", "resource_types": [ { "condition_keys": [], @@ -170945,57 +194379,83 @@ }, { "access_level": "Read", - "description": "Grants permission to list tags for a Network Manager resource", + "description": "Grants permission to list the tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment" + "resource_type": "Link" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "connect-peer" - }, + "resource_type": "Sink" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create or update the IAM policy for a cross-account monitoring sink", + "privilege": "PutSinkPolicy", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "connection" + "resource_type": "Sink*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "core-network" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" + "resource_type": "Link" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network" + "resource_type": "Sink" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "link" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "peering" + "resource_type": "Link" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "site" + "resource_type": "Sink" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -171004,150 +194464,217 @@ }, { "access_level": "Write", - "description": "Grants permission to create a core network policy", - "privilege": "PutCoreNetworkPolicy", + "description": "Grants permission to update an existing link between a monitoring account and a source account", + "privilege": "UpdateLink", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "Link*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "oam:ResourceTypes" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:oam:${Region}:${Account}:link/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Link" + }, + { + "arn": "arn:${Partition}:oam:${Region}:${Account}:sink/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Sink" + } + ], + "service_name": "Amazon CloudWatch Observability Access Manager" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + }, + { + "condition": "omics:AnnotationImportJobJobId", + "description": "Filters access by a unique resource identifier", + "type": "String" + }, + { + "condition": "omics:AnnotationStoreName", + "description": "Filters access by the name of the store", + "type": "String" + }, + { + "condition": "omics:AnnotationStoreVersionName", + "description": "Filters access by the name of the annotation store version", + "type": "String" + }, + { + "condition": "omics:VariantImportJobJobId", + "description": "Filters access by a unique resource identifier", + "type": "String" }, + { + "condition": "omics:VariantStoreName", + "description": "Filters access by the name of the store", + "type": "String" + } + ], + "prefix": "omics", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create or update a resource policy", - "privilege": "PutResourcePolicy", + "description": "Grants permission to abort multipart read set uploads", + "privilege": "AbortMultipartReadSetUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "sequenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to register a transit gateway to a global network", - "privilege": "RegisterTransitGateway", + "description": "Grants permission to accept a share", + "privilege": "AcceptShare", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, - { - "condition_keys": [ - "networkmanager:tgwArn" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to reject attachment request", - "privilege": "RejectAttachment", + "description": "Grants permission to batch delete Read Sets in the given Sequence Store", + "privilege": "BatchDeleteReadSet", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" + "resource_type": "sequenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to restore the core network policy to a previous version", - "privilege": "RestoreCoreNetworkPolicyVersion", + "description": "Grants permission to cancel an Annotation Import Job", + "privilege": "CancelAnnotationImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "AnnotationImportJob*" } ] }, { "access_level": "Write", - "description": "Grants permission to start organization service access update", - "privilege": "StartOrganizationServiceAccessUpdate", + "description": "Grants permission to cancel a workflow run and stop all workflow tasks", + "privilege": "CancelRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a route analysis and stores analysis configuration", - "privilege": "StartRouteAnalysis", + "description": "Grants permission to cancel a Variant Import Job", + "privilege": "CancelVariantImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "VariantImportJob*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a Network Manager resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to complete a multipart read set upload", + "privilege": "CompleteMultipartReadSetUpload", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connect-peer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "core-network" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network" - }, + "resource_type": "sequenceStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Annotation Store", + "privilege": "CreateAnnotationStore", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "link" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Version in an Annotation Store", + "privilege": "CreateAnnotationStoreVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "peering" - }, + "resource_type": "AnnotationStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a multipart read set upload", + "privilege": "CreateMultipartReadSetUpload", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "site" - }, + "resource_type": "sequenceStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Reference Store", + "privilege": "CreateReferenceStore", + "resource_types": [ { "condition_keys": [ - "aws:TagKeys", "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -171155,57 +194682,13 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a Network Manager resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a new workflow run group", + "privilege": "CreateRunGroup", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "attachment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connect-peer" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "core-network" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "device" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "global-network" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "link" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "peering" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "site" - }, { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -171215,277 +194698,159 @@ }, { "access_level": "Write", - "description": "Grants permission to update a connection", - "privilege": "UpdateConnection", + "description": "Grants permission to create a Sequence Store", + "privilege": "CreateSequenceStore", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "connection*" - }, - { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a core network", - "privilege": "UpdateCoreNetwork", + "description": "Grants permission to create a share", + "privilege": "CreateShare", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "core-network*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a device", - "privilege": "UpdateDevice", + "description": "Grants permission to create a Variant Store", + "privilege": "CreateVariantStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new workflow with a workflow definition and template of workflow parameters", + "privilege": "CreateWorkflow", + "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a global network", - "privilege": "UpdateGlobalNetwork", + "description": "Grants permission to delete an Annotation Store", + "privilege": "DeleteAnnotationStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "AnnotationStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a link", - "privilege": "UpdateLink", + "description": "Grants permission to delete Versions in an Annotation Store", + "privilege": "DeleteAnnotationStoreVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "AnnotationStore*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "link*" + "resource_type": "AnnotationStoreVersion*" } ] }, { "access_level": "Write", - "description": "Grants permission to add or update metadata key/value pairs on network resource", - "privilege": "UpdateNetworkResourceMetadata", + "description": "Grants permission to delete a Reference in the given Reference Store", + "privilege": "DeleteReference", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" + "resource_type": "reference*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "referenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a site", - "privilege": "UpdateSite", + "description": "Grants permission to delete a Reference Store", + "privilege": "DeleteReferenceStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "global-network*" - }, + "resource_type": "referenceStore*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a workflow run", + "privilege": "DeleteRun", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "site*" + "resource_type": "run*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a VPC attachment", - "privilege": "UpdateVpcAttachment", + "description": "Grants permission to delete a workflow run group", + "privilege": "DeleteRunGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "attachment*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "networkmanager:subnetArns" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "runGroup*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:networkmanager::${Account}:global-network/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "global-network" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:site/${GlobalNetworkId}/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "site" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:link/${GlobalNetworkId}/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "link" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:device/${GlobalNetworkId}/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "device" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:connection/${GlobalNetworkId}/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connection" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:core-network/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "core-network" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:attachment/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "attachment" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:connect-peer/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "connect-peer" - }, - { - "arn": "arn:${Partition}:networkmanager::${Account}:peering/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "peering" - } - ], - "service_name": "AWS Network Manager" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag key and value pair that is allowed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair of a resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by a list of tag keys that are allowed in the request", - "type": "ArrayOfString" - }, - { - "condition": "nimble:createdBy", - "description": "Filters access by the createdBy request parameter or the ID of the creator of the resource", - "type": "String" }, - { - "condition": "nimble:ownedBy", - "description": "Filters access by the ownedBy request parameter or the ID of the owner of the resource", - "type": "String" - }, - { - "condition": "nimble:principalId", - "description": "Filters access by the principalId request parameter", - "type": "String" - }, - { - "condition": "nimble:requesterPrincipalId", - "description": "Filters access by the ID of the logged in user", - "type": "String" - }, - { - "condition": "nimble:studioId", - "description": "Filters access by a specific studio", - "type": "ARN" - } - ], - "prefix": "nimble", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to accept EULAs", - "privilege": "AcceptEulas", + "description": "Grants permission to delete a Sequence Store", + "privilege": "DeleteSequenceStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eula*" + "resource_type": "sequenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a launch profile", - "privilege": "CreateLaunchProfile", + "description": "Grants permission to delete a share", + "privilege": "DeleteShare", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpoints", - "ec2:RunInstances" - ], - "resource_type": "studio*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], "dependent_actions": [], "resource_type": "" } @@ -171493,543 +194858,494 @@ }, { "access_level": "Write", - "description": "Grants permission to create a streaming image", - "privilege": "CreateStreamingImage", + "description": "Grants permission to delete a Variant Store", + "privilege": "DeleteVariantStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySnapshotAttribute", - "ec2:RegisterImage" - ], - "resource_type": "studio*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "VariantStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a streaming session", - "privilege": "CreateStreamingSession", + "description": "Grants permission to delete a workflow", + "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "nimble:GetLaunchProfile", - "nimble:GetLaunchProfileInitialization", - "nimble:ListEulaAcceptances" - ], - "resource_type": "launch-profile*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "workflow*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a StreamingSessionStream", - "privilege": "CreateStreamingSessionStream", + "access_level": "Read", + "description": "Grants permission to get the status of an Annotation Import Job", + "privilege": "GetAnnotationImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session*" - }, + "resource_type": "AnnotationImportJob*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get detailed information about an Annotation Store", + "privilege": "GetAnnotationStore", + "resource_types": [ { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnnotationStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a studio", - "privilege": "CreateStudio", + "access_level": "Read", + "description": "Grants permission to get detailed information about a version in an Annotation Store", + "privilege": "GetAnnotationStoreVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole", - "sso:CreateManagedApplicationInstance" - ], - "resource_type": "studio*" + "dependent_actions": [], + "resource_type": "AnnotationStore*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "AnnotationStoreVersion*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a studio component. A studio component designates a network resource to which a launch profile will provide access", - "privilege": "CreateStudioComponent", + "access_level": "Read", + "description": "Grants permission to get a Read Set in the given Sequence Store", + "privilege": "GetReadSet", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:AuthorizeApplication", - "ds:DescribeDirectories", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFileSystems", - "iam:PassRole" - ], - "resource_type": "studio*" + "dependent_actions": [], + "resource_type": "readSet*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a launch profile", - "privilege": "DeleteLaunchProfile", + "access_level": "Read", + "description": "Grants permission to get details about a Read Set activation job for the given Sequence Store", + "privilege": "GetReadSetActivationJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a launch profile member", - "privilege": "DeleteLaunchProfileMember", + "access_level": "Read", + "description": "Grants permission to get details about a Read Set export job for the given Sequence Store", + "privilege": "GetReadSetExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a streaming image", - "privilege": "DeleteStreamingImage", + "access_level": "Read", + "description": "Grants permission to get details about a Read Set import job for the given Sequence Store", + "privilege": "GetReadSetImportJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteSnapshot", - "ec2:DeregisterImage", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySnapshotAttribute" - ], - "resource_type": "streaming-image*" + "dependent_actions": [], + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a streaming session", - "privilege": "DeleteStreamingSession", + "access_level": "Read", + "description": "Grants permission to get details about a Read Set in the given Sequence Store", + "privilege": "GetReadSetMetadata", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DeleteNetworkInterface" - ], - "resource_type": "streaming-session*" + "dependent_actions": [], + "resource_type": "readSet*" }, { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a studio", - "privilege": "DeleteStudio", + "access_level": "Read", + "description": "Grants permission to get a Reference in the given Reference Store", + "privilege": "GetReference", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso:DeleteManagedApplicationInstance" - ], - "resource_type": "studio*" + "dependent_actions": [], + "resource_type": "reference*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "referenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a studio component", - "privilege": "DeleteStudioComponent", + "access_level": "Read", + "description": "Grants permission to get details about a Reference import job for the given Reference Store", + "privilege": "GetReferenceImportJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:UnauthorizeApplication" - ], - "resource_type": "studio-component*" + "dependent_actions": [], + "resource_type": "referenceStore*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a studio member", - "privilege": "DeleteStudioMember", + "access_level": "Read", + "description": "Grants permission to get details about a Reference in the given Reference Store", + "privilege": "GetReferenceMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "reference*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "referenceStore*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a EULA", - "privilege": "GetEula", + "description": "Grants permission to get details about a Reference Store", + "privilege": "GetReferenceStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eula*" + "resource_type": "referenceStore*" } ] }, { "access_level": "Read", - "description": "Grants permission to allow Nimble Studio portal to show the appropriate features for this account", - "privilege": "GetFeatureMap", + "description": "Grants permission to retrieve workflow run details", + "privilege": "GetRun", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a launch profile", - "privilege": "GetLaunchProfile", + "description": "Grants permission to retrieve workflow run group details", + "privilege": "GetRunGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "runGroup*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a launch profile's details, which includes the summary of studio components and streaming images used by the launch profile", - "privilege": "GetLaunchProfileDetails", + "description": "Grants permission to retrieve workflow task details", + "privilege": "GetRunTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "TaskResource*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "run*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a launch profile initialization. A launch profile initialization is a dereferenced version of a launch profile, including attached studio component connection information", - "privilege": "GetLaunchProfileInitialization", + "description": "Grants permission to get details about a Sequence Store", + "privilege": "GetSequenceStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:DescribeDirectories", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFileSystems" - ], - "resource_type": "launch-profile*" + "dependent_actions": [], + "resource_type": "sequenceStore*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a launch profile member", - "privilege": "GetLaunchProfileMember", + "description": "Grants permission to get detailed information about a Share", + "privilege": "GetShare", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a streaming image", - "privilege": "GetStreamingImage", + "description": "Grants permission to get the status of a Variant Import Job", + "privilege": "GetVariantImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-image*" + "resource_type": "VariantImportJob*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a streaming session", - "privilege": "GetStreamingSession", + "description": "Grants permission to get detailed information about a Variant Store", + "privilege": "GetVariantStore", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session*" - }, - { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "VariantStore*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a streaming session backup", - "privilege": "GetStreamingSessionBackup", + "description": "Grants permission to retrieve workflow details", + "privilege": "GetWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session-backup*" - }, + "resource_type": "workflow*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of Annotation Import Jobs", + "privilege": "ListAnnotationImportJobs", + "resource_types": [ { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a streaming session stream", - "privilege": "GetStreamingSessionStream", + "access_level": "List", + "description": "Grants permission to retrieve a list of information about Versions in an Annotation Store", + "privilege": "ListAnnotationStoreVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session*" - }, + "resource_type": "AnnotationStore*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of information about Annotation Stores", + "privilege": "ListAnnotationStores", + "resource_types": [ { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a studio", - "privilege": "GetStudio", + "access_level": "List", + "description": "Grants permission to list multipart read set uploads", + "privilege": "ListMultipartReadSetUploads", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a studio component", - "privilege": "GetStudioComponent", + "access_level": "List", + "description": "Grants permission to list Read Set activation jobs for the given Sequence Store", + "privilege": "ListReadSetActivationJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio-component*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a studio member", - "privilege": "GetStudioMember", + "access_level": "List", + "description": "Grants permission to list Read Set export jobs for the given Sequence Store", + "privilege": "ListReadSetExportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list EULA acceptances", - "privilege": "ListEulaAcceptances", + "access_level": "List", + "description": "Grants permission to list Read Set import jobs for the given Sequence Store", + "privilege": "ListReadSetImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eula-acceptance*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list EULAs", - "privilege": "ListEulas", + "access_level": "List", + "description": "Grants permission to list read set upload parts", + "privilege": "ListReadSetUploadParts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eula*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list launch profile members", - "privilege": "ListLaunchProfileMembers", + "access_level": "List", + "description": "Grants permission to list Read Sets in the given Sequence Store", + "privilege": "ListReadSets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "sequenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list launch profiles", - "privilege": "ListLaunchProfiles", + "access_level": "List", + "description": "Grants permission to list Reference import jobs for the given Reference Store", + "privilege": "ListReferenceImportJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - }, + "resource_type": "referenceStore*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Reference Stores", + "privilege": "ListReferenceStores", + "resource_types": [ { - "condition_keys": [ - "nimble:principalId", - "nimble:requesterPrincipalId" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list streaming images", - "privilege": "ListStreamingImages", + "access_level": "List", + "description": "Grants permission to list References in the given Reference Store", + "privilege": "ListReferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "referenceStore*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list streaming session backups", - "privilege": "ListStreamingSessionBackups", + "access_level": "List", + "description": "Grants permission to retrieve a list of workflow run groups", + "privilege": "ListRunGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - }, - { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list streaming sessions", - "privilege": "ListStreamingSessions", + "access_level": "List", + "description": "Grants permission to retrieve a list of tasks for a workflow run", + "privilege": "ListRunTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" - }, - { - "condition_keys": [ - "nimble:createdBy", - "nimble:ownedBy", - "nimble:requesterPrincipalId" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "run*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list studio components", - "privilege": "ListStudioComponents", + "access_level": "List", + "description": "Grants permission to retrieve a list of workflow runs", + "privilege": "ListRuns", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list studio members", - "privilege": "ListStudioMembers", + "access_level": "List", + "description": "Grants permission to list Sequence Stores", + "privilege": "ListSequenceStores", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to list all studios", - "privilege": "ListStudios", + "access_level": "List", + "description": "Grants permission to retrieve a list of information about shares", + "privilege": "ListShares", "resource_types": [ { "condition_keys": [], @@ -172039,140 +195355,135 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all tags on a Nimble Studio resource", + "access_level": "List", + "description": "Grants permission to retrieve a list of resource AWS tags", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "streaming-image" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get a list of Variant Import Jobs", + "privilege": "ListVariantImportJobs", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of metadata for Variant Stores", + "privilege": "ListVariantStores", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session-backup" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve a list of available workflows", + "privilege": "ListWorkflows", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to import a list of Annotation files to an Annotation Store", + "privilege": "StartAnnotationImportJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio-component" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to add/update launch profile members", - "privilege": "PutLaunchProfileMembers", + "description": "Grants permission to start a Read Set activation job from the given Sequence Store", + "privilege": "StartReadSetActivationJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso-directory:DescribeUsers" - ], - "resource_type": "launch-profile*" + "dependent_actions": [], + "resource_type": "sequenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to report metrics and logs for the Nimble Studio portal to monitor application health", - "privilege": "PutStudioLogEvents", + "description": "Grants permission to start a Read Set export job from the given Sequence Store", + "privilege": "StartReadSetExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio*" + "resource_type": "sequenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to add/update studio members", - "privilege": "PutStudioMembers", + "description": "Grants permission to start a Read Set import job into the given Sequence Store", + "privilege": "StartReadSetImportJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "sso-directory:DescribeUsers" - ], - "resource_type": "studio*" + "dependent_actions": [], + "resource_type": "sequenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a streaming session", - "privilege": "StartStreamingSession", + "description": "Grants permission to start a Reference import job into the given Reference Store", + "privilege": "StartReferenceImportJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "nimble:GetLaunchProfile", - "nimble:GetLaunchProfileMember" - ], - "resource_type": "streaming-session*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "streaming-session-backup" - }, - { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], "dependent_actions": [], - "resource_type": "" + "resource_type": "referenceStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to repair the studio's AWS IAM Identity Center configuration", - "privilege": "StartStudioSSOConfigurationRepair", + "description": "Grants permission to start a workflow run", + "privilege": "StartRun", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "sso:CreateManagedApplicationInstance", - "sso:GetManagedApplicationInstance" + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "studio*" + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a streaming session", - "privilege": "StopStreamingSession", + "description": "Grants permission to import a list of variant files to an Variant Store", + "privilege": "StartVariantImportJob", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "nimble:GetLaunchProfile" - ], - "resource_type": "streaming-session*" - }, - { - "condition_keys": [ - "nimble:requesterPrincipalId" - ], "dependent_actions": [], "resource_type": "" } @@ -172180,44 +195491,48 @@ }, { "access_level": "Tagging", - "description": "Grants permission to add or overwrite one or more tags for the specified Nimble Studio resource", + "description": "Grants permission to add AWS tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile" + "resource_type": "readSet" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-image" + "resource_type": "reference" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session" + "resource_type": "referenceStore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session-backup" + "resource_type": "run" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio" + "resource_type": "runGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio-component" + "resource_type": "sequenceStore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" }, { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -172226,38 +195541,43 @@ }, { "access_level": "Tagging", - "description": "Grants permission to disassociate one or more tags from the specified Nimble Studio resource", + "description": "Grants permission to remove resource AWS tags", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile" + "resource_type": "readSet" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-image" + "resource_type": "reference" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session" + "resource_type": "referenceStore" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-session-backup" + "resource_type": "run" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio" + "resource_type": "runGroup" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "studio-component" + "resource_type": "sequenceStore" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workflow" }, { "condition_keys": [ @@ -172270,166 +195590,190 @@ }, { "access_level": "Write", - "description": "Grants permission to update a launch profile", - "privilege": "UpdateLaunchProfile", + "description": "Grants permission to update information about the Annotation Store", + "privilege": "UpdateAnnotationStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpoints" - ], - "resource_type": "launch-profile*" + "dependent_actions": [], + "resource_type": "AnnotationStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a launch profile member", - "privilege": "UpdateLaunchProfileMember", + "description": "Grants permission to update information about the Version in an Annotation Store", + "privilege": "UpdateAnnotationStoreVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "launch-profile*" + "resource_type": "AnnotationStore*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AnnotationStoreVersion*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a streaming image", - "privilege": "UpdateStreamingImage", + "description": "Grants permission to update a workflow run group", + "privilege": "UpdateRunGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "streaming-image*" + "resource_type": "runGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a studio", - "privilege": "UpdateStudio", + "description": "Grants permission to update metadata about the Variant Store", + "privilege": "UpdateVariantStore", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "studio*" + "dependent_actions": [], + "resource_type": "VariantStore*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a studio component", - "privilege": "UpdateStudioComponent", + "description": "Grants permission to update workflow details", + "privilege": "UpdateWorkflow", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "ds:AuthorizeApplication", - "ds:DescribeDirectories", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFileSystems", - "iam:PassRole" - ], - "resource_type": "studio-component*" + "dependent_actions": [], + "resource_type": "workflow*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to upload read set parts", + "privilege": "UploadReadSetPart", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "sequenceStore*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio/${StudioId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationImportJob/${AnnotationImportJobId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:studioId" + "omics:AnnotationImportJobJobId" ], - "resource": "studio" + "resource": "AnnotationImportJob" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-image/${StreamingImageId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationStore/${AnnotationStoreId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:studioId" + "omics:AnnotationStoreName" ], - "resource": "streaming-image" + "resource": "AnnotationStore" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:studio-component/${StudioComponentId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationStore/${AnnotationStoreName}/version/${AnnotationStoreVersionName}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:studioId" + "omics:AnnotationStoreVersionName" ], - "resource": "studio-component" + "resource": "AnnotationStoreVersion" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:launch-profile/${LaunchProfileId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:sequenceStore/${SequenceStoreId}/readSet/${ReadSetId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:studioId" + "aws:ResourceTag/${TagKey}" ], - "resource": "launch-profile" + "resource": "readSet" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-session/${StreamingSessionId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:referenceStore/${ReferenceStoreId}/reference/${ReferenceId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:createdBy", - "nimble:ownedBy" + "aws:ResourceTag/${TagKey}" ], - "resource": "streaming-session" + "resource": "reference" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:streaming-session-backup/${StreamingSessionBackupId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:referenceStore/${ReferenceStoreId}", "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "nimble:ownedBy" + "aws:ResourceTag/${TagKey}" ], - "resource": "streaming-session-backup" + "resource": "referenceStore" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula/${EulaId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:run/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "run" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:runGroup/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "runGroup" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:sequenceStore/${SequenceStoreId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "sequenceStore" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:tag/${TagKey}", "condition_keys": [], - "resource": "eula" + "resource": "TaggingResource" }, { - "arn": "arn:${Partition}:nimble:${Region}:${Account}:eula-acceptance/${EulaAcceptanceId}", + "arn": "arn:${Partition}:omics:${Region}:${Account}:task/${Id}", + "condition_keys": [], + "resource": "TaskResource" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:variantImportJob/${VariantImportJobId}", "condition_keys": [ - "nimble:studioId" + "omics:VariantImportJobJobId" ], - "resource": "eula-acceptance" + "resource": "VariantImportJob" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:variantStore/${VariantStoreId}", + "condition_keys": [ + "omics:VariantStoreName" + ], + "resource": "VariantStore" + }, + { + "arn": "arn:${Partition}:omics:${Region}:${Account}:workflow/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workflow" } ], - "service_name": "Amazon Nimble Studio" + "service_name": "AWS HealthOmics" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by using tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by using tag key-value pairs attached to the resource", "type": "String" }, { @@ -172438,41 +195782,85 @@ "type": "ArrayOfString" } ], - "prefix": "notifications", + "prefix": "one", "privileges": [ { "access_level": "Write", - "description": "Grants permission to associate a new Channel with a particular NotificationConfiguration", - "privilege": "AssociateChannel", + "description": "Grants permission to create a QR code for a Device Instance", + "privilege": "CreateDeviceActivationQrCode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a new EventRule, associating it with a NotificationConfiguration", - "privilege": "CreateEventRule", + "description": "Grants permission to create a Device Configuration Template", + "privilege": "CreateDeviceConfigurationTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Device Instance", + "privilege": "CreateDeviceInstance", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Device Instance Configuration", + "privilege": "CreateDeviceInstanceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a NotificationConfiguration", - "privilege": "CreateNotificationConfiguration", + "description": "Grants permission to create a Site", + "privilege": "CreateSite", "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -172481,116 +195869,191 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an EventRule", - "privilege": "DeleteEventRule", + "description": "Grants permission to disassociate Device from a Device Instance", + "privilege": "DeleteAssociatedDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EventRule*" + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a NotificationConfiguration", - "privilege": "DeleteNotificationConfiguration", + "description": "Grants permission to delete a Device Configuration Template", + "privilege": "DeleteDeviceConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "device-configuration-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister a NotificationHub", - "privilege": "DeregisterNotificationHub", + "description": "Grants permission to delete a Device Instance", + "privilege": "DeleteDeviceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to remove a Channel from a NotificationConfiguration", - "privilege": "DisassociateChannel", + "description": "Grants permission to delete a Site", + "privilege": "DeleteSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "site*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a User", + "privilege": "DeleteUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" } ] }, { "access_level": "Read", - "description": "Grants permission to get an EventRule", - "privilege": "GetEventRule", + "description": "Grants permission to view a Device Configuration Template", + "privilege": "GetDeviceConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EventRule*" + "resource_type": "device-configuration-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a NotificationConfiguration", - "privilege": "GetNotificationConfiguration", + "description": "Grants permission to view a Device Instance", + "privilege": "GetDeviceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a NotificationEvent", - "privilege": "GetNotificationEvent", + "description": "Grants permission to view a Device Instance Configuration", + "privilege": "GetDeviceInstanceConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationEvent*" + "resource_type": "configuration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Channels by NotificationConfiguration", - "privilege": "ListChannels", + "access_level": "Read", + "description": "Grants permission to view a Site", + "privilege": "GetSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "site*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list EventRules", - "privilege": "ListEventRules", + "access_level": "Read", + "description": "Grants permission to view address of a Site", + "privilege": "GetSiteAddress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "site*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list NotificationConfigurations", - "privilege": "ListNotificationConfigurations", + "description": "Grants permission to retrieve list of Device Configuration Templates", + "privilege": "ListDeviceConfigurationTemplates", "resource_types": [ { "condition_keys": [], @@ -172601,8 +196064,8 @@ }, { "access_level": "List", - "description": "Grants permission to list NotificationEvents", - "privilege": "ListNotificationEvents", + "description": "Grants permission to retrieve list of Device Instances", + "privilege": "ListDeviceInstances", "resource_types": [ { "condition_keys": [], @@ -172613,8 +196076,8 @@ }, { "access_level": "List", - "description": "Grants permission to list NotificationHubs", - "privilege": "ListNotificationHubs", + "description": "Grants permission to view list of Sites", + "privilege": "ListSites", "resource_types": [ { "condition_keys": [], @@ -172625,8 +196088,37 @@ }, { "access_level": "Read", - "description": "Grants permission to get tags for a resource", + "description": "Grants permission to list tags for an Amazon One Enterprise resource", "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device-configuration-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to view list of Users", + "privilege": "ListUsers", "resource_types": [ { "condition_keys": [], @@ -172637,30 +196129,47 @@ }, { "access_level": "Write", - "description": "Grants permission to register a NotificationHub", - "privilege": "RegisterNotificationHub", + "description": "Grants permission to reboot Device associated with a Device Instance", + "privilege": "RebootDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource", + "description": "Grants permission to add tags to an Amazon One Enterprise resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "device-configuration-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -172669,13 +196178,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", + "description": "Grants permission to remove tags from an Amazon One Enterprise resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "device-configuration-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site" }, { "condition_keys": [ @@ -172688,251 +196207,235 @@ }, { "access_level": "Write", - "description": "Grants permission to update an EventRule", - "privilege": "UpdateEventRule", + "description": "Grants permission to update a Device Configuration Template", + "privilege": "UpdateDeviceConfigurationTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EventRule*" + "resource_type": "device-configuration-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a NotificationConfiguration", - "privilege": "UpdateNotificationConfiguration", + "description": "Grants permission to update a Device Instance", + "privilege": "UpdateDeviceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "NotificationConfiguration*" + "resource_type": "device-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a Site", + "privilege": "UpdateSite", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update address of a Site", + "privilege": "UpdateSiteAddress", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "site*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] } ], "resources": [ { - "arn": "arn:${Partition}:notifications::${Account}:configuration/${NotificationConfigurationId}/rule/${EventRuleId}", - "condition_keys": [], - "resource": "EventRule" - }, - { - "arn": "arn:${Partition}:notifications::${Account}:configuration/${NotificationConfigurationId}", + "arn": "arn:${Partition}:one:${Region}:${Account}:device-instance/${DeviceInstanceId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "NotificationConfiguration" + "resource": "device-instance" }, { - "arn": "arn:${Partition}:notifications:${Region}:${Account}:configuration/${NotificationConfigurationId}/event/${NotificationEventId}", + "arn": "arn:${Partition}:one:${Region}:${Account}:device-instance/${DeviceInstanceId}/configuration/${Version}", "condition_keys": [], - "resource": "NotificationEvent" - } - ], - "service_name": "AWS User Notifications" - }, - { - "conditions": [ + "resource": "configuration" + }, { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "arn": "arn:${Partition}:one:${Region}:${Account}:device-configuration-template/${TemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device-configuration-template" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "arn": "arn:${Partition}:one:${Region}:${Account}:site/${SiteId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "site" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" + "arn": "arn:${Partition}:one:${Region}:${Account}:user/${UserId}", + "condition_keys": [], + "resource": "user" } ], - "prefix": "notifications-contacts", + "service_name": "Amazon One Enterprise" + }, + { + "conditions": [], + "prefix": "opsworks", "privileges": [ { "access_level": "Write", - "description": "Grants permission to activate the email contact associated with the given ARN if the provided code is valid", - "privilege": "ActivateEmailContact", + "description": "Grants permission to assign a registered instance to a layer", + "privilege": "AssignInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EmailContactResource*" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to create an email contact", - "privilege": "CreateEmailContact", + "description": "Grants permission to assign one of the stack's registered Amazon EBS volumes to a specified instance", + "privilege": "AssignVolume", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an email contact associated with the given ARN", - "privilege": "DeleteEmailContact", + "description": "Grants permission to associate one of the stack's registered Elastic IP addresses with a specified instance", + "privilege": "AssociateElasticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EmailContactResource*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an email contact associated with the given ARN", - "privilege": "GetEmailContact", + "access_level": "Write", + "description": "Grants permission to attach an Elastic Load Balancing load balancer to a specified layer", + "privilege": "AttachElasticLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EmailContactResource*" + "resource_type": "stack" } ] }, { - "access_level": "List", - "description": "Grants permission to list email contacts", - "privilege": "ListEmailContacts", + "access_level": "Write", + "description": "Grants permission to create a clone of a specified stack", + "privilege": "CloneStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to create an app for a specified stack", + "privilege": "CreateApp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to send an activation link to the email associated with the given ARN", - "privilege": "SendActivationCode", + "description": "Grants permission to run deployment or stack commands", + "privilege": "CreateDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EmailContactResource*" + "resource_type": "stack" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to create an instance in a specified stack", + "privilege": "CreateInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EmailContactResource*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to create a layer", + "privilege": "CreateLayer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "EmailContactResource*" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:notifications-contacts::${Account}:emailcontact/${EmailContactId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "EmailContactResource" - } - ], - "service_name": "AWS User Notifications Contacts" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" }, - { - "condition": "oam:ResourceTypes", - "description": "Filters access by the presence of resource types in the request", - "type": "ArrayOfString" - } - ], - "prefix": "oam", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a link between a monitoring account and a source account for cross-account monitoring", - "privilege": "CreateLink", + "description": "Grants permission to create a new stack", + "privilege": "CreateStack", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "oam:TagResource" - ], - "resource_type": "Sink*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys", - "oam:ResourceTypes" - ], "dependent_actions": [], "resource_type": "" } @@ -172940,849 +196443,716 @@ }, { "access_level": "Write", - "description": "Grants permission to create a sink in an account so that it can be used as a monitoring account for cross-account monitoring", - "privilege": "CreateSink", + "description": "Grants permission to create a new user profile", + "privilege": "CreateUserProfile", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "oam:TagResource" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a link between a monitoring account and a source account for cross-account monitoring", - "privilege": "DeleteLink", + "description": "Grants permission to delete a specified app", + "privilege": "DeleteApp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Link*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a cross-account monitoring sink in a monitoring account", - "privilege": "DeleteSink", + "description": "Grants permission to delete a specified instance, which terminates the associated Amazon EC2 instance", + "privilege": "DeleteInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve complete information about one cross-account monitoring link", - "privilege": "GetLink", + "access_level": "Write", + "description": "Grants permission to delete a specified layer", + "privilege": "DeleteLayer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Link*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve complete information about one cross-account monitoring sink", - "privilege": "GetSink", + "access_level": "Write", + "description": "Grants permission to delete a specified stack", + "privilege": "DeleteStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve information for the IAM policy for a cross-account monitoring sink", - "privilege": "GetSinkPolicy", + "access_level": "Write", + "description": "Grants permission to delete a user profile", + "privilege": "DeleteUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a list of links that are linked for a cross-account monitoring sink", - "privilege": "ListAttachedLinks", + "access_level": "Write", + "description": "Grants permission to delete a user profile", + "privilege": "DeregisterEcsCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the ARNs of cross-account monitoring links in this account", - "privilege": "ListLinks", + "access_level": "Write", + "description": "Grants permission to deregister a specified Elastic IP address", + "privilege": "DeregisterElasticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve the ARNs of cross-account monitoring sinks in this account", - "privilege": "ListSinks", + "access_level": "Write", + "description": "Grants permission to deregister a registered Amazon EC2 or on-premises instance", + "privilege": "DeregisterInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to deregister an Amazon RDS instance", + "privilege": "DeregisterRdsDbInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Link" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "Sink" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update the IAM policy for a cross-account monitoring sink", - "privilege": "PutSinkPolicy", + "description": "Grants permission to deregister an Amazon EBS volume", + "privilege": "DeregisterVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to describe the available AWS OpsWorks agent versions", + "privilege": "DescribeAgentVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Link" - }, + "resource_type": "stack" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to request a description of a specified set of apps", + "privilege": "DescribeApps", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to untag a resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to describe the results of specified commands", + "privilege": "DescribeCommands", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Link" - }, + "resource_type": "stack" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to request a description of a specified set of deployments", + "privilege": "DescribeDeployments", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Sink" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing link between a monitoring account and a source account", - "privilege": "UpdateLink", + "access_level": "List", + "description": "Grants permission to describe Amazon ECS clusters that are registered with a stack", + "privilege": "DescribeEcsClusters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Link*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "oam:ResourceTypes" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:oam:${Region}:${Account}:link/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Link" - }, - { - "arn": "arn:${Partition}:oam:${Region}:${Account}:sink/${ResourceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "Sink" - } - ], - "service_name": "Amazon CloudWatch Observability Access Manager" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the presence of tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the presence of tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "omics:AnnotationImportJobJobId", - "description": "Filters access by a unique resource identifier", - "type": "String" - }, - { - "condition": "omics:AnnotationStoreName", - "description": "Filters access by the name of the store", - "type": "String" }, { - "condition": "omics:VariantImportJobJobId", - "description": "Filters access by a unique resource identifier", - "type": "String" + "access_level": "List", + "description": "Grants permission to describe Elastic IP addresses", + "privilege": "DescribeElasticIps", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "stack" + } + ] }, - { - "condition": "omics:VariantStoreName", - "description": "Filters access by the name of the store", - "type": "String" - } - ], - "prefix": "omics", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to abort multipart read set uploads", - "privilege": "AbortMultipartReadSetUpload", + { + "access_level": "List", + "description": "Grants permission to describe a stack's Elastic Load Balancing instances", + "privilege": "DescribeElasticLoadBalancers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to batch delete Read Sets in the given Sequence Store", - "privilege": "BatchDeleteReadSet", + "access_level": "List", + "description": "Grants permission to request a description of a set of instances", + "privilege": "DescribeInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel an Annotation Import Job", - "privilege": "CancelAnnotationImportJob", + "access_level": "List", + "description": "Grants permission to request a description of one or more layers in a specified stack", + "privilege": "DescribeLayers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationImportJob*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a workflow run and stop all workflow tasks", - "privilege": "CancelRun", + "access_level": "List", + "description": "Grants permission to describe load-based auto scaling configurations for specified layers", + "privilege": "DescribeLoadBasedAutoScaling", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a Variant Import Job", - "privilege": "CancelVariantImportJob", + "access_level": "List", + "description": "Grants permission to describe a user's SSH information", + "privilege": "DescribeMyUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantImportJob*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to complete a multipart read set upload", - "privilege": "CompleteMultipartReadSetUpload", + "access_level": "List", + "description": "Grants permission to describe the operating systems that are supported by AWS OpsWorks Stacks", + "privilege": "DescribeOperatingSystems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an Annotation Store", - "privilege": "CreateAnnotationStore", + "access_level": "List", + "description": "Grants permission to describe the permissions for a specified stack", + "privilege": "DescribePermissions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a multipart read set upload", - "privilege": "CreateMultipartReadSetUpload", + "access_level": "List", + "description": "Grants permission to describe an instance's RAID arrays", + "privilege": "DescribeRaidArrays", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Reference Store", - "privilege": "CreateReferenceStore", + "access_level": "List", + "description": "Grants permission to describe Amazon RDS instances", + "privilege": "DescribeRdsDbInstances", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new workflow run group", - "privilege": "CreateRunGroup", + "access_level": "List", + "description": "Grants permission to describe AWS OpsWorks service errors", + "privilege": "DescribeServiceErrors", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Sequence Store", - "privilege": "CreateSequenceStore", + "access_level": "List", + "description": "Grants permission to request a description of a stack's provisioning parameters", + "privilege": "DescribeStackProvisioningParameters", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a Variant Store", - "privilege": "CreateVariantStore", + "access_level": "List", + "description": "Grants permission to describe the number of layers and apps in a specified stack, and the number of instances in each state, such as running_setup or online", + "privilege": "DescribeStackSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new workflow with a workflow definition and template of workflow parameters", - "privilege": "CreateWorkflow", + "access_level": "List", + "description": "Grants permission to request a description of one or more stacks", + "privilege": "DescribeStacks", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete an Annotation Store", - "privilege": "DeleteAnnotationStore", + "access_level": "List", + "description": "Grants permission to describe time-based auto scaling configurations for specified instances", + "privilege": "DescribeTimeBasedAutoScaling", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationStore*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Reference in the given Reference Store", - "privilege": "DeleteReference", + "access_level": "List", + "description": "Grants permission to describe specified users", + "privilege": "DescribeUserProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to describe an instance's Amazon EBS volumes", + "privilege": "DescribeVolumes", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Reference Store", - "privilege": "DeleteReferenceStore", + "description": "Grants permission to detache a specified Elastic Load Balancing instance from its layer", + "privilege": "DetachElasticLoadBalancer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workflow run", - "privilege": "DeleteRun", + "description": "Grants permission to disassociate an Elastic IP address from its instance", + "privilege": "DisassociateElasticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a workflow run group", - "privilege": "DeleteRunGroup", + "access_level": "Read", + "description": "Grants permission to get a generated host name for the specified layer, based on the current host name theme", + "privilege": "GetHostnameSuggestion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup*" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Sequence Store", - "privilege": "DeleteSequenceStore", + "description": "Grants permission to grant RDP access to a Windows instance for a specified time period", + "privilege": "GrantAccess", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a Variant Store", - "privilege": "DeleteVariantStore", + "access_level": "List", + "description": "Grants permission to return a list of tags that are applied to the specified stack or layer", + "privilege": "ListTags", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantStore*" + "resource_type": "stack" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workflow", - "privilege": "DeleteWorkflow", + "description": "Grants permission to reboot a specified instance", + "privilege": "RebootInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of an Annotation Import Job", - "privilege": "GetAnnotationImportJob", + "access_level": "Write", + "description": "Grants permission to register a specified Amazon ECS cluster with a stack", + "privilege": "RegisterEcsCluster", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationImportJob*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get detailed information about an Annotation Store", - "privilege": "GetAnnotationStore", + "access_level": "Write", + "description": "Grants permission to register an Elastic IP address with a specified stack", + "privilege": "RegisterElasticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "AnnotationStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a Read Set in the given Sequence Store", - "privilege": "GetReadSet", + "access_level": "Write", + "description": "Grants permission to register instances with a specified stack that were created outside of AWS OpsWorks", + "privilege": "RegisterInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set activation job for the given Sequence Store", - "privilege": "GetReadSetActivationJob", + "access_level": "Write", + "description": "Grants permission to register an Amazon RDS instance with a stack", + "privilege": "RegisterRdsDbInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set export job for the given Sequence Store", - "privilege": "GetReadSetExportJob", + "access_level": "Write", + "description": "Grants permission to register an Amazon EBS volume with a specified stack", + "privilege": "RegisterVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set import job for the given Sequence Store", - "privilege": "GetReadSetImportJob", + "access_level": "Write", + "description": "Grants permission to specify the load-based auto scaling configuration for a specified layer", + "privilege": "SetLoadBasedAutoScaling", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Read Set in the given Sequence Store", - "privilege": "GetReadSetMetadata", + "access_level": "Permissions management", + "description": "Grants permission to specify a user's permissions", + "privilege": "SetPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a Reference in the given Reference Store", - "privilege": "GetReference", + "access_level": "Write", + "description": "Grants permission to specify the time-based auto scaling configuration for a specified instance", + "privilege": "SetTimeBasedAutoScaling", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Reference import job for the given Reference Store", - "privilege": "GetReferenceImportJob", + "access_level": "Write", + "description": "Grants permission to start a specified instance", + "privilege": "StartInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Reference in the given Reference Store", - "privilege": "GetReferenceMetadata", + "access_level": "Write", + "description": "Grants permission to start a stack's instances", + "privilege": "StartStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "reference*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Reference Store", - "privilege": "GetReferenceStore", + "access_level": "Write", + "description": "Grants permission to stop a specified instance", + "privilege": "StopInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow run details", - "privilege": "GetRun", + "access_level": "Write", + "description": "Grants permission to stop a specified stack", + "privilege": "StopStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow run group details", - "privilege": "GetRunGroup", + "access_level": "Tagging", + "description": "Grants permission to apply tags to a specified stack or layer", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow task details", - "privilege": "GetRunTask", + "access_level": "Write", + "description": "Grants permission to unassign a registered instance from all of it's layers", + "privilege": "UnassignInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "TaskResource*" - }, + "resource_type": "stack" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to unassign an assigned Amazon EBS volume", + "privilege": "UnassignVolume", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get details about a Sequence Store", - "privilege": "GetSequenceStore", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a specified stack or layer", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the status of a Variant Import Job", - "privilege": "GetVariantImportJob", + "access_level": "Write", + "description": "Grants permission to update a specified app", + "privilege": "UpdateApp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantImportJob*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to get detailed information about a Variant Store", - "privilege": "GetVariantStore", + "access_level": "Write", + "description": "Grants permission to update a registered Elastic IP address's name", + "privilege": "UpdateElasticIp", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantStore*" + "resource_type": "stack" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve workflow details", - "privilege": "GetWorkflow", + "access_level": "Write", + "description": "Grants permission to update a specified instance", + "privilege": "UpdateInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "stack" } ] }, { - "access_level": "List", - "description": "Grants permission to get a list of Annotation Import Jobs", - "privilege": "ListAnnotationImportJobs", + "access_level": "Write", + "description": "Grants permission to update a specified layer", + "privilege": "UpdateLayer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "stack" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of information about Annotation Stores", - "privilege": "ListAnnotationStores", + "access_level": "Write", + "description": "Grants permission to update a user's SSH public key", + "privilege": "UpdateMyUserProfile", "resource_types": [ { "condition_keys": [], @@ -173792,93 +197162,107 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list multipart read set uploads", - "privilege": "ListMultipartReadSetUploads", + "access_level": "Write", + "description": "Grants permission to update an Amazon RDS instance", + "privilege": "UpdateRdsDbInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Set activation jobs for the given Sequence Store", - "privilege": "ListReadSetActivationJobs", + "access_level": "Write", + "description": "Grants permission to update a specified stack", + "privilege": "UpdateStack", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Set export jobs for the given Sequence Store", - "privilege": "ListReadSetExportJobs", + "access_level": "Permissions management", + "description": "Grants permission to update a specified user profile", + "privilege": "UpdateUserProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Set import jobs for the given Sequence Store", - "privilege": "ListReadSetImportJobs", + "access_level": "Write", + "description": "Grants permission to update an Amazon EBS volume's name or mount point", + "privilege": "UpdateVolume", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "stack" } ] - }, + } + ], + "resources": [ { - "access_level": "List", - "description": "Grants permission to list read set upload parts", - "privilege": "ListReadSetUploadParts", + "arn": "arn:${Partition}:opsworks:${Region}:${Account}:stack/${StackId}/", + "condition_keys": [], + "resource": "stack" + } + ], + "service_name": "AWS OpsWorks" + }, + { + "conditions": [], + "prefix": "opsworks-cm", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a node to a configuration management server", + "privilege": "AssociateNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Read Sets in the given Sequence Store", - "privilege": "ListReadSets", + "access_level": "Write", + "description": "Grants permission to create a backup for the specified server", + "privilege": "CreateBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Reference import jobs for the given Reference Store", - "privilege": "ListReferenceImportJobs", + "access_level": "Write", + "description": "Grants permission to create a new server", + "privilege": "CreateServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list Reference Stores", - "privilege": "ListReferenceStores", + "access_level": "Write", + "description": "Grants permission to delete the specified backup and possibly its S3 bucket", + "privilege": "DeleteBackup", "resource_types": [ { "condition_keys": [], @@ -173888,21 +197272,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list References in the given Reference Store", - "privilege": "ListReferences", + "access_level": "Write", + "description": "Grants permission to delete the specified server with its corresponding CloudFormation stack and possibly the S3 bucket", + "privilege": "DeleteServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of workflow run groups", - "privilege": "ListRunGroups", + "description": "Grants permission to describe the service limits for the user's account", + "privilege": "DescribeAccountAttributes", "resource_types": [ { "condition_keys": [], @@ -173913,20 +197297,20 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of tasks for a workflow run", - "privilege": "ListRunTasks", + "description": "Grants permission to describe a single backup, all backups of a specified server or all backups of the user's account", + "privilege": "DescribeBackups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "run*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to retrieve a list of workflow runs", - "privilege": "ListRuns", + "description": "Grants permission to describe all events of the specified server", + "privilege": "DescribeEvents", "resource_types": [ { "condition_keys": [], @@ -173937,8 +197321,8 @@ }, { "access_level": "List", - "description": "Grants permission to list Sequence Stores", - "privilege": "ListSequenceStores", + "description": "Grants permission to describe the association status for the specified node token and the specified server", + "privilege": "DescribeNodeAssociationStatus", "resource_types": [ { "condition_keys": [], @@ -173949,8 +197333,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve a list of resource AWS tags", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe the specified server or all servers of the user's account", + "privilege": "DescribeServers", "resource_types": [ { "condition_keys": [], @@ -173960,9 +197344,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to get a list of Variant Import Jobs", - "privilege": "ListVariantImportJobs", + "access_level": "Write", + "description": "Grants permission to disassociate a specified node from a server", + "privilege": "DisassociateNode", "resource_types": [ { "condition_keys": [], @@ -173972,9 +197356,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of metadata for Variant Stores", - "privilege": "ListVariantStores", + "access_level": "Read", + "description": "Grants permission to export an engine attribute from a server", + "privilege": "ExportServerEngineAttribute", "resource_types": [ { "condition_keys": [], @@ -173984,9 +197368,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of available workflows", - "privilege": "ListWorkflows", + "access_level": "Read", + "description": "Grants permission to list the tags that are applied to the specified server or backup", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -173997,8 +197381,8 @@ }, { "access_level": "Write", - "description": "Grants permission to import a list of Annotation files to an Annotation Store", - "privilege": "StartAnnotationImportJob", + "description": "Grants permission to apply a backup to specified server. Possibly swaps out the ec2-instance if specified", + "privilege": "RestoreServer", "resource_types": [ { "condition_keys": [], @@ -174009,123 +197393,151 @@ }, { "access_level": "Write", - "description": "Grants permission to start a Read Set activation job from the given Sequence Store", - "privilege": "StartReadSetActivationJob", + "description": "Grants permission to start the server maintenance immediately", + "privilege": "StartMaintenance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a Read Set export job from the given Sequence Store", - "privilege": "StartReadSetExportJob", + "access_level": "Tagging", + "description": "Grants permission to apply tags to the specified server or backup", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a Read Set import job into the given Sequence Store", - "privilege": "StartReadSetImportJob", + "access_level": "Tagging", + "description": "Grants permission to remove tags from the specified server or backup", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a Reference import job into the given Reference Store", - "privilege": "StartReferenceImportJob", + "description": "Grants permission to update general server settings", + "privilege": "UpdateServer", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "referenceStore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start a workflow run", - "privilege": "StartRun", + "description": "Grants permission to update server settings specific to the configuration management type", + "privilege": "UpdateServerEngineAttributes", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:opsworks-cm::${Account}:server/${ServerName}/${UniqueId}", + "condition_keys": [], + "resource": "server" + }, + { + "arn": "arn:${Partition}:opsworks-cm::${Account}:backup/${ServerName}-{Date-and-Time-Stamp-of-Backup}", + "condition_keys": [], + "resource": "backup" + } + ], + "service_name": "AWS OpsWorks Configuration Management" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "organizations:PolicyType", + "description": "Filters access by the specified policy type names", + "type": "String" }, + { + "condition": "organizations:ServicePrincipal", + "description": "Filters access by the specified service principal names", + "type": "String" + } + ], + "prefix": "organizations", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to import a list of variant files to an Variant Store", - "privilege": "StartVariantImportJob", + "description": "Grants permission to send a response to the originator of a handshake agreeing to the action proposed by the handshake request", + "privilege": "AcceptHandshake", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "handshake*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add AWS tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to attach a policy to a root, an organizational unit, or an individual account", + "privilege": "AttachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "reference" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "referenceStore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "run" + "resource_type": "policy*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "runGroup" + "resource_type": "account" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "sequenceStore" + "resource_type": "organizationalunit" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" + "resource_type": "root" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "organizations:PolicyType" ], "dependent_actions": [], "resource_type": "" @@ -174133,47 +197545,37 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove resource AWS tags", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to cancel a handshake", + "privilege": "CancelHandshake", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "readSet" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "reference" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "referenceStore" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "run" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "runGroup" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "sequenceStore" - }, + "resource_type": "handshake*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to close an AWS account that is now a part of an Organizations, either created within the organization, or invited to join the organization", + "privilege": "CloseAccount", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow" - }, + "resource_type": "account*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an AWS account that is automatically a member of the organization with the credentials that made the request", + "privilege": "CreateAccount", + "resource_types": [ { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -174183,284 +197585,219 @@ }, { "access_level": "Write", - "description": "Grants permission to update information about the Annotation Store", - "privilege": "UpdateAnnotationStore", + "description": "Grants permission to create an AWS GovCloud (US) account", + "privilege": "CreateGovCloudAccount", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "AnnotationStore*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a workflow run group", - "privilege": "UpdateRunGroup", + "description": "Grants permission to create an organization. The account with the credentials that calls the CreateOrganization operation automatically becomes the management account of the new organization", + "privilege": "CreateOrganization", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "runGroup*" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update metadata about the Variant Store", - "privilege": "UpdateVariantStore", + "description": "Grants permission to create an organizational unit (OU) within a root or parent OU", + "privilege": "CreateOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "VariantStore*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update workflow details", - "privilege": "UpdateWorkflow", - "resource_types": [ + "resource_type": "organizationalunit" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "workflow*" + "resource_type": "root" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to upload read set parts", - "privilege": "UploadReadSetPart", + "description": "Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWS account", + "privilege": "CreatePolicy", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "organizations:PolicyType", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "sequenceStore*" + "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationImportJob/${AnnotationImportJobId}", - "condition_keys": [ - "omics:AnnotationImportJobJobId" - ], - "resource": "AnnotationImportJob" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:annotationStore/${AnnotationStoreId}", - "condition_keys": [ - "omics:AnnotationStoreName" - ], - "resource": "AnnotationStore" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:sequenceStore/${SequenceStoreId}/readSet/${ReadSetId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "readSet" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:referenceStore/${ReferenceStoreId}/reference/${ReferenceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "reference" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:referenceStore/${ReferenceStoreId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "referenceStore" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:run/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "run" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:runGroup/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "runGroup" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:sequenceStore/${SequenceStoreId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "sequenceStore" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:tag/${TagKey}", - "condition_keys": [], - "resource": "TaggingResource" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:task/${Id}", - "condition_keys": [], - "resource": "TaskResource" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:variantImportJob/${VariantImportJobId}", - "condition_keys": [ - "omics:VariantImportJobJobId" - ], - "resource": "VariantImportJob" - }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:variantStore/${VariantStoreId}", - "condition_keys": [ - "omics:VariantStoreName" - ], - "resource": "VariantStore" }, - { - "arn": "arn:${Partition}:omics:${Region}:${Account}:workflow/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "workflow" - } - ], - "service_name": "Amazon Omics" - }, - { - "conditions": [], - "prefix": "opsworks", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to assign a registered instance to a layer", - "privilege": "AssignInstance", + "description": "Grants permission to decline a handshake request. This sets the handshake state to DECLINED and effectively deactivates the request", + "privilege": "DeclineHandshake", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "handshake*" } ] }, { "access_level": "Write", - "description": "Grants permission to assign one of the stack's registered Amazon EBS volumes to a specified instance", - "privilege": "AssignVolume", + "description": "Grants permission to delete the organization", + "privilege": "DeleteOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to associate one of the stack's registered Elastic IP addresses with a specified instance", - "privilege": "AssociateElasticIp", + "description": "Grants permission to delete an organizational unit from a root or another OU", + "privilege": "DeleteOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "organizationalunit*" } ] }, { "access_level": "Write", - "description": "Grants permission to attach an Elastic Load Balancing load balancer to a specified layer", - "privilege": "AttachElasticLoadBalancer", + "description": "Grants permission to delete a policy from your organization", + "privilege": "DeletePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a clone of a specified stack", - "privilege": "CloneStack", + "description": "Grants permission to delete a resource policy from your organization", + "privilege": "DeleteResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an app for a specified stack", - "privilege": "CreateApp", + "description": "Grants permission to deregister the specified member AWS account as a delegated administrator for the AWS service that is specified by ServicePrincipal", + "privilege": "DeregisterDelegatedAdministrator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" + }, + { + "condition_keys": [ + "organizations:ServicePrincipal" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to run deployment or stack commands", - "privilege": "CreateDeployment", + "access_level": "Read", + "description": "Grants permission to retrieve Organizations-related details about the specified account", + "privilege": "DescribeAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an instance in a specified stack", - "privilege": "CreateInstance", + "access_level": "Read", + "description": "Grants permission to retrieve the current status of an asynchronous request to create an account", + "privilege": "DescribeCreateAccountStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a layer", - "privilege": "CreateLayer", + "access_level": "Read", + "description": "Grants permission to retrieve the effective policy for an account", + "privilege": "DescribeEffectivePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new stack", - "privilege": "CreateStack", + "access_level": "Read", + "description": "Grants permission to retrieve details about a previously requested handshake", + "privilege": "DescribeHandshake", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "handshake*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new user profile", - "privilege": "CreateUserProfile", + "access_level": "Read", + "description": "Grants permission to retrieves details about the organization that the calling credentials belong to", + "privilege": "DescribeOrganization", "resource_types": [ { "condition_keys": [], @@ -174470,60 +197807,91 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified app", - "privilege": "DeleteApp", + "access_level": "Read", + "description": "Grants permission to retrieve details about an organizational unit (OU)", + "privilege": "DescribeOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "organizationalunit*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified instance, which terminates the associated Amazon EC2 instance", - "privilege": "DeleteInstance", + "access_level": "Read", + "description": "Grants permission to retrieves details about a policy", + "privilege": "DescribePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a specified layer", - "privilege": "DeleteLayer", + "access_level": "Read", + "description": "Grants permission to retrieve information about a resource policy", + "privilege": "DescribeResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specified stack", - "privilege": "DeleteStack", + "description": "Grants permission to detach a policy from a target root, organizational unit, or account", + "privilege": "DetachPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "policy*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organizationalunit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "root" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a user profile", - "privilege": "DeleteUserProfile", + "description": "Grants permission to disable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations", + "privilege": "DisableAWSServiceAccess", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "organizations:ServicePrincipal" + ], "dependent_actions": [], "resource_type": "" } @@ -174531,188 +197899,200 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a user profile", - "privilege": "DeregisterEcsCluster", + "description": "Grants permission to disable an organization policy type in a root", + "privilege": "DisablePolicyType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "root*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister a specified Elastic IP address", - "privilege": "DeregisterElasticIp", + "description": "Grants permission to enable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations", + "privilege": "EnableAWSServiceAccess", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "organizations:ServicePrincipal" + ], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister a registered Amazon EC2 or on-premises instance", - "privilege": "DeregisterInstance", + "description": "Grants permission to start the process to enable all features in an organization, upgrading it from supporting only Consolidated Billing features", + "privilege": "EnableAllFeatures", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an Amazon RDS instance", - "privilege": "DeregisterRdsDbInstance", + "description": "Grants permission to enable a policy type in a root", + "privilege": "EnablePolicyType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "root*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an Amazon EBS volume", - "privilege": "DeregisterVolume", + "description": "Grants permission to send an invitation to another AWS account, asking it to join your organization as a member account", + "privilege": "InviteAccountToOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the available AWS OpsWorks agent versions", - "privilege": "DescribeAgentVersions", + "access_level": "Write", + "description": "Grants permission to remove a member account from its parent organization", + "privilege": "LeaveOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to request a description of a specified set of apps", - "privilege": "DescribeApps", + "description": "Grants permission to retrieve the list of the AWS services for which you enabled integration with your organization", + "privilege": "ListAWSServiceAccessForOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to describe the results of specified commands", - "privilege": "DescribeCommands", + "description": "Grants permission to list all of the the accounts in the organization", + "privilege": "ListAccounts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to request a description of a specified set of deployments", - "privilege": "DescribeDeployments", + "description": "Grants permission to list the accounts in an organization that are contained by a root or organizational unit (OU)", + "privilege": "ListAccountsForParent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe Amazon ECS clusters that are registered with a stack", - "privilege": "DescribeEcsClusters", - "resource_types": [ + "resource_type": "organizationalunit" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "root" } ] }, { "access_level": "List", - "description": "Grants permission to describe Elastic IP addresses", - "privilege": "DescribeElasticIps", + "description": "Grants permission to list all of the OUs or accounts that are contained in a parent OU or root", + "privilege": "ListChildren", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe a stack's Elastic Load Balancing instances", - "privilege": "DescribeElasticLoadBalancers", - "resource_types": [ + "resource_type": "organizationalunit" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "root" } ] }, { "access_level": "List", - "description": "Grants permission to request a description of a set of instances", - "privilege": "DescribeInstances", + "description": "Grants permission to list the asynchronous account creation requests that are currently being tracked for the organization", + "privilege": "ListCreateAccountStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to request a description of one or more layers in a specified stack", - "privilege": "DescribeLayers", + "description": "Grants permission to list the AWS accounts that are designated as delegated administrators in this organization", + "privilege": "ListDelegatedAdministrators", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "organizations:ServicePrincipal" + ], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to describe load-based auto scaling configurations for specified layers", - "privilege": "DescribeLoadBasedAutoScaling", + "description": "Grants permission to list the AWS services for which the specified account is a delegated administrator in this organization", + "privilege": "ListDelegatedServicesForAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" } ] }, { "access_level": "List", - "description": "Grants permission to describe a user's SSH information", - "privilege": "DescribeMyUserProfile", + "description": "Grants permission to list all of the handshakes that are associated with an account", + "privilege": "ListHandshakesForAccount", "resource_types": [ { "condition_keys": [], @@ -174723,8 +198103,8 @@ }, { "access_level": "List", - "description": "Grants permission to describe the operating systems that are supported by AWS OpsWorks Stacks", - "privilege": "DescribeOperatingSystems", + "description": "Grants permission to list the handshakes that are associated with the organization", + "privilege": "ListHandshakesForOrganization", "resource_types": [ { "condition_keys": [], @@ -174735,479 +198115,732 @@ }, { "access_level": "List", - "description": "Grants permission to describe the permissions for a specified stack", - "privilege": "DescribePermissions", + "description": "Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root", + "privilege": "ListOrganizationalUnitsForParent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe an instance's RAID arrays", - "privilege": "DescribeRaidArrays", - "resource_types": [ + "resource_type": "organizationalunit" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "root" } ] }, { "access_level": "List", - "description": "Grants permission to describe Amazon RDS instances", - "privilege": "DescribeRdsDbInstances", + "description": "Grants permission to list the root or organizational units (OUs) that serve as the immediate parent of a child OU or account", + "privilege": "ListParents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to describe AWS OpsWorks service errors", - "privilege": "DescribeServiceErrors", - "resource_types": [ + "resource_type": "account" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "organizationalunit" } ] }, { "access_level": "List", - "description": "Grants permission to request a description of a stack's provisioning parameters", - "privilege": "DescribeStackProvisioningParameters", + "description": "Grants permission to list all of the policies in an organization", + "privilege": "ListPolicies", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "organizations:PolicyType" + ], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to describe the number of layers and apps in a specified stack, and the number of instances in each state, such as running_setup or online", - "privilege": "DescribeStackSummary", + "description": "Grants permission to list all of the policies that are directly attached to a root, organizational unit (OU), or account", + "privilege": "ListPoliciesForTarget", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to request a description of one or more stacks", - "privilege": "DescribeStacks", - "resource_types": [ + "resource_type": "account" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "organizationalunit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "root" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to describe time-based auto scaling configurations for specified instances", - "privilege": "DescribeTimeBasedAutoScaling", + "description": "Grants permission to list all of the roots that are defined in the organization", + "privilege": "ListRoots", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to describe specified users", - "privilege": "DescribeUserProfiles", + "description": "Grants permission to list all tags for the specified resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organizationalunit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourcepolicy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "root" } ] }, { "access_level": "List", - "description": "Grants permission to describe an instance's Amazon EBS volumes", - "privilege": "DescribeVolumes", + "description": "Grants permission to list all the roots, OUs, and accounts to which a policy is attached", + "privilege": "ListTargetsForPolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to detache a specified Elastic Load Balancing instance from its layer", - "privilege": "DetachElasticLoadBalancer", + "description": "Grants permission to move an account from its current root or OU to another parent root or OU", + "privilege": "MoveAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organizationalunit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "root" } ] }, { "access_level": "Write", - "description": "Grants permission to disassociate an Elastic IP address from its instance", - "privilege": "DisassociateElasticIp", + "description": "Grants permission to create or update a resource policy", + "privilege": "PutResourcePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "resourcepolicy*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a generated host name for the specified layer, based on the current host name theme", - "privilege": "GetHostnameSuggestion", + "access_level": "Write", + "description": "Grants permission to register the specified member account to administer the Organizations features of the AWS service that is specified by ServicePrincipal", + "privilege": "RegisterDelegatedAdministrator", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" + }, + { + "condition_keys": [ + "organizations:ServicePrincipal" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to grant RDP access to a Windows instance for a specified time period", - "privilege": "GrantAccess", + "description": "Grants permission to removes the specified account from the organization", + "privilege": "RemoveAccountFromOrganization", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tags that are applied to the specified stack or layer", - "privilege": "ListTags", + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to reboot a specified instance", - "privilege": "RebootInstance", - "resource_types": [ + "resource_type": "account" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "organizationalunit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourcepolicy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "root" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to register a specified Amazon ECS cluster with a stack", - "privilege": "RegisterEcsCluster", + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "account" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organizationalunit" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "policy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "resourcepolicy" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "root" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register an Elastic IP address with a specified stack", - "privilege": "RegisterElasticIp", + "description": "Grants permission to rename an organizational unit (OU)", + "privilege": "UpdateOrganizationalUnit", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "organizationalunit*" } ] }, { "access_level": "Write", - "description": "Grants permission to register instances with a specified stack that were created outside of AWS OpsWorks", - "privilege": "RegisterInstance", + "description": "Grants permission to update an existing policy with a new name, description, or content", + "privilege": "UpdatePolicy", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "policy*" + }, + { + "condition_keys": [ + "organizations:PolicyType" + ], + "dependent_actions": [], + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:organizations::${Account}:account/o-${OrganizationId}/${AccountId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "account" + }, + { + "arn": "arn:${Partition}:organizations::${Account}:handshake/o-${OrganizationId}/${HandshakeType}/h-${HandshakeId}", + "condition_keys": [], + "resource": "handshake" + }, + { + "arn": "arn:${Partition}:organizations::${Account}:organization/o-${OrganizationId}", + "condition_keys": [], + "resource": "organization" + }, + { + "arn": "arn:${Partition}:organizations::${Account}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "organizationalunit" + }, + { + "arn": "arn:${Partition}:organizations::${Account}:policy/o-${OrganizationId}/${PolicyType}/p-${PolicyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "policy" + }, + { + "arn": "arn:${Partition}:organizations::${Account}:resourcepolicy/o-${OrganizationId}/rp-${ResourcePolicyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "resourcepolicy" + }, + { + "arn": "arn:${Partition}:organizations::aws:policy/${PolicyType}/p-${PolicyId}", + "condition_keys": [], + "resource": "awspolicy" + }, + { + "arn": "arn:${Partition}:organizations::${Account}:root/o-${OrganizationId}/r-${RootId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "root" + } + ], + "service_name": "AWS Organizations" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "osis", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to register an Amazon RDS instance with a stack", - "privilege": "RegisterRdsDbInstance", + "description": "Grants permission to create an OpenSearch Ingestion pipeline", + "privilege": "CreatePipeline", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack" + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "iam:PassRole", + "kms:DescribeKey", + "kms:GenerateDataKeyWithoutPlaintext", + "logs:CreateLogDelivery" + ], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to register an Amazon EBS volume with a specified stack", - "privilege": "RegisterVolume", + "description": "Grants permission to delete an OpenSearch Ingestion pipeline", + "privilege": "DeletePipeline", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack" + "dependent_actions": [ + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries" + ], + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to specify the load-based auto scaling configuration for a specified layer", - "privilege": "SetLoadBasedAutoScaling", + "access_level": "Read", + "description": "Grants permission to retrieve configuration information for an OpenSearch Ingestion pipeline", + "privilege": "GetPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to specify a user's permissions", - "privilege": "SetPermission", + "access_level": "Read", + "description": "Grants permission to get the contents of an OpenSearch Ingestion pipeline blueprint", + "privilege": "GetPipelineBlueprint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline-blueprint*" } ] }, { - "access_level": "Write", - "description": "Grants permission to specify the time-based auto scaling configuration for a specified instance", - "privilege": "SetTimeBasedAutoScaling", + "access_level": "Read", + "description": "Grants permission to get granular information about the status of an OpenSearch Ingestion pipeline", + "privilege": "GetPipelineChangeProgress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a specified instance", - "privilege": "StartInstance", + "description": "Grants permission to ingest data through an OpenSearch Ingestion pipeline", + "privilege": "Ingest", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a stack's instances", - "privilege": "StartStack", + "access_level": "List", + "description": "Grants permission to list the names of available blueprints for an OpenSearch Ingestion pipeline configuration", + "privilege": "ListPipelineBlueprints", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a specified instance", - "privilege": "StopInstance", + "access_level": "List", + "description": "Grants permission to list basic configuration for each OpenSearch Ingestion pipeline in the current account and Region", + "privilege": "ListPipelines", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop a specified stack", - "privilege": "StopStack", + "access_level": "Read", + "description": "Grants permission to list all resource tags associated with an OpenSearch Ingestion pipeline", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply tags to a specified stack or layer", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to start an OpenSearch Ingestion pipeline", + "privilege": "StartPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" } ] }, { "access_level": "Write", - "description": "Grants permission to unassign a registered instance from all of it's layers", - "privilege": "UnassignInstance", + "description": "Grants permission to stop an OpenSearch Ingestion pipeline", + "privilege": "StopPipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to unassign an assigned Amazon EBS volume", - "privilege": "UnassignVolume", + "access_level": "Tagging", + "description": "Grants permission to attach resource tags to an OpenSearch Ingestion pipeline", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to remove tags from a specified stack or layer", + "description": "Grants permission to remove resource tags from an OpenSearch Ingestion Service pipeline", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "pipeline*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specified app", - "privilege": "UpdateApp", + "description": "Grants permission to modify the configuration of an OpenSearch Ingestion pipeline", + "privilege": "UpdatePipeline", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "stack" + "dependent_actions": [ + "iam:PassRole", + "kms:DescribeKey", + "kms:GenerateDataKeyWithoutPlaintext", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:UpdateLogDelivery" + ], + "resource_type": "pipeline*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a registered Elastic IP address's name", - "privilege": "UpdateElasticIp", + "access_level": "Read", + "description": "Grants permission to validate the configuration of an OpenSearch Ingestion pipeline", + "privilege": "ValidatePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:osis:${Region}:${Account}:pipeline/${PipelineName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipeline" + }, + { + "arn": "arn:${Partition}:osis:${Region}:${Account}:blueprint/${BlueprintName}", + "condition_keys": [], + "resource": "pipeline-blueprint" + } + ], + "service_name": "Amazon OpenSearch Ingestion" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "outposts", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to update a specified instance", - "privilege": "UpdateInstance", + "description": "Grants permission to cancel a Capacity Task", + "privilege": "CancelCapacityTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "outpost*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specified layer", - "privilege": "UpdateLayer", + "description": "Grants permission to cancel an order", + "privilege": "CancelOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a user's SSH public key", - "privilege": "UpdateMyUserProfile", + "description": "Grants permission to create an order", + "privilege": "CreateOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an Amazon RDS instance", - "privilege": "UpdateRdsDbInstance", + "description": "Grants permission to create an Outpost", + "privilege": "CreateOutpost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "site*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a specified stack", - "privilege": "UpdateStack", + "description": "Grants permission to create a private connectivity configuration", + "privilege": "CreatePrivateConnectivityConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "" } ] }, { - "access_level": "Permissions management", - "description": "Grants permission to update a specified user profile", - "privilege": "UpdateUserProfile", + "access_level": "Write", + "description": "Grants permission to create a site", + "privilege": "CreateSite", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } @@ -175215,58 +198848,44 @@ }, { "access_level": "Write", - "description": "Grants permission to update an Amazon EBS volume's name or mount point", - "privilege": "UpdateVolume", + "description": "Grants permission to delete an Outpost", + "privilege": "DeleteOutpost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "stack" + "resource_type": "outpost*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:opsworks:${Region}:${Account}:stack/${StackId}/", - "condition_keys": [], - "resource": "stack" - } - ], - "service_name": "AWS OpsWorks" - }, - { - "conditions": [], - "prefix": "opsworks-cm", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to associate a node to a configuration management server", - "privilege": "AssociateNode", + "description": "Grants permission to delete a site", + "privilege": "DeleteSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "site*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a backup for the specified server", - "privilege": "CreateBackup", + "access_level": "Read", + "description": "Grants permission to get information about the specified Capacity Task", + "privilege": "GetCapacityTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a new server", - "privilege": "CreateServer", + "access_level": "Read", + "description": "Grants permission to get a catalog item", + "privilege": "GetCatalogItem", "resource_types": [ { "condition_keys": [], @@ -175276,9 +198895,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified backup and possibly its S3 bucket", - "privilege": "DeleteBackup", + "access_level": "Read", + "description": "Grants permission to get information about the connection for your Outpost server", + "privilege": "GetConnection", "resource_types": [ { "condition_keys": [], @@ -175288,9 +198907,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified server with its corresponding CloudFormation stack and possibly the S3 bucket", - "privilege": "DeleteServer", + "access_level": "Read", + "description": "Grants permission to get information about an order", + "privilege": "GetOrder", "resource_types": [ { "condition_keys": [], @@ -175300,45 +198919,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the service limits for the user's account", - "privilege": "DescribeAccountAttributes", + "access_level": "Read", + "description": "Grants permission to get information about the specified Outpost", + "privilege": "GetOutpost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe a single backup, all backups of a specified server or all backups of the user's account", - "privilege": "DescribeBackups", + "access_level": "Read", + "description": "Grants permission to get the instance types for the specified Outpost", + "privilege": "GetOutpostInstanceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe all events of the specified server", - "privilege": "DescribeEvents", + "access_level": "Read", + "description": "Grants permission to get the supported instance types for the specified Outpost", + "privilege": "GetOutpostSupportedInstanceTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the association status for the specified node token and the specified server", - "privilege": "DescribeNodeAssociationStatus", + "access_level": "Read", + "description": "Grants permission to get a private connectivity configuration", + "privilege": "GetPrivateConnectivityConfig", "resource_types": [ { "condition_keys": [], @@ -175348,33 +198967,33 @@ ] }, { - "access_level": "List", - "description": "Grants permission to describe the specified server or all servers of the user's account", - "privilege": "DescribeServers", + "access_level": "Read", + "description": "Grants permission to get a site", + "privilege": "GetSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "site*" } ] }, { - "access_level": "Write", - "description": "Grants permission to disassociate a specified node from a server", - "privilege": "DisassociateNode", + "access_level": "Read", + "description": "Grants permission to get a site address", + "privilege": "GetSiteAddress", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "site*" } ] }, { - "access_level": "Read", - "description": "Grants permission to export an engine attribute from a server", - "privilege": "ExportServerEngineAttribute", + "access_level": "List", + "description": "Grants permission to list the assets for your Outpost", + "privilege": "ListAssets", "resource_types": [ { "condition_keys": [], @@ -175384,9 +199003,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags that are applied to the specified server or backup", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list the Capacity Tasks for your AWS account", + "privilege": "ListCapacityTasks", "resource_types": [ { "condition_keys": [], @@ -175396,9 +199015,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to apply a backup to specified server. Possibly swaps out the ec2-instance if specified", - "privilege": "RestoreServer", + "access_level": "List", + "description": "Grants permission to list all catalog items", + "privilege": "ListCatalogItems", "resource_types": [ { "condition_keys": [], @@ -175408,9 +199027,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to start the server maintenance immediately", - "privilege": "StartMaintenance", + "access_level": "List", + "description": "Grants permission to list the orders for your AWS account", + "privilege": "ListOrders", "resource_types": [ { "condition_keys": [], @@ -175420,9 +199039,9 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to apply tags to the specified server or backup", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list the Outposts for your AWS account", + "privilege": "ListOutposts", "resource_types": [ { "condition_keys": [], @@ -175432,9 +199051,9 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from the specified server or backup", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list the sites for your AWS account", + "privilege": "ListSites", "resource_types": [ { "condition_keys": [], @@ -175444,9 +199063,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update general server settings", - "privilege": "UpdateServer", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -175457,103 +199076,71 @@ }, { "access_level": "Write", - "description": "Grants permission to update server settings specific to the configuration management type", - "privilege": "UpdateServerEngineAttributes", + "description": "Grants permission to create a Capacity Task", + "privilege": "StartCapacityTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "outpost*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:opsworks-cm::${Account}:server/${ServerName}/${UniqueId}", - "condition_keys": [], - "resource": "server" - }, - { - "arn": "arn:${Partition}:opsworks-cm::${Account}:backup/${ServerName}-{Date-and-Time-Stamp-of-Backup}", - "condition_keys": [], - "resource": "backup" - } - ], - "service_name": "AWS OpsWorks Configuration Management" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - }, - { - "condition": "organizations:PolicyType", - "description": "Filters access by the specified policy type names", - "type": "String" }, - { - "condition": "organizations:ServicePrincipal", - "description": "Filters access by the specified service principal names", - "type": "String" - } - ], - "prefix": "organizations", - "privileges": [ { "access_level": "Write", - "description": "Grants permission to send a response to the originator of a handshake agreeing to the action proposed by the handshake request", - "privilege": "AcceptHandshake", + "description": "Grants permission to start a connection for your Outpost server", + "privilege": "StartConnection", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "handshake*" + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to attach a policy to a root, an organizational unit, or an individual account", - "privilege": "AttachPolicy", + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" + "resource_type": "outpost" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "account" + "resource_type": "site" }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" + "resource_type": "outpost" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" + "resource_type": "site" }, { "condition_keys": [ - "organizations:PolicyType" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -175562,108 +199149,125 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel a handshake", - "privilege": "CancelHandshake", + "description": "Grants permission to update an Outpost", + "privilege": "UpdateOutpost", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "handshake*" + "resource_type": "outpost*" } ] }, { "access_level": "Write", - "description": "Grants permission to close an AWS account that is now a part of an Organizations, either created within the organization, or invited to join the organization", - "privilege": "CloseAccount", + "description": "Grants permission to update a site", + "privilege": "UpdateSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" + "resource_type": "site*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS account that is automatically a member of the organization with the credentials that made the request", - "privilege": "CreateAccount", + "description": "Grants permission to update the site address", + "privilege": "UpdateSiteAddress", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "site*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS GovCloud (US) account", - "privilege": "CreateGovCloudAccount", + "description": "Grants permission to update the physical properties of a rack at a site", + "privilege": "UpdateSiteRackPhysicalProperties", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "site*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:outposts:${Region}:${Account}:outpost/${OutpostId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "outpost" + }, + { + "arn": "arn:${Partition}:outposts:${Region}:${Account}:site/${SiteId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "site" + } + ], + "service_name": "AWS Outposts" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "panorama", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an organization. The account with the credentials that calls the CreateOrganization operation automatically becomes the management account of the new organization", - "privilege": "CreateOrganization", + "description": "Grants permission to create an AWS Panorama Application Instance", + "privilege": "CreateApplicationInstance", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an organizational unit (OU) within a root or parent OU", - "privilege": "CreateOrganizationalUnit", + "description": "Grants permission to create a job for an AWS Panorama Appliance", + "privilege": "CreateJobForDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "root" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a policy that you can attach to a root, an organizational unit (OU), or an individual AWS account", - "privilege": "CreatePolicy", - "resource_types": [ - { - "condition_keys": [ - "organizations:PolicyType", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "description": "Grants permission to create an AWS Panorama Node", + "privilege": "CreateNodeFromTemplateJob", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -175671,20 +199275,23 @@ }, { "access_level": "Write", - "description": "Grants permission to decline a handshake request. This sets the handshake state to DECLINED and effectively deactivates the request", - "privilege": "DeclineHandshake", + "description": "Grants permission to create an AWS Panorama Package", + "privilege": "CreatePackage", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "handshake*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete the organization", - "privilege": "DeleteOrganization", + "description": "Grants permission to create an AWS Panorama Package", + "privilege": "CreatePackageImportJob", "resource_types": [ { "condition_keys": [], @@ -175695,125 +199302,104 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an organizational unit from a root or another OU", - "privilege": "DeleteOrganizationalUnit", + "description": "Grants permission to deregister an AWS Panorama Appliance", + "privilege": "DeleteDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit*" + "resource_type": "device*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a policy from your organization", - "privilege": "DeletePolicy", + "description": "Grants permission to delete an AWS Panorama Package", + "privilege": "DeletePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a resource policy from your organization", - "privilege": "DeleteResourcePolicy", + "description": "Grants permission to deregister an AWS Panorama package version", + "privilege": "DeregisterPackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to deregister the specified member AWS account as a delegated administrator for the AWS service that is specified by ServicePrincipal", - "privilege": "DeregisterDelegatedAdministrator", + "access_level": "Read", + "description": "Grants permission to view details about an AWS Panorama application instance", + "privilege": "DescribeApplicationInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" - }, - { - "condition_keys": [ - "organizations:ServicePrincipal" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "applicationInstance*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve Organizations-related details about the specified account", - "privilege": "DescribeAccount", + "description": "Grants permission to view details about an AWS Panorama application instance", + "privilege": "DescribeApplicationInstanceDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" + "resource_type": "applicationInstance*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the current status of an asynchronous request to create an account", - "privilege": "DescribeCreateAccountStatus", + "description": "Grants permission to view details about an AWS Panorama Appliance", + "privilege": "DescribeDevice", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the effective policy for an account", - "privilege": "DescribeEffectivePolicy", + "description": "Grants permission to view job details for an AWS Panorama Appliance", + "privilege": "DescribeDeviceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve details about a previously requested handshake", - "privilege": "DescribeHandshake", + "description": "Grants permission to view details about an AWS Panorama application node", + "privilege": "DescribeNode", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "handshake*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieves details about the organization that the calling credentials belong to", - "privilege": "DescribeOrganization", + "description": "Grants permission to view details about AWS Panorama application node", + "privilege": "DescribeNodeFromTemplateJob", "resource_types": [ { "condition_keys": [], @@ -175824,183 +199410,128 @@ }, { "access_level": "Read", - "description": "Grants permission to retrieve details about an organizational unit (OU)", - "privilege": "DescribeOrganizationalUnit", + "description": "Grants permission to view details about an AWS Panorama package", + "privilege": "DescribePackage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit*" + "resource_type": "package*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieves details about a policy", - "privilege": "DescribePolicy", + "description": "Grants permission to view details about an AWS Panorama package", + "privilege": "DescribePackageImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve information about a resource policy", - "privilege": "DescribeResourcePolicy", + "description": "Grants permission to view details about an AWS Panorama package version", + "privilege": "DescribePackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package*" } ] }, { - "access_level": "Write", - "description": "Grants permission to detach a policy from a target root, organizational unit, or account", - "privilege": "DetachPolicy", + "access_level": "Read", + "description": "Grants permission to view details about a software version for the AWS Panorama Appliance", + "privilege": "DescribeSoftware", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "account" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organizationalunit" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "root" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations", - "privilege": "DisableAWSServiceAccess", + "access_level": "Read", + "description": "Grants permission to generate a WebSocket endpoint for communication with AWS Panorama", + "privilege": "GetWebSocketURL", "resource_types": [ { - "condition_keys": [ - "organizations:ServicePrincipal" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to disable an organization policy type in a root", - "privilege": "DisablePolicyType", + "access_level": "List", + "description": "Grants permission to retrieve a list of application instance dependencies in AWS Panorama", + "privilege": "ListApplicationInstanceDependencies", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "root*" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "applicationInstance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations", - "privilege": "EnableAWSServiceAccess", + "access_level": "List", + "description": "Grants permission to retrieve a list of node instances of application instances in AWS Panorama", + "privilege": "ListApplicationInstanceNodeInstances", "resource_types": [ { - "condition_keys": [ - "organizations:ServicePrincipal" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "applicationInstance*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start the process to enable all features in an organization, upgrading it from supporting only Consolidated Billing features", - "privilege": "EnableAllFeatures", + "access_level": "List", + "description": "Grants permission to retrieve a list of application instances in AWS Panorama", + "privilege": "ListApplicationInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device" } ] }, { - "access_level": "Write", - "description": "Grants permission to enable a policy type in a root", - "privilege": "EnablePolicyType", + "access_level": "List", + "description": "Grants permission to retrieve a list of appliances in AWS Panorama", + "privilege": "ListDevices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "root*" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to send an invitation to another AWS account, asking it to join your organization as a member account", - "privilege": "InviteAccountToOrganization", + "access_level": "List", + "description": "Grants permission to retrieve a list of jobs for an AWS Panorama Appliance", + "privilege": "ListDevicesJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "device" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove a member account from its parent organization", - "privilege": "LeaveOrganization", + "access_level": "List", + "description": "Grants permission to retrieve a list of Nodes for an AWS Panorama Appliance", + "privilege": "ListNodeFromTemplateJobs", "resource_types": [ { "condition_keys": [], @@ -176011,8 +199542,8 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve the list of the AWS services for which you enabled integration with your organization", - "privilege": "ListAWSServiceAccessForOrganization", + "description": "Grants permission to retrieve a list of nodes in AWS Panorama", + "privilege": "ListNodes", "resource_types": [ { "condition_keys": [], @@ -176023,8 +199554,8 @@ }, { "access_level": "List", - "description": "Grants permission to list all of the the accounts in the organization", - "privilege": "ListAccounts", + "description": "Grants permission to retrieve a list of packages in AWS Panorama", + "privilege": "ListPackageImportJobs", "resource_types": [ { "condition_keys": [], @@ -176035,58 +199566,47 @@ }, { "access_level": "List", - "description": "Grants permission to list the accounts in an organization that are contained by a root or organizational unit (OU)", - "privilege": "ListAccountsForParent", + "description": "Grants permission to retrieve a list of packages in AWS Panorama", + "privilege": "ListPackages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "root" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the OUs or accounts that are contained in a parent OU or root", - "privilege": "ListChildren", + "access_level": "Read", + "description": "Grants permission to retrieve a list of tags for a resource in AWS Panorama", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" + "resource_type": "applicationInstance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the asynchronous account creation requests that are currently being tracked for the organization", - "privilege": "ListCreateAccountStatus", - "resource_types": [ + "resource_type": "device" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "package" } ] }, { - "access_level": "List", - "description": "Grants permission to list the AWS accounts that are designated as delegated administrators in this organization", - "privilege": "ListDelegatedAdministrators", + "access_level": "Write", + "description": "Grants permission to register an AWS Panorama Appliance", + "privilege": "ProvisionDevice", "resource_types": [ { "condition_keys": [ - "organizations:ServicePrincipal" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -176094,83 +199614,65 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list the AWS services for which the specified account is a delegated administrator in this organization", - "privilege": "ListDelegatedServicesForAccount", + "access_level": "Write", + "description": "Grants permission to register an AWS Panorama package version", + "privilege": "RegisterPackageVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" + "resource_type": "package*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all of the handshakes that are associated with an account", - "privilege": "ListHandshakesForAccount", + "access_level": "Write", + "description": "Grants permission to remove an AWS Panorama application instance", + "privilege": "RemoveApplicationInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "applicationInstance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the handshakes that are associated with the organization", - "privilege": "ListHandshakesForOrganization", + "access_level": "Write", + "description": "Grants permission to signal camera nodes in an application instance to pause or resume", + "privilege": "SignalApplicationInstanceNodeInstances", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "applicationInstance*" } ] }, { - "access_level": "List", - "description": "Grants permission to lists all of the organizational units (OUs) in a parent organizational unit or root", - "privilege": "ListOrganizationalUnitsForParent", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource in AWS Panorama", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" + "resource_type": "applicationInstance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list the root or organizational units (OUs) that serve as the immediate parent of a child OU or account", - "privilege": "ListParents", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "account" + "resource_type": "device" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list all of the policies in an organization", - "privilege": "ListPolicies", - "resource_types": [ + "resource_type": "package" + }, { "condition_keys": [ - "organizations:PolicyType" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -176178,28 +199680,28 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the policies that are directly attached to a root, organizational unit (OU), or account", - "privilege": "ListPoliciesForTarget", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource in AWS Panorama", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account" + "resource_type": "applicationInstance" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" + "resource_type": "device" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" + "resource_type": "package" }, { "condition_keys": [ - "organizations:PolicyType" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -176207,99 +199709,202 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all of the roots that are defined in the organization", - "privilege": "ListRoots", + "access_level": "Write", + "description": "Grants permission to modify basic settings for an AWS Panorama Appliance", + "privilege": "UpdateDeviceMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:panorama:${Region}:${Account}:device/${DeviceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device" }, { - "access_level": "List", - "description": "Grants permission to list all tags for the specified resource", - "privilege": "ListTagsForResource", + "arn": "arn:${Partition}:panorama:${Region}:${Account}:package/${PackageId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "package" + }, + { + "arn": "arn:${Partition}:panorama:${Region}:${Account}:applicationInstance/${ApplicationInstanceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "applicationInstance" + } + ], + "service_name": "AWS Panorama" + }, + { + "conditions": [], + "prefix": "partnercentral-account-management", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate Partner account to AWS account", + "privilege": "AssociatePartnerAccount", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate Partner user to IAM role", + "privilege": "AssociatePartnerUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate Partner user to IAM role", + "privilege": "DisassociatePartnerUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Partner central account management" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by both the key and value of the tag in the request for the specified operation", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags assigned to a key for the specified operation", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in the request for the specified operation", + "type": "ArrayOfString" + }, + { + "condition": "payment-cryptography:CertificateAuthorityPublicKeyIdentifier", + "description": "Filters access by the CertificateAuthorityPublicKeyIdentifier specified in the request or the ImportKey, and ExportKey operations", + "type": "String" + }, + { + "condition": "payment-cryptography:ImportKeyMaterial", + "description": "Filters access by the type of key material being imported [RootCertificatePublicKey, TrustedCertificatePublicKey, Tr34KeyBlock, Tr31KeyBlock] for the ImportKey operation", + "type": "String" + }, + { + "condition": "payment-cryptography:KeyAlgorithm", + "description": "Filters access by KeyAlgorithm specified in the request for the CreateKey operation", + "type": "String" + }, + { + "condition": "payment-cryptography:KeyClass", + "description": "Filters access by KeyClass specified in the request for the CreateKey operation", + "type": "String" + }, + { + "condition": "payment-cryptography:KeyUsage", + "description": "Filters access by KeyClass specified in the request or associated with a key for the CreateKey operation", + "type": "String" + }, + { + "condition": "payment-cryptography:RequestAlias", + "description": "Filters access by aliases in the request for the specified operation", + "type": "String" + }, + { + "condition": "payment-cryptography:ResourceAliases", + "description": "Filters access by aliases associated with a key for the specified operation", + "type": "ArrayOfString" + }, + { + "condition": "payment-cryptography:WrappingKeyIdentifier", + "description": "Filters access by the WrappingKeyIdentifier specified in the request for the ImportKey, and ExportKey operations", + "type": "String" + } + ], + "prefix": "payment-cryptography", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a user-friendly name for a Key", + "privilege": "CreateAlias", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourcepolicy" + "resource_type": "alias*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" + "resource_type": "key*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the roots, OUs, and accounts to which a policy is attached", - "privilege": "ListTargetsForPolicy", + "access_level": "Write", + "description": "Grants permission to create a unique customer managed key in the caller's AWS account and region", + "privilege": "CreateKey", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "policy*" - }, { "condition_keys": [ - "organizations:PolicyType" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "payment-cryptography:TagResource" ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to move an account from its current root or OU to another parent root or OU", - "privilege": "MoveAccount", + "description": "Grants permission to decrypt ciphertext data to plaintext using symmetric, asymmetric or DUKPT data encryption key", + "privilege": "DecryptData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organizationalunit" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "root" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create or update a resource policy", - "privilege": "PutResourcePolicy", + "description": "Grants permission to delete the specified alias", + "privilege": "DeleteAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourcepolicy*" + "resource_type": "alias*" }, { "condition_keys": [ @@ -176313,18 +199918,23 @@ }, { "access_level": "Write", - "description": "Grants permission to register the specified member account to administer the Organizations features of the AWS service that is specified by ServicePrincipal", - "privilege": "RegisterDelegatedAdministrator", + "description": "Grants permission to schedule the deletion of a Key", + "privilege": "DeleteKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" - }, + "resource_type": "key*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to encrypt plaintext data to ciphertext using symmetric, asymmetric or DUKPT data encryption key", + "privilege": "EncryptData", + "resource_types": [ { - "condition_keys": [ - "organizations:ServicePrincipal" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -176332,50 +199942,71 @@ }, { "access_level": "Write", - "description": "Grants permission to removes the specified account from the organization", - "privilege": "RemoveAccountFromOrganization", + "description": "Grants permission to export a key from the service", + "privilege": "ExportKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account*" + "resource_type": "key*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add one or more tags to the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to generate card-related data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) or Card Security Codes (CSC) that check the validity of a magnetic stripe card", + "privilege": "GenerateCardValidationData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate a MAC (Message Authentication Code) cryptogram", + "privilege": "GenerateMac", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to generate pin-related data such as PIN, PIN Verification Value (PVV), PIN Block and PIN Offset during new card issuance or card re-issuance", + "privilege": "GeneratePinData", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the keyArn associated with an aliasName", + "privilege": "GetAlias", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourcepolicy" + "resource_type": "alias*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" + "resource_type": "key*" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -176383,155 +200014,164 @@ ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove one or more tags from the specified resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to return the detailed information about the specified key", + "privilege": "GetKey", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "account" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organizationalunit" - }, + "resource_type": "key*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the export token and the signing key certificate to initiate a TR-34 key export", + "privilege": "GetParametersForExport", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the import token and the wrapping key certificate to initiate a TR-34 key import", + "privilege": "GetParametersForImport", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "resourcepolicy" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the public key from a key of class PUBLIC_KEY", + "privilege": "GetPublicKeyCertificate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "root" - }, + "resource_type": "key*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to imports keys and public key certificates", + "privilege": "ImportKey", + "resource_types": [ { "condition_keys": [ + "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "payment-cryptography:TagResource" + ], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to rename an organizational unit (OU)", - "privilege": "UpdateOrganizationalUnit", + "access_level": "List", + "description": "Grants permission to return a list of aliases created for all keys in the caller's AWS account and Region", + "privilege": "ListAliases", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "organizationalunit*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an existing policy with a new name, description, or content", - "privilege": "UpdatePolicy", + "access_level": "List", + "description": "Grants permission to return a list of keys created in the caller's AWS account and Region", + "privilege": "ListKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "policy*" - }, - { - "condition_keys": [ - "organizations:PolicyType" - ], - "dependent_actions": [], "resource_type": "" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:organizations::${Account}:account/o-${OrganizationId}/${AccountId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "account" - }, - { - "arn": "arn:${Partition}:organizations::${Account}:handshake/o-${OrganizationId}/${HandshakeType}/h-${HandshakeId}", - "condition_keys": [], - "resource": "handshake" - }, - { - "arn": "arn:${Partition}:organizations::${Account}:organization/o-${OrganizationId}", - "condition_keys": [], - "resource": "organization" - }, - { - "arn": "arn:${Partition}:organizations::${Account}:ou/o-${OrganizationId}/ou-${OrganizationalUnitId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "organizationalunit" }, { - "arn": "arn:${Partition}:organizations::${Account}:policy/o-${OrganizationId}/${PolicyType}/p-${PolicyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "policy" + "access_level": "Read", + "description": "Grants permission to return a list of tags created in the caller's AWS account and Region", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key" + } + ] }, { - "arn": "arn:${Partition}:organizations::${Account}:resourcepolicy/o-${OrganizationId}/rp-${ResourcePolicyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "resourcepolicy" + "access_level": "Write", + "description": "Grants permission to re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys", + "privilege": "ReEncryptData", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] }, { - "arn": "arn:${Partition}:organizations::aws:policy/${PolicyType}/p-${PolicyId}", - "condition_keys": [], - "resource": "awspolicy" + "access_level": "Write", + "description": "Grants permission to cancel a scheduled key deletion if at any point during the waiting period a Key needs to be revived", + "privilege": "RestoreKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + } + ] }, { - "arn": "arn:${Partition}:organizations::${Account}:root/o-${OrganizationId}/r-${RootId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "root" - } - ], - "service_name": "AWS Organizations" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "access_level": "Write", + "description": "Grants permission to enable a disabled Key", + "privilege": "StartKeyUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + } + ] }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "access_level": "Write", + "description": "Grants permission to disable an enabled Key", + "privilege": "StopKeyUsage", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + } + ] }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" - } - ], - "prefix": "osis", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create an OpenSearch Ingestion pipeline", - "privilege": "CreatePipeline", + "access_level": "Tagging", + "description": "Grants permission to add or overwrites one or more tags for the specified resource", + "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + }, { "condition_keys": [ "aws:TagKeys", @@ -176544,68 +200184,88 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an OpenSearch Ingestion pipeline", - "privilege": "DeletePipeline", + "description": "Grants permission to translate encrypted PIN block from and to ISO 9564 formats 0,1,3,4", + "privilege": "TranslatePinData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve configuration information for an OpenSearch Ingestion pipeline", - "privilege": "GetPipeline", + "access_level": "Tagging", + "description": "Grants permission to remove the specified tag or tags from the specified resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "key*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the contents of an OpenSearch Ingestion pipeline blueprint", - "privilege": "GetPipelineBlueprint", + "access_level": "Write", + "description": "Grants permission to change the key to which an alias is assigned, or unassign it from its current key", + "privilege": "UpdateAlias", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline-blueprint*" + "resource_type": "alias*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "key*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get granular information about the status of an OpenSearch Ingestion pipeline", - "privilege": "GetPipelineChangeProgress", + "access_level": "Write", + "description": "Grants permission to verify Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization", + "privilege": "VerifyAuthRequestCryptogram", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to ingest data through an OpenSearch Ingestion pipeline", - "privilege": "Ingest", + "description": "Grants permission to verify card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC)", + "privilege": "VerifyCardValidationData", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list the names of available blueprints for an OpenSearch Ingestion pipeline configuration", - "privilege": "ListPipelineBlueprints", + "access_level": "Write", + "description": "Grants permission to verify MAC (Message Authentication Code) of input data against a provided MAC", + "privilege": "VerifyMac", "resource_types": [ { "condition_keys": [], @@ -176615,9 +200275,9 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list basic configuration for each OpenSearch Ingestion pipeline in the current account and Region", - "privilege": "ListPipelines", + "access_level": "Write", + "description": "Grants permission to verify pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624", + "privilege": "VerifyPinData", "resource_types": [ { "condition_keys": [], @@ -176625,99 +200285,107 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:payment-cryptography:${Region}:${Account}:key/${KeyId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "payment-cryptography:ResourceAliases" + ], + "resource": "key" }, { - "access_level": "Read", - "description": "Grants permission to list all resource tags associated with an OpenSearch Ingestion pipeline", - "privilege": "ListTagsForResource", + "arn": "arn:${Partition}:payment-cryptography:${Region}:${Account}:alias/${Alias}", + "condition_keys": [ + "payment-cryptography:ResourceAliases" + ], + "resource": "alias" + } + ], + "service_name": "AWS Payment Cryptography" + }, + { + "conditions": [], + "prefix": "payments", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a payment instrument", + "privilege": "CreatePaymentInstrument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to start an OpenSearch Ingestion pipeline", - "privilege": "StartPipeline", + "description": "Grants permission to delete a payment instrument", + "privilege": "DeletePaymentInstrument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to stop an OpenSearch Ingestion pipeline", - "privilege": "StopPipeline", + "access_level": "List", + "description": "Grants permission to get information about a payment instrument", + "privilege": "GetPaymentInstrument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to attach resource tags to an OpenSearch Ingestion pipeline", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to get payment status of invoices", + "privilege": "GetPaymentStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove resource tags from an OpenSearch Ingestion Service pipeline", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to get payment preferences (preferred payment currency, preferred payment method, etc.)", + "privilege": "ListPaymentPreferences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to modify the configuration of an OpenSearch Ingestion pipeline", - "privilege": "UpdatePipeline", + "description": "Grants permission to make a payment, authenticate a payment, verify a payment method, and generate a funding request document for Advance Pay", + "privilege": "MakePayment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipeline*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to validate the configuration of an OpenSearch Ingestion pipeline", - "privilege": "ValidatePipeline", + "access_level": "Write", + "description": "Grants permission to update payment preferences (preferred payment currency, preferred payment method, etc.)", + "privilege": "UpdatePaymentPreferences", "resource_types": [ { "condition_keys": [], @@ -176727,103 +200395,94 @@ ] } ], - "resources": [ - { - "arn": "arn:${Partition}:osis:${Region}:${Account}:pipeline/${PipelineName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pipeline" - }, - { - "arn": "arn:${Partition}:osis:${Region}:${Account}:blueprint/${BlueprintName}", - "condition_keys": [], - "resource": "pipeline-blueprint" - } - ], - "service_name": "Amazon OpenSearch Ingestion" + "resources": [], + "service_name": "AWS Payments" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", + "description": "Filters access by on the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", + "description": "Filters access by on the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", + "description": "Filters access by on the tag keys that are passed in the request", "type": "ArrayOfString" } ], - "prefix": "outposts", + "prefix": "pca-connector-ad", "privileges": [ { "access_level": "Write", - "description": "Grants permission to cancel an order", - "privilege": "CancelOrder", + "description": "Grants permission to create a Connector in your account", + "privilege": "CreateConnector", "resource_types": [ { - "condition_keys": [], - "dependent_actions": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "acm-pca:DescribeCertificateAuthority", + "acm-pca:GetCertificate", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:IssueCertificate", + "ec2:CreateTags", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an order", - "privilege": "CreateOrder", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "outpost*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an Outpost", - "privilege": "CreateOutpost", + "description": "Grants permission to create a DirectoryRegistration in your account", + "privilege": "CreateDirectoryRegistration", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "site*" - }, { "condition_keys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "ds:AuthorizeApplication", + "ds:DescribeDirectories" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a private connectivity configuration", - "privilege": "CreatePrivateConnectivityConfig", + "description": "Grants permission to create a ServicePrincipalName for a DirectoryRegistration", + "privilege": "CreateServicePrincipalName", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ds:UpdateAuthorizedApplication" + ], + "resource_type": "DirectoryRegistration*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a site", - "privilege": "CreateSite", + "access_level": "Write", + "description": "Grants permission to create a Template for a Connector", + "privilege": "CreateTemplate", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Connector*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -176836,140 +200495,148 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an Outpost", - "privilege": "DeleteOutpost", + "description": "Grants permission to create a TemplateGroupAccessControlEntry for a Template", + "privilege": "CreateTemplateGroupAccessControlEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outpost*" + "resource_type": "Template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a site", - "privilege": "DeleteSite", + "description": "Grants permission to delete a Connector in your account", + "privilege": "DeleteConnector", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "site*" + "dependent_actions": [ + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints" + ], + "resource_type": "Connector*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a catalog item", - "privilege": "GetCatalogItem", + "access_level": "Write", + "description": "Grants permission to delete a DirectoryRegistration in your account", + "privilege": "DeleteDirectoryRegistration", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ds:UnauthorizeApplication", + "ds:UpdateAuthorizedApplication" + ], + "resource_type": "DirectoryRegistration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the connection for your Outpost server", - "privilege": "GetConnection", + "access_level": "Write", + "description": "Grants permission to delete a ServicePrincipalName for a DirectoryRegistration", + "privilege": "DeleteServicePrincipalName", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "ds:UpdateAuthorizedApplication" + ], + "resource_type": "DirectoryRegistration*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about an order", - "privilege": "GetOrder", + "access_level": "Write", + "description": "Grants permission to delete a Template for a Connector", + "privilege": "DeleteTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get information about the specified Outpost", - "privilege": "GetOutpost", + "access_level": "Write", + "description": "Grants permission to delete a TemplateGroupAccessControlEntry for a Template", + "privilege": "DeleteTemplateGroupAccessControlEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outpost*" + "resource_type": "Template*" } ] }, { "access_level": "Read", - "description": "Grants permission to get the instance types for the specified Outpost", - "privilege": "GetOutpostInstanceTypes", + "description": "Grants permission to get a Connector in your account", + "privilege": "GetConnector", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outpost*" + "resource_type": "Connector*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a private connectivity configuration", - "privilege": "GetPrivateConnectivityConfig", + "description": "Grants permission to get a DirectoryRegistration in your account", + "privilege": "GetDirectoryRegistration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DirectoryRegistration*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a site", - "privilege": "GetSite", + "description": "Grants permission to get a ServicePrincipalName for a DirectoryRegistration", + "privilege": "GetServicePrincipalName", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "site*" + "resource_type": "DirectoryRegistration*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a site address", - "privilege": "GetSiteAddress", + "description": "Grants permission to get a Template for a Connector", + "privilege": "GetTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "site*" + "resource_type": "Template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the assets for your Outpost", - "privilege": "ListAssets", + "access_level": "Read", + "description": "Grants permission to get a TemplateGroupAccessControlEntry for a Template", + "privilege": "GetTemplateGroupAccessControlEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Template*" } ] }, { "access_level": "List", - "description": "Grants permission to list all catalog items", - "privilege": "ListCatalogItems", + "description": "Grants permission to list the Connectors in your account", + "privilege": "ListConnectors", "resource_types": [ { "condition_keys": [], @@ -176980,8 +200647,8 @@ }, { "access_level": "List", - "description": "Grants permission to list the orders for your AWS account", - "privilege": "ListOrders", + "description": "Grants permission to list the DirectoryRegistrations in your account", + "privilege": "ListDirectoryRegistrations", "resource_types": [ { "condition_keys": [], @@ -176992,20 +200659,20 @@ }, { "access_level": "List", - "description": "Grants permission to list the Outposts for your AWS account", - "privilege": "ListOutposts", + "description": "Grants permission to list the ServicePrincipalNames for a DirectoryRegistration", + "privilege": "ListServicePrincipalNames", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "DirectoryRegistration*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the sites for your AWS account", - "privilege": "ListSites", + "access_level": "Read", + "description": "Grants permission to list the tags for a pca-connector-ad resource in your account", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], @@ -177015,43 +200682,48 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "List", + "description": "Grants permission to list the TemplateGroupAccessControlEntries for a Template", + "privilege": "ListTemplateGroupAccessControlEntries", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to start a connection for your Outpost server", - "privilege": "StartConnection", + "access_level": "List", + "description": "Grants permission to list the Templates for a Connector", + "privilege": "ListTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "Connector*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to tag a resource", + "description": "Grants permission to tag a pca-connector-ad resource in your account", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outpost" + "resource_type": "Connector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "site" + "resource_type": "DirectoryRegistration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template" }, { "condition_keys": [ @@ -177065,18 +200737,23 @@ }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", + "description": "Grants permission to untag a pca-connector-ad resource in your account", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "outpost" + "resource_type": "Connector" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "site" + "resource_type": "DirectoryRegistration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Template" }, { "condition_keys": [ @@ -177089,745 +200766,660 @@ }, { "access_level": "Write", - "description": "Grants permission to update an Outpost", - "privilege": "UpdateOutpost", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "outpost*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a site", - "privilege": "UpdateSite", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "site*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update the site address", - "privilege": "UpdateSiteAddress", + "description": "Grants permission to update a Template for a Connector", + "privilege": "UpdateTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "site*" + "resource_type": "Template*" } ] }, { "access_level": "Write", - "description": "Grants permission to update the physical properties of a rack at a site", - "privilege": "UpdateSiteRackPhysicalProperties", + "description": "Grants permission to update a TemplateGroupAccessControlEntry for a Template", + "privilege": "UpdateTemplateGroupAccessControlEntry", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "site*" + "resource_type": "Template*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:outposts:${Region}:${Account}:outpost/${OutpostId}", + "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:connector/${ConnectorId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "outpost" + "resource": "Connector" }, { - "arn": "arn:${Partition}:outposts:${Region}:${Account}:site/${SiteId}", + "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:directory-registration/${DirectoryId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "site" - } - ], - "service_name": "AWS Outposts" - }, - { - "conditions": [ + "resource": "DirectoryRegistration" + }, { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by the tags that are passed in the request", - "type": "String" + "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:directory-registration/${DirectoryId}", + "condition_keys": [], + "resource": "ServicePrincipalName" }, { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the tags associated with the resource", - "type": "String" + "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:connector/${ConnectorId}/template/${TemplateId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Template" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys that are passed in the request", - "type": "ArrayOfString" + "arn": "arn:${Partition}:pca-connector-ad:${Region}:${Account}:connector/${ConnectorId}/template/${TemplateId}", + "condition_keys": [], + "resource": "TemplateGroupAccessControlEntry" } ], - "prefix": "panorama", + "service_name": "AWS Private CA Connector for Active Directory" + }, + { + "conditions": [], + "prefix": "personalize", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create an AWS Panorama Application Instance", - "privilege": "CreateApplicationInstance", + "description": "Grants permission to create a batch inference job", + "privilege": "CreateBatchInferenceJob", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batchInferenceJob*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a job for an AWS Panorama Appliance", - "privilege": "CreateJobForDevices", + "description": "Grants permission to create a batch segment job", + "privilege": "CreateBatchSegmentJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batchSegmentJob*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Panorama Node", - "privilege": "CreateNodeFromTemplateJob", + "description": "Grants permission to create a campaign", + "privilege": "CreateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Panorama Package", - "privilege": "CreatePackage", + "description": "Grants permission to create a data insights job", + "privilege": "CreateDataInsightsJob", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataInsightsJob*" } ] }, { "access_level": "Write", - "description": "Grants permission to create an AWS Panorama Package", - "privilege": "CreatePackageImportJob", + "description": "Grants permission to create a dataset", + "privilege": "CreateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an AWS Panorama Appliance", - "privilege": "DeleteDevice", + "description": "Grants permission to create a dataset export job", + "privilege": "CreateDatasetExportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "datasetExportJob*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an AWS Panorama Package", - "privilege": "DeletePackage", + "description": "Grants permission to create a dataset group", + "privilege": "CreateDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "datasetGroup*" } ] }, { "access_level": "Write", - "description": "Grants permission to deregister an AWS Panorama package version", - "privilege": "DeregisterPackageVersion", + "description": "Grants permission to create a dataset import job", + "privilege": "CreateDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "datasetImportJob*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama application instance", - "privilege": "DescribeApplicationInstance", + "access_level": "Write", + "description": "Grants permission to create an event tracker", + "privilege": "CreateEventTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance*" + "resource_type": "eventTracker*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama application instance", - "privilege": "DescribeApplicationInstanceDetails", + "access_level": "Write", + "description": "Grants permission to create a filter", + "privilege": "CreateFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance*" + "resource_type": "filter*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama Appliance", - "privilege": "DescribeDevice", + "access_level": "Write", + "description": "Grants permission to create a metric attribution", + "privilege": "CreateMetricAttribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "metricAttribution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view job details for an AWS Panorama Appliance", - "privilege": "DescribeDeviceJob", + "access_level": "Write", + "description": "Grants permission to create a recommender", + "privilege": "CreateRecommender", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "recommender*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama application node", - "privilege": "DescribeNode", + "access_level": "Write", + "description": "Grants permission to create a schema", + "privilege": "CreateSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "schema*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about AWS Panorama application node", - "privilege": "DescribeNodeFromTemplateJob", + "access_level": "Write", + "description": "Grants permission to create a solution", + "privilege": "CreateSolution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "solution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama package", - "privilege": "DescribePackage", + "access_level": "Write", + "description": "Grants permission to create a solution version", + "privilege": "CreateSolutionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "solution*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama package", - "privilege": "DescribePackageImportJob", + "access_level": "Write", + "description": "Grants permission to delete a campaign", + "privilege": "DeleteCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about an AWS Panorama package version", - "privilege": "DescribePackageVersion", + "access_level": "Write", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "dataset*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view details about a software version for the AWS Panorama Appliance", - "privilege": "DescribeSoftware", + "access_level": "Write", + "description": "Grants permission to delete a dataset group", + "privilege": "DeleteDatasetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetGroup*" } ] }, { - "access_level": "Read", - "description": "Grants permission to generate a WebSocket endpoint for communication with AWS Panorama", - "privilege": "GetWebSocketURL", + "access_level": "Write", + "description": "Grants permission to delete an event tracker", + "privilege": "DeleteEventTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "eventTracker*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of application instance dependencies in AWS Panorama", - "privilege": "ListApplicationInstanceDependencies", + "access_level": "Write", + "description": "Grants permission to delete a filter", + "privilege": "DeleteFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance*" + "resource_type": "filter*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of node instances of application instances in AWS Panorama", - "privilege": "ListApplicationInstanceNodeInstances", + "access_level": "Write", + "description": "Grants permission to delete a metric attribution", + "privilege": "DeleteMetricAttribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance*" + "resource_type": "metricAttribution*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of application instances in AWS Panorama", - "privilege": "ListApplicationInstances", + "access_level": "Write", + "description": "Grants permission to delete a recommender", + "privilege": "DeleteRecommender", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" + "resource_type": "recommender*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of appliances in AWS Panorama", - "privilege": "ListDevices", + "access_level": "Write", + "description": "Grants permission to delete a schema", + "privilege": "DeleteSchema", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "schema*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of jobs for an AWS Panorama Appliance", - "privilege": "ListDevicesJobs", + "access_level": "Write", + "description": "Grants permission to delete a solution including all versions of the solution", + "privilege": "DeleteSolution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" + "resource_type": "solution*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of Nodes for an AWS Panorama Appliance", - "privilege": "ListNodeFromTemplateJobs", + "access_level": "Read", + "description": "Grants permission to describe an algorithm", + "privilege": "DescribeAlgorithm", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "algorithm*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of nodes in AWS Panorama", - "privilege": "ListNodes", + "access_level": "Read", + "description": "Grants permission to describe a batch inference job", + "privilege": "DescribeBatchInferenceJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batchInferenceJob*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of packages in AWS Panorama", - "privilege": "ListPackageImportJobs", + "access_level": "Read", + "description": "Grants permission to describe a batch segment job", + "privilege": "DescribeBatchSegmentJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "batchSegmentJob*" } ] }, { - "access_level": "List", - "description": "Grants permission to retrieve a list of packages in AWS Panorama", - "privilege": "ListPackages", + "access_level": "Read", + "description": "Grants permission to describe a campaign", + "privilege": "DescribeCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve a list of tags for a resource in AWS Panorama", - "privilege": "ListTagsForResource", + "description": "Grants permission to describe a data insights job", + "privilege": "DescribeDataInsightsJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance" - }, + "resource_type": "dataInsightsJob*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a dataset", + "privilege": "DescribeDataset", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a dataset export job", + "privilege": "DescribeDatasetExportJob", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package" + "resource_type": "datasetExportJob*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an AWS Panorama Appliance", - "privilege": "ProvisionDevice", + "access_level": "Read", + "description": "Grants permission to describe a dataset group", + "privilege": "DescribeDatasetGroup", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "datasetGroup*" } ] }, { - "access_level": "Write", - "description": "Grants permission to register an AWS Panorama package version", - "privilege": "RegisterPackageVersion", + "access_level": "Read", + "description": "Grants permission to describe a dataset import job", + "privilege": "DescribeDatasetImportJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package*" + "resource_type": "datasetImportJob*" } ] }, { - "access_level": "Write", - "description": "Grants permission to remove an AWS Panorama application instance", - "privilege": "RemoveApplicationInstance", + "access_level": "Read", + "description": "Grants permission to describe an event tracker", + "privilege": "DescribeEventTracker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance*" + "resource_type": "eventTracker*" } ] }, { - "access_level": "Write", - "description": "Grants permission to signal camera nodes in an application instance to pause or resume", - "privilege": "SignalApplicationInstanceNodeInstances", + "access_level": "Read", + "description": "Grants permission to describe a feature transformation", + "privilege": "DescribeFeatureTransformation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance*" + "resource_type": "featureTransformation*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource in AWS Panorama", - "privilege": "TagResource", + "access_level": "Read", + "description": "Grants permission to describe a filter", + "privilege": "DescribeFilter", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance" - }, + "resource_type": "filter*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a metric attribution", + "privilege": "DescribeMetricAttribution", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "metricAttribution*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a recipe", + "privilege": "DescribeRecipe", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "recipe*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource in AWS Panorama", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to describe a recommender", + "privilege": "DescribeRecommender", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "applicationInstance" - }, + "resource_type": "recommender*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a schema", + "privilege": "DescribeSchema", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device" - }, + "resource_type": "schema*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a solution", + "privilege": "DescribeSolution", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "package" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "solution*" } ] }, { - "access_level": "Write", - "description": "Grants permission to modify basic settings for an AWS Panorama Appliance", - "privilege": "UpdateDeviceMetadata", + "access_level": "Read", + "description": "Grants permission to describe a version of a solution", + "privilege": "DescribeSolutionVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device*" + "resource_type": "solution*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:panorama:${Region}:${Account}:device/${DeviceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "device" - }, - { - "arn": "arn:${Partition}:panorama:${Region}:${Account}:package/${PackageId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "package" - }, - { - "arn": "arn:${Partition}:panorama:${Region}:${Account}:applicationInstance/${ApplicationInstanceId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "applicationInstance" - } - ], - "service_name": "AWS Panorama" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by both the key and value of the tag in the request for the specified operation", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tags assigned to a key for the specified operation", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in the request for the specified operation", - "type": "ArrayOfString" - }, - { - "condition": "payment-cryptography:CertificateAuthorityPublicKeyIdentifier", - "description": "Filters access by the CertificateAuthorityPublicKeyIdentifier specified in the request or the ImportKey, and ExportKey operations", - "type": "String" - }, - { - "condition": "payment-cryptography:ImportKeyMaterial", - "description": "Filters access by the type of key material being imported [RootCertificatePublicKey, TrustedCertificatePublicKey, Tr34KeyBlock, Tr31KeyBlock] for the ImportKey operation", - "type": "String" - }, - { - "condition": "payment-cryptography:KeyAlgorithm", - "description": "Filters access by KeyAlgorithm specified in the request for the CreateKey operation", - "type": "String" - }, - { - "condition": "payment-cryptography:KeyClass", - "description": "Filters access by KeyClass specified in the request for the CreateKey operation", - "type": "String" - }, - { - "condition": "payment-cryptography:KeyUsage", - "description": "Filters access by KeyClass specified in the request or associated with a key for the CreateKey operation", - "type": "String" - }, - { - "condition": "payment-cryptography:RequestAlias", - "description": "Filters access by aliases in the request for the specified operation", - "type": "String" - }, - { - "condition": "payment-cryptography:ResourceAliases", - "description": "Filters access by aliases associated with a key for the specified operation", - "type": "ArrayOfString" }, { - "condition": "payment-cryptography:WrappingKeyIdentifier", - "description": "Filters access by the WrappingKeyIdentifier specified in the request for the ImportKey, and ExportKey operations", - "type": "String" - } - ], - "prefix": "payment-cryptography", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to create a user-friendly name for a Key", - "privilege": "CreateAlias", + "access_level": "Read", + "description": "Grants permission to get a list of recommended actions", + "privilege": "GetActionRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, + "resource_type": "campaign*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get data insights from a data insights job", + "privilege": "GetDataInsights", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "dataInsightsJob*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a unique customer managed key in the caller's AWS account and region", - "privilege": "CreateKey", + "access_level": "Read", + "description": "Grants permission to get a re-ranked list of recommendations", + "privilege": "GetPersonalizedRanking", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "payment-cryptography:TagResource" - ], - "resource_type": "" + "condition_keys": [], + "dependent_actions": [], + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to decrypt ciphertext data to plaintext using symmetric, asymmetric or DUKPT data encryption key", - "privilege": "DecryptData", + "access_level": "Read", + "description": "Grants permission to get a list of recommendations from a campaign", + "privilege": "GetRecommendations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete the specified alias", - "privilege": "DeleteAlias", + "access_level": "Read", + "description": "Grants permission to get metrics for a solution version", + "privilege": "GetSolutionMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, + "resource_type": "solution*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list batch inference jobs", + "privilege": "ListBatchInferenceJobs", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to schedule the deletion of a Key", - "privilege": "DeleteKey", + "access_level": "List", + "description": "Grants permission to list batch segment jobs", + "privilege": "ListBatchSegmentJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to encrypt plaintext data to ciphertext using symmetric, asymmetric or DUKPT data encryption key", - "privilege": "EncryptData", + "access_level": "List", + "description": "Grants permission to list campaigns", + "privilege": "ListCampaigns", "resource_types": [ { "condition_keys": [], @@ -177837,21 +201429,21 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to export a key from the service", - "privilege": "ExportKey", + "access_level": "List", + "description": "Grants permission to list data insights jobs", + "privilege": "ListDataInsightsJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to generate card-related data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) or Card Security Codes (CSC) that check the validity of a magnetic stripe card", - "privilege": "GenerateCardValidationData", + "access_level": "List", + "description": "Grants permission to list dataset export jobs", + "privilege": "ListDatasetExportJobs", "resource_types": [ { "condition_keys": [], @@ -177861,9 +201453,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to generate a MAC (Message Authentication Code) cryptogram", - "privilege": "GenerateMac", + "access_level": "List", + "description": "Grants permission to list dataset groups", + "privilege": "ListDatasetGroups", "resource_types": [ { "condition_keys": [], @@ -177873,9 +201465,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to generate pin-related data such as PIN, PIN Verification Value (PVV), PIN Block and PIN Offset during new card issuance or card re-issuance", - "privilege": "GeneratePinData", + "access_level": "List", + "description": "Grants permission to list dataset import jobs", + "privilege": "ListDatasetImportJobs", "resource_types": [ { "condition_keys": [], @@ -177885,46 +201477,45 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the keyArn associated with an aliasName", - "privilege": "GetAlias", + "access_level": "List", + "description": "Grants permission to list datasets", + "privilege": "ListDatasets", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list event trackers", + "privilege": "ListEventTrackers", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return the detailed information about the specified key", - "privilege": "GetKey", + "access_level": "List", + "description": "Grants permission to list filters", + "privilege": "ListFilters", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the export token and the signing key certificate to initiate a TR-34 key export", - "privilege": "GetParametersForExport", + "access_level": "List", + "description": "Grants permission to list metric attribution metrics", + "privilege": "ListMetricAttributionMetrics", "resource_types": [ { "condition_keys": [], @@ -177934,9 +201525,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to get the import token and the wrapping key certificate to initiate a TR-34 key import", - "privilege": "GetParametersForImport", + "access_level": "List", + "description": "Grants permission to list metric attributions", + "privilege": "ListMetricAttributions", "resource_types": [ { "condition_keys": [], @@ -177946,79 +201537,81 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to return the public key from a key of class PUBLIC_KEY", - "privilege": "GetPublicKeyCertificate", + "access_level": "List", + "description": "Grants permission to list recipes", + "privilege": "ListRecipes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to imports keys and public key certificates", - "privilege": "ImportKey", + "access_level": "List", + "description": "Grants permission to list recommenders", + "privilege": "ListRecommenders", "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "payment-cryptography:TagResource" - ], + "condition_keys": [], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of aliases created for all keys in the caller's AWS account and Region", - "privilege": "ListAliases", + "description": "Grants permission to list schemas", + "privilege": "ListSchemas", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list versions of a solution", + "privilege": "ListSolutionVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to return a list of keys created in the caller's AWS account and Region", - "privilege": "ListKeys", + "description": "Grants permission to list solutions", + "privilege": "ListSolutions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to return a list of tags created in the caller's AWS account and Region", + "access_level": "List", + "description": "Grants permission to list tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys", - "privilege": "ReEncryptData", + "description": "Grants permission to put real time action interaction data", + "privilege": "PutActionInteractions", "resource_types": [ { "condition_keys": [], @@ -178029,112 +201622,107 @@ }, { "access_level": "Write", - "description": "Grants permission to cancel a scheduled key deletion if at any point during the waiting period a Key needs to be revived", - "privilege": "RestoreKey", + "description": "Grants permission to ingest Actions data", + "privilege": "PutActions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to enable a disabled Key", - "privilege": "StartKeyUsage", + "description": "Grants permission to put real time event data", + "privilege": "PutEvents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to disable an enabled Key", - "privilege": "StopKeyUsage", + "description": "Grants permission to ingest Items data", + "privilege": "PutItems", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" + "resource_type": "dataset*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add or overwrites one or more tags for the specified resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to ingest Users data", + "privilege": "PutUsers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to translate encrypted PIN block from and to ISO 9564 formats 0,1,3,4", - "privilege": "TranslatePinData", + "description": "Grants permission to start a recommender", + "privilege": "StartRecommender", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "recommender*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove the specified tag or tags from the specified resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to stop a recommender", + "privilege": "StopRecommender", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "recommender*" } ] }, { "access_level": "Write", - "description": "Grants permission to change the key to which an alias is assigned, or unassign it from its current key", - "privilege": "UpdateAlias", + "description": "Grants permission to stop a solution version creation", + "privilege": "StopSolutionVersionCreation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "alias*" - }, + "resource_type": "solution*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "key*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } @@ -178142,856 +201730,1073 @@ }, { "access_level": "Write", - "description": "Grants permission to verify Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization", - "privilege": "VerifyAuthRequestCryptogram", + "description": "Grants permission to update a campaign", + "privilege": "UpdateCampaign", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "campaign*" } ] }, { "access_level": "Write", - "description": "Grants permission to verify card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC)", - "privilege": "VerifyCardValidationData", + "description": "Grants permission to update a dataset", + "privilege": "UpdateDataset", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "dataset*" } ] }, { "access_level": "Write", - "description": "Grants permission to verify MAC (Message Authentication Code) of input data against a provided MAC", - "privilege": "VerifyMac", + "description": "Grants permission to update a metric attribution", + "privilege": "UpdateMetricAttribution", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "metricAttribution*" } ] }, { "access_level": "Write", - "description": "Grants permission to verify pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624", - "privilege": "VerifyPinData", + "description": "Grants permission to update a recommender", + "privilege": "UpdateRecommender", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "recommender*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:payment-cryptography:${Region}:${Account}:key/${KeyId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "payment-cryptography:ResourceAliases" - ], - "resource": "key" + "arn": "arn:${Partition}:personalize:${Region}:${Account}:schema/${ResourceId}", + "condition_keys": [], + "resource": "schema" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:feature-transformation/${ResourceId}", + "condition_keys": [], + "resource": "featureTransformation" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset/${ResourceId}", + "condition_keys": [], + "resource": "dataset" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset-group/${ResourceId}", + "condition_keys": [], + "resource": "datasetGroup" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset-import-job/${ResourceId}", + "condition_keys": [], + "resource": "datasetImportJob" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:data-insights-job/${ResourceId}", + "condition_keys": [], + "resource": "dataInsightsJob" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset-export-job/${ResourceId}", + "condition_keys": [], + "resource": "datasetExportJob" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:solution/${ResourceId}", + "condition_keys": [], + "resource": "solution" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:campaign/${ResourceId}", + "condition_keys": [], + "resource": "campaign" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:event-tracker/${ResourceId}", + "condition_keys": [], + "resource": "eventTracker" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:recipe/${ResourceId}", + "condition_keys": [], + "resource": "recipe" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:algorithm/${ResourceId}", + "condition_keys": [], + "resource": "algorithm" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:batch-inference-job/${ResourceId}", + "condition_keys": [], + "resource": "batchInferenceJob" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:filter/${ResourceId}", + "condition_keys": [], + "resource": "filter" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:recommender/${ResourceId}", + "condition_keys": [], + "resource": "recommender" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:batch-segment-job/${ResourceId}", + "condition_keys": [], + "resource": "batchSegmentJob" + }, + { + "arn": "arn:${Partition}:personalize:${Region}:${Account}:metric-attribution/${ResourceId}", + "condition_keys": [], + "resource": "metricAttribution" + } + ], + "service_name": "Amazon Personalize" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "arn": "arn:${Partition}:payment-cryptography:${Region}:${Account}:alias/${Alias}", - "condition_keys": [ - "payment-cryptography:ResourceAliases" - ], - "resource": "alias" + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" } ], - "service_name": "AWS Payment Cryptography" - }, - { - "conditions": [], - "prefix": "payments", + "prefix": "pi", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a payment instrument", - "privilege": "CreatePaymentInstrument", + "description": "Grants permission to call CreatePerformanceAnalysisReport API to create a Performance Analysis Report for a specified DB instance", + "privilege": "CreatePerformanceAnalysisReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "perf-reports-resource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a payment instrument", - "privilege": "DeletePaymentInstrument", + "description": "Grants permission to call DeletePerformanceAnalysisReport API to delete a Performance Analysis Report for a specified DB instance", + "privilege": "DeletePerformanceAnalysisReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "perf-reports-resource*" } ] }, { - "access_level": "List", - "description": "Grants permission to get information about a payment instrument", - "privilege": "GetPaymentInstrument", + "access_level": "Read", + "description": "Grants permission to call DescribeDimensionKeys API to retrieve the top N dimension keys for a metric for a specific time period", + "privilege": "DescribeDimensionKeys", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "metric-resource*" } ] }, { "access_level": "Read", - "description": "Grants permission to get payment status of invoices", - "privilege": "GetPaymentStatus", + "description": "Grants permission to call GetDimensionKeyDetails API to retrieve the attributes of the specified dimension group", + "privilege": "GetDimensionKeyDetails", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "metric-resource*" } ] }, { - "access_level": "List", - "description": "Grants permission to get payment preferences (preferred payment currency, preferred payment method, etc.)", - "privilege": "ListPaymentPreferences", + "access_level": "Read", + "description": "Grants permission to call GetPerformanceAnalysisReport API to retrieve a Performance Analysis Report for a specified DB instance", + "privilege": "GetPerformanceAnalysisReport", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "perf-reports-resource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to make a payment, authenticate a payment, verify a payment method, and generate a funding request document for Advance Pay", - "privilege": "MakePayment", + "access_level": "Read", + "description": "Grants permission to call GetResourceMetadata API to retrieve the metadata for different features", + "privilege": "GetResourceMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "metric-resource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update payment preferences (preferred payment currency, preferred payment method, etc.)", - "privilege": "UpdatePaymentPreferences", + "access_level": "Read", + "description": "Grants permission to call GetResourceMetrics API to retrieve PI metrics for a set of data sources, over a time period", + "privilege": "GetResourceMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "metric-resource*" } ] - } - ], - "resources": [], - "service_name": "AWS Payments" - }, - { - "conditions": [], - "prefix": "personalize", - "privileges": [ + }, { - "access_level": "Write", - "description": "Grants permission to create a batch inference job", - "privilege": "CreateBatchInferenceJob", + "access_level": "Read", + "description": "Grants permission to call ListAvailableResourceDimensions API to retrieve the dimensions that can be queried for each specified metric type on a specified DB instance", + "privilege": "ListAvailableResourceDimensions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchInferenceJob*" + "resource_type": "metric-resource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a batch segment job", - "privilege": "CreateBatchSegmentJob", + "access_level": "Read", + "description": "Grants permission to call ListAvailableResourceMetrics API to retrieve metrics of the specified types that can be queried for a specified DB instance", + "privilege": "ListAvailableResourceMetrics", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchSegmentJob*" + "resource_type": "metric-resource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a campaign", - "privilege": "CreateCampaign", + "access_level": "List", + "description": "Grants permission to call ListPerformanceAnalysisReports API to list Performance Analysis Reports for a specified DB instance", + "privilege": "ListPerformanceAnalysisReports", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "perf-reports-resource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a dataset", - "privilege": "CreateDataset", + "access_level": "List", + "description": "Grants permission to call ListTagsForResource API to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "perf-reports-resource*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a dataset export job", - "privilege": "CreateDatasetExportJob", + "access_level": "Tagging", + "description": "Grants permission to call TagResource API to tag a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetExportJob*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a dataset group", - "privilege": "CreateDatasetGroup", - "resource_types": [ + "resource_type": "perf-reports-resource*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a dataset import job", - "privilege": "CreateDatasetImportJob", + "access_level": "Tagging", + "description": "Grants permission to call UntagResource API to untag a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an event tracker", - "privilege": "CreateEventTracker", - "resource_types": [ + "resource_type": "perf-reports-resource*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "eventTracker*" + "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:pi:${Region}:${Account}:metrics/${ServiceType}/${Identifier}", + "condition_keys": [], + "resource": "metric-resource" }, { - "access_level": "Write", - "description": "Grants permission to create a filter", - "privilege": "CreateFilter", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "filter*" - } - ] + "arn": "arn:${Partition}:pi:${Region}:${Account}:perf-reports/${ServiceType}/${Identifier}/${ReportId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "perf-reports-resource" + } + ], + "service_name": "AWS Performance Insights" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by allowed set of values for each of the tags", + "type": "String" }, { - "access_level": "Write", - "description": "Grants permission to create a metric attribution", - "privilege": "CreateMetricAttribution", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "metricAttribution*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource", + "type": "String" }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "pipes", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a recommender", - "privilege": "CreateRecommender", + "description": "Grants permission to create a pipe", + "privilege": "CreatePipe", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "recommender*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a schema", - "privilege": "CreateSchema", + "description": "Grants permission to delete a pipe", + "privilege": "DeletePipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a solution", - "privilege": "CreateSolution", - "resource_types": [ + "resource_type": "pipe*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "solution*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a solution version", - "privilege": "CreateSolutionVersion", + "access_level": "Read", + "description": "Grants permission to describe a pipe", + "privilege": "DescribePipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "solution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a campaign", - "privilege": "DeleteCampaign", - "resource_types": [ + "resource_type": "pipe*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataset", + "access_level": "List", + "description": "Grants permission to list all pipes in your account", + "privilege": "ListPipes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a dataset group", - "privilege": "DeleteDatasetGroup", + "access_level": "Read", + "description": "Grants permission to list the tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetGroup*" + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an event tracker", - "privilege": "DeleteEventTracker", + "description": "Grants permission to start a pipe", + "privilege": "StartPipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventTracker*" + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a filter", - "privilege": "DeleteFilter", + "description": "Grants permission to stop a pipe", + "privilege": "StopPipe", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a metric attribution", - "privilege": "DeleteMetricAttribution", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metricAttribution*" + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a recommender", - "privilege": "DeleteRecommender", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a schema", - "privilege": "DeleteSchema", + "description": "Grants permission to update a pipe", + "privilege": "UpdatePipe", "resource_types": [ { "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "pipe*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:pipes:${Region}:${Account}:pipe/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "pipe" + } + ], + "service_name": "Amazon EventBridge Pipes" + }, + { + "conditions": [], + "prefix": "polly", + "privileges": [ { "access_level": "Write", - "description": "Grants permission to delete a solution including all versions of the solution", - "privilege": "DeleteSolution", + "description": "Grants permission to delete the specified pronunciation lexicon stored in an AWS Region", + "privilege": "DeleteLexicon", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "solution*" + "resource_type": "lexicon*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe an algorithm", - "privilege": "DescribeAlgorithm", + "access_level": "List", + "description": "Grants permission to describe the list of voices that are available for use when requesting speech synthesis", + "privilege": "DescribeVoices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "algorithm*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a batch inference job", - "privilege": "DescribeBatchInferenceJob", + "description": "Grants permission to retrieve the content of the specified pronunciation lexicon stored in an AWS Region", + "privilege": "GetLexicon", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchInferenceJob*" + "resource_type": "lexicon*" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a batch segment job", - "privilege": "DescribeBatchSegmentJob", + "description": "Grants permission to get information about specific speech synthesis task", + "privilege": "GetSpeechSynthesisTask", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "batchSegmentJob*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a campaign", - "privilege": "DescribeCampaign", + "access_level": "List", + "description": "Grants permission to list the pronunciation lexicons stored in an AWS Region", + "privilege": "ListLexicons", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset", - "privilege": "DescribeDataset", + "access_level": "List", + "description": "Grants permission to list requested speech synthesis tasks", + "privilege": "ListSpeechSynthesisTasks", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset export job", - "privilege": "DescribeDatasetExportJob", + "access_level": "Write", + "description": "Grants permission to store a pronunciation lexicon in an AWS Region", + "privilege": "PutLexicon", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetExportJob*" + "resource_type": "lexicon*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a dataset group", - "privilege": "DescribeDatasetGroup", + "access_level": "Write", + "description": "Grants permission to synthesize long inputs to the provided S3 location", + "privilege": "StartSpeechSynthesisTask", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasetGroup*" + "dependent_actions": [ + "s3:PutObject" + ], + "resource_type": "lexicon" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a dataset import job", - "privilege": "DescribeDatasetImportJob", + "description": "Grants permission to synthesize speech", + "privilege": "SynthesizeSpeech", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "datasetImportJob*" + "resource_type": "lexicon" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:polly:${Region}:${Account}:lexicon/${LexiconName}", + "condition_keys": [], + "resource": "lexicon" + } + ], + "service_name": "Amazon Polly" + }, + { + "conditions": [], + "prefix": "pricing", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to describe an event tracker", - "privilege": "DescribeEventTracker", + "description": "Grants permission to retrieve service details for all (paginated) services (if serviceCode is not set) or service detail for a particular service (if given serviceCode)", + "privilege": "DescribeServices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "eventTracker*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a feature transformation", - "privilege": "DescribeFeatureTransformation", + "description": "Grants permission to retrieve all (paginated) possible values for a given attribute", + "privilege": "GetAttributeValues", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "featureTransformation*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a filter", - "privilege": "DescribeFilter", + "description": "Grants permission to retrieve the price list file URL for the given parameters", + "privilege": "GetPriceListFileUrl", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "filter*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a metric attribution", - "privilege": "DescribeMetricAttribution", + "description": "Grants permission to retrieve all matching products with given search criteria", + "privilege": "GetProducts", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metricAttribution*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a recipe", - "privilege": "DescribeRecipe", + "description": "Grants permission to list all (paginated) eligible price lists for the given parameters", + "privilege": "ListPriceLists", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "recipe*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "AWS Price List" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by checking the presence of tag key-value pairs in the request", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to describe a recommender", - "privilege": "DescribeRecommender", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "recommender*" - } - ] + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by checking tag key-value pairs attached to the resource", + "type": "String" }, { - "access_level": "Read", - "description": "Grants permission to describe a schema", - "privilege": "DescribeSchema", + "condition": "aws:TagKeys", + "description": "Filters access by presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "private-networks", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to acknowledge that an order has been received", + "privilege": "AcknowledgeOrderReceipt", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "schema*" + "resource_type": "order*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a solution", - "privilege": "DescribeSolution", + "access_level": "Write", + "description": "Grants permission to activate a device identifier", + "privilege": "ActivateDeviceIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "solution*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to describe a version of a solution", - "privilege": "DescribeSolutionVersion", - "resource_types": [ + "resource_type": "device-identifier*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "dependent_actions": [], - "resource_type": "solution*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a re-ranked list of recommendations", - "privilege": "GetPersonalizedRanking", + "access_level": "Write", + "description": "Grants permission to activate a network site", + "privilege": "ActivateNetworkSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a list of recommendations from a campaign", - "privilege": "GetRecommendations", - "resource_types": [ + "resource_type": "network-site*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get metrics for a solution version", - "privilege": "GetSolutionMetrics", - "resource_types": [ + "resource_type": "order*" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "solution*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list batch inference jobs", - "privilege": "ListBatchInferenceJobs", + "access_level": "Write", + "description": "Grants permission to configure an access point", + "privilege": "ConfigureAccessPoint", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network-resource*" } ] }, { - "access_level": "List", - "description": "Grants permission to list batch segment jobs", - "privilege": "ListBatchSegmentJobs", + "access_level": "Write", + "description": "Grants permission to create a network", + "privilege": "CreateNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list campaigns", - "privilege": "ListCampaigns", + "access_level": "Write", + "description": "Grants permission to create a network site", + "privilege": "CreateNetworkSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "network*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list dataset export jobs", - "privilege": "ListDatasetExportJobs", + "access_level": "Write", + "description": "Grants permission to deactivate a device identifier", + "privilege": "DeactivateDeviceIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "device-identifier*" } ] }, { - "access_level": "List", - "description": "Grants permission to list dataset groups", - "privilege": "ListDatasetGroups", + "access_level": "Write", + "description": "Grants permission to delete a network", + "privilege": "DeleteNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network*" } ] }, { - "access_level": "List", - "description": "Grants permission to list dataset import jobs", - "privilege": "ListDatasetImportJobs", + "access_level": "Write", + "description": "Grants permission to delete a network site", + "privilege": "DeleteNetworkSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network-site*" } ] }, { - "access_level": "List", - "description": "Grants permission to list datasets", - "privilege": "ListDatasets", + "access_level": "Read", + "description": "Grants permission to get a device identifier", + "privilege": "GetDeviceIdentifier", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "device-identifier*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list event trackers", - "privilege": "ListEventTrackers", + "access_level": "Read", + "description": "Grants permission to get a network", + "privilege": "GetNetwork", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "network*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list filters", - "privilege": "ListFilters", + "access_level": "Read", + "description": "Grants permission to get a network resource", + "privilege": "GetNetworkResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "network-resource*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list metric attribution metrics", - "privilege": "ListMetricAttributionMetrics", + "access_level": "Read", + "description": "Grants permission to get a network site", + "privilege": "GetNetworkSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "network-site*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list metric attributions", - "privilege": "ListMetricAttributions", + "access_level": "Read", + "description": "Grants permission to get a network order", + "privilege": "GetOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list recipes", - "privilege": "ListRecipes", + "description": "Grants permission to list device identifiers", + "privilege": "ListDeviceIdentifiers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network*" } ] }, { "access_level": "List", - "description": "Grants permission to list recommenders", - "privilege": "ListRecommenders", + "description": "Grants permission to list network resources", + "privilege": "ListNetworkResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network*" } ] }, { "access_level": "List", - "description": "Grants permission to list schemas", - "privilege": "ListSchemas", + "description": "Grants permission to list network sites", + "privilege": "ListNetworkSites", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network*" } ] }, { "access_level": "List", - "description": "Grants permission to list versions of a solution", - "privilege": "ListSolutionVersions", + "description": "Grants permission to list networks", + "privilege": "ListNetworks", "resource_types": [ { "condition_keys": [], @@ -179002,19 +202807,19 @@ }, { "access_level": "List", - "description": "Grants permission to list solutions", - "privilege": "ListSolutions", + "description": "Grants permission to list network orders", + "privilege": "ListOrders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "network*" } ] }, { "access_level": "List", - "description": "Grants permission to list tags for a resource", + "description": "Grants permission to return a list of tags for a resource", "privilege": "ListTagsForResource", "resource_types": [ { @@ -179025,9 +202830,9 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to put real time event data", - "privilege": "PutEvents", + "access_level": "Read", + "description": "Grants permission to check the health of the service", + "privilege": "Ping", "resource_types": [ { "condition_keys": [], @@ -179038,687 +202843,577 @@ }, { "access_level": "Write", - "description": "Grants permission to ingest Items data", - "privilege": "PutItems", + "description": "Grants permission to start an update on the specified network resource", + "privilege": "StartNetworkResourceUpdate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" + "resource_type": "network-resource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to ingest Users data", - "privilege": "PutUsers", + "access_level": "Tagging", + "description": "Grants permission to adds tags to the specified resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "dataset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to start a recommender", - "privilege": "StartRecommender", - "resource_types": [ + "resource_type": "device-identifier" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a recommender", - "privilege": "StopRecommender", - "resource_types": [ + "resource_type": "network" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to stop a solution version creation", - "privilege": "StopSolutionVersionCreation", - "resource_types": [ + "resource_type": "network-resource" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "solution*" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag a resource", - "privilege": "TagResource", - "resource_types": [ + "resource_type": "network-site" + }, { "condition_keys": [], "dependent_actions": [], + "resource_type": "order" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Tagging", - "description": "Grants permission to untag a resource", + "description": "Grants permission to removes tags from the specified resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a campaign", - "privilege": "UpdateCampaign", - "resource_types": [ + "resource_type": "device-identifier" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "campaign*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a metric attribution", - "privilege": "UpdateMetricAttribution", - "resource_types": [ + "resource_type": "network" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "metricAttribution*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a recommender", - "privilege": "UpdateRecommender", - "resource_types": [ + "resource_type": "network-resource" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "recommender*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:schema/${ResourceId}", - "condition_keys": [], - "resource": "schema" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:feature-transformation/${ResourceId}", - "condition_keys": [], - "resource": "featureTransformation" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset/${ResourceId}", - "condition_keys": [], - "resource": "dataset" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset-group/${ResourceId}", - "condition_keys": [], - "resource": "datasetGroup" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset-import-job/${ResourceId}", - "condition_keys": [], - "resource": "datasetImportJob" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:dataset-export-job/${ResourceId}", - "condition_keys": [], - "resource": "datasetExportJob" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:solution/${ResourceId}", - "condition_keys": [], - "resource": "solution" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:campaign/${ResourceId}", - "condition_keys": [], - "resource": "campaign" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:event-tracker/${ResourceId}", - "condition_keys": [], - "resource": "eventTracker" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:recipe/${ResourceId}", - "condition_keys": [], - "resource": "recipe" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:algorithm/${ResourceId}", - "condition_keys": [], - "resource": "algorithm" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:batch-inference-job/${ResourceId}", - "condition_keys": [], - "resource": "batchInferenceJob" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:filter/${ResourceId}", - "condition_keys": [], - "resource": "filter" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:recommender/${ResourceId}", - "condition_keys": [], - "resource": "recommender" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:batch-segment-job/${ResourceId}", - "condition_keys": [], - "resource": "batchSegmentJob" - }, - { - "arn": "arn:${Partition}:personalize:${Region}:${Account}:metric-attribution/${ResourceId}", - "condition_keys": [], - "resource": "metricAttribution" - } - ], - "service_name": "Amazon Personalize" - }, - { - "conditions": [], - "prefix": "pi", - "privileges": [ - { - "access_level": "Read", - "description": "Grants permission to call DescribeDimensionKeys API to retrieve the top N dimension keys for a metric for a specific time period", - "privilege": "DescribeDimensionKeys", - "resource_types": [ + "resource_type": "network-site" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-resource*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to call GetDimensionKeyDetails API to retrieve the attributes of the specified dimension group", - "privilege": "GetDimensionKeyDetails", - "resource_types": [ + "resource_type": "order" + }, { - "condition_keys": [], + "condition_keys": [ + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "metric-resource*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to call GetResourceMetadata API to retrieve the metadata for different features", - "privilege": "GetResourceMetadata", + "access_level": "Write", + "description": "Grants permission to update a network site", + "privilege": "UpdateNetworkSite", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-resource*" + "resource_type": "network-site*" } ] }, { - "access_level": "Read", - "description": "Grants permission to call GetResourceMetrics API to retrieve PI metrics for a set of data sources, over a time period", - "privilege": "GetResourceMetrics", + "access_level": "Write", + "description": "Grants permission to update a plan at a network site", + "privilege": "UpdateNetworkSitePlan", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "metric-resource*" + "resource_type": "network-site*" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:private-networks:${Region}:${Account}:network/${NetworkName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "network" }, { - "access_level": "Read", - "description": "Grants permission to call ListAvailableResourceDimensions API to retrieve the dimensions that can be queried for each specified metric type on a specified DB instance", - "privilege": "ListAvailableResourceDimensions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "metric-resource*" - } - ] + "arn": "arn:${Partition}:private-networks:${Region}:${Account}:network-site/${NetworkName}/${NetworkSiteName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "network-site" + }, + { + "arn": "arn:${Partition}:private-networks:${Region}:${Account}:network-resource/${NetworkName}/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "network-resource" + }, + { + "arn": "arn:${Partition}:private-networks:${Region}:${Account}:order/${NetworkName}/${OrderId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "order" }, { - "access_level": "Read", - "description": "Grants permission to call ListAvailableResourceMetrics API to retrieve metrics of the specified types that can be queried for a specified DB instance", - "privilege": "ListAvailableResourceMetrics", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "metric-resource*" - } - ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:pi:${Region}:${Account}:metrics/${ServiceType}/${Identifier}", - "condition_keys": [], - "resource": "metric-resource" + "arn": "arn:${Partition}:private-networks:${Region}:${Account}:device-identifier/${NetworkName}/${DeviceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device-identifier" } ], - "service_name": "AWS Performance Insights" + "service_name": "AWS service providing managed private networks" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by allowed set of values for each of the tags", + "description": "Filters access by a key that is present in the request the user makes to the customer profile service", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag-value associated with the resource", + "description": "Filters access by a tag key and value pair", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the presence of mandatory tags in the request", + "description": "Filters access by the list of all the tag key names present in the request the user makes to the customer profile service", "type": "ArrayOfString" } ], - "prefix": "pipes", + "prefix": "profile", "privileges": [ { "access_level": "Write", - "description": "Grants permission to create a pipe", - "privilege": "CreatePipe", + "description": "Grants permission to add a profile key", + "privilege": "AddProfileKey", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a calculated attribute definition in the domain", + "privilege": "CreateCalculatedAttributeDefinition", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], - "resource_type": "pipe*" + "dependent_actions": [], + "resource_type": "calculated-attributes*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a Domain", + "privilege": "CreateDomain", + "resource_types": [ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], - "resource_type": "" + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "domains*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a pipe", - "privilege": "DeletePipe", + "description": "Grants permission to put an event stream in a domain", + "privilege": "CreateEventStream", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipe*" + "dependent_actions": [ + "iam:PutRolePolicy", + "kinesis:DescribeStreamSummary" + ], + "resource_type": "domains*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-streams*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a pipe", - "privilege": "DescribePipe", + "access_level": "Write", + "description": "Grants permission to create an integration workflow in a domain", + "privilege": "CreateIntegrationWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipe*" + "resource_type": "domains*" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "integrations*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all pipes in your account", - "privilege": "ListPipes", + "access_level": "Write", + "description": "Grants permission to create a profile in the domain", + "privilege": "CreateProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list the tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a calculated attribute definition in the domain", + "privilege": "DeleteCalculatedAttributeDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipe*" + "resource_type": "calculated-attributes*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { "access_level": "Write", - "description": "Grants permission to start a pipe", - "privilege": "StartPipe", + "description": "Grants permission to delete a Domain", + "privilege": "DeleteDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipe*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { "access_level": "Write", - "description": "Grants permission to stop a pipe", - "privilege": "StopPipe", + "description": "Grants permission to delete an event stream in a domain", + "privilege": "DeleteEventStream", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], - "resource_type": "pipe*" + "dependent_actions": [ + "iam:DeleteRolePolicy" + ], + "resource_type": "domains*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "event-streams*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a integration in a domain", + "privilege": "DeleteIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipe*" + "resource_type": "domains*" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "integrations*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to delete a profile", + "privilege": "DeleteProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "pipe*" - }, + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a profile key", + "privilege": "DeleteProfileKey", + "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a pipe", - "privilege": "UpdatePipe", + "description": "Grants permission to delete a profile object", + "privilege": "DeleteProfileObject", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "pipe*" + "dependent_actions": [], + "resource_type": "domains*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object-types*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:pipes:${Region}:${Account}:pipe/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "pipe" - } - ], - "service_name": "Amazon EventBridge Pipes" - }, - { - "conditions": [], - "prefix": "polly", - "privileges": [ + }, { "access_level": "Write", - "description": "Grants permission to delete the specified pronunciation lexicon stored in an AWS Region", - "privilege": "DeleteLexicon", + "description": "Grants permission to delete a specific profile object type in the domain", + "privilege": "DeleteProfileObjectType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "lexicon*" + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object-types*" } ] }, { - "access_level": "List", - "description": "Grants permission to describe the list of voices that are available for use when requesting speech synthesis", - "privilege": "DescribeVoices", + "access_level": "Write", + "description": "Grants permission to delete a workflow in a domain", + "privilege": "DeleteWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the content of the specified pronunciation lexicon stored in an AWS Region", - "privilege": "GetLexicon", + "description": "Grants permission to auto detect object type", + "privilege": "DetectProfileObjectType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "lexicon*" + "resource_type": "domains*" } ] }, { "access_level": "Read", - "description": "Grants permission to get information about specific speech synthesis task", - "privilege": "GetSpeechSynthesisTask", + "description": "Grants permission to get a preview of auto merging in a domain", + "privilege": "GetAutoMergingPreview", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { - "access_level": "List", - "description": "Grants permission to list the pronunciation lexicons stored in an AWS Region", - "privilege": "ListLexicons", + "access_level": "Read", + "description": "Grants permission to get a calculated attribute definition in the domain", + "privilege": "GetCalculatedAttributeDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "calculated-attributes*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" } ] }, { - "access_level": "List", - "description": "Grants permission to list requested speech synthesis tasks", - "privilege": "ListSpeechSynthesisTasks", + "access_level": "Read", + "description": "Grants permission to retrieve a calculated attribute for a specific profile in the domain", + "privilege": "GetCalculatedAttributeForProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "calculated-attributes*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to store a pronunciation lexicon in an AWS Region", - "privilege": "PutLexicon", + "access_level": "Read", + "description": "Grants permission to get a specific domain in an account", + "privilege": "GetDomain", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "lexicon*" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to synthesize long inputs to the provided S3 location", - "privilege": "StartSpeechSynthesisTask", + "access_level": "Read", + "description": "Grants permission to get a specific event stream in a domain", + "privilege": "GetEventStream", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "s3:PutObject" + "kinesis:DescribeStreamSummary" ], - "resource_type": "lexicon" + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "event-streams*" } ] }, { "access_level": "Read", - "description": "Grants permission to synthesize speech", - "privilege": "SynthesizeSpeech", + "description": "Grants permission to get an identity resolution job in a domain", + "privilege": "GetIdentityResolutionJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "lexicon" + "resource_type": "domains*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:polly:${Region}:${Account}:lexicon/${LexiconName}", - "condition_keys": [], - "resource": "lexicon" - } - ], - "service_name": "Amazon Polly" - }, - { - "conditions": [], - "prefix": "pricing", - "privileges": [ + }, { "access_level": "Read", - "description": "Grants permission to retrieve service details for all (paginated) services (if serviceCode is not set) or service detail for a particular service (if given serviceCode)", - "privilege": "DescribeServices", + "description": "Grants permission to get a specific integrations in a domain", + "privilege": "GetIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integrations*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve all (paginated) possible values for a given attribute", - "privilege": "GetAttributeValues", + "access_level": "List", + "description": "Grants permission to get profile matches in a domain", + "privilege": "GetMatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the price list file URL for the given parameters", - "privilege": "GetPriceListFileUrl", + "description": "Grants permission to get a specific profile object type in the domain", + "privilege": "GetProfileObjectType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object-types*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve all matching products with given search criteria", - "privilege": "GetProducts", + "description": "Grants permission to get a specific object type template", + "privilege": "GetProfileObjectTypeTemplate", "resource_types": [ { "condition_keys": [], @@ -179728,373 +203423,280 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to list all (paginated) eligible price lists for the given parameters", - "privilege": "ListPriceLists", + "access_level": "List", + "description": "Grants permission to get all the similar profiles in the domain", + "privilege": "GetSimilarProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] - } - ], - "resources": [], - "service_name": "AWS Price List" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by checking the presence of tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by checking tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by presence of tag keys in the request", - "type": "ArrayOfString" - } - ], - "prefix": "private-networks", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to acknowledge that an order has been received", - "privilege": "AcknowledgeOrderReceipt", + "access_level": "Read", + "description": "Grants permission to get workflow details in a domain", + "privilege": "GetWorkflow", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "order*" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate a device identifier", - "privilege": "ActivateDeviceIdentifier", + "access_level": "Read", + "description": "Grants permission to get workflow step details in a domain", + "privilege": "GetWorkflowSteps", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device-identifier*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to activate a network site", - "privilege": "ActivateNetworkSite", + "access_level": "List", + "description": "Grants permission to list all the integrations in the account", + "privilege": "ListAccountIntegrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "order*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to configure an access point", - "privilege": "ConfigureAccessPoint", + "access_level": "List", + "description": "Grants permission to list all the calculated attribute definitions in the domain", + "privilege": "ListCalculatedAttributeDefinitions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-resource*" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a network", - "privilege": "CreateNetwork", + "access_level": "List", + "description": "Grants permission to list all calculated attributes for a specific profile in the domain", + "privilege": "ListCalculatedAttributesForProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create a network site", - "privilege": "CreateNetworkSite", + "access_level": "List", + "description": "Grants permission to list all the domains in an account", + "privilege": "ListDomains", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to deactivate a device identifier", - "privilege": "DeactivateDeviceIdentifier", + "access_level": "List", + "description": "Grants permission to list all the event streams in a specific domain", + "privilege": "ListEventStreams", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device-identifier*" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a network", - "privilege": "DeleteNetwork", + "access_level": "List", + "description": "Grants permission to list identity resolution jobs in a domain", + "privilege": "ListIdentityResolutionJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "domains*" } ] }, { - "access_level": "Write", - "description": "Grants permission to delete a network site", - "privilege": "DeleteNetworkSite", + "access_level": "List", + "description": "Grants permission to list all the integrations in a specific domain", + "privilege": "ListIntegrations", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site*" + "resource_type": "domains*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a device identifier", - "privilege": "GetDeviceIdentifier", + "access_level": "List", + "description": "Grants permission to list all the profile object type templates in the account", + "privilege": "ListProfileObjectTypeTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device-identifier*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a network", - "privilege": "GetNetwork", + "access_level": "List", + "description": "Grants permission to list all the profile object types in the domain", + "privilege": "ListProfileObjectTypes", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a network resource", - "privilege": "GetNetworkResource", + "access_level": "List", + "description": "Grants permission to list all the profile objects for a profile", + "privilege": "ListProfileObjects", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-resource*" + "resource_type": "domains*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "object-types*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a network site", - "privilege": "GetNetworkSite", + "access_level": "List", + "description": "Grants permission to list all the rule-based matching result in the domain", + "privilege": "ListRuleBasedMatches", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a network order", - "privilege": "GetOrder", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "order*" + "resource_type": "calculated-attributes" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list device identifiers", - "privilege": "ListDeviceIdentifiers", - "resource_types": [ + "resource_type": "domains" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list network resources", - "privilege": "ListNetworkResources", - "resource_types": [ + "resource_type": "event-streams" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list network sites", - "privilege": "ListNetworkSites", - "resource_types": [ + "resource_type": "integrations" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "object-types" } ] }, { "access_level": "List", - "description": "Grants permission to list networks", - "privilege": "ListNetworks", + "description": "Grants permission to list all the workflows in a specific domain", + "privilege": "ListWorkflows", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" } ] }, { - "access_level": "List", - "description": "Grants permission to list network orders", - "privilege": "ListOrders", + "access_level": "Write", + "description": "Grants permission to merge profiles in a domain", + "privilege": "MergeProfiles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network*" + "resource_type": "domains*" } ] }, { - "access_level": "List", - "description": "Grants permission to return a list of tags for a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to put a integration in a domain", + "privilege": "PutIntegration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "integrations*" } ] }, { - "access_level": "Read", - "description": "Grants permission to check the health of the service", - "privilege": "Ping", + "access_level": "Write", + "description": "Grants permission to put an object for a profile", + "privilege": "PutProfileObject", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "domains*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "object-types*" } ] }, { "access_level": "Write", - "description": "Grants permission to start an update on the specified network resource", - "privilege": "StartNetworkResourceUpdate", + "description": "Grants permission to put a specific profile object type in the domain", + "privilege": "PutProfileObjectType", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-resource*" + "resource_type": "domains*" }, { "condition_keys": [ @@ -180102,44 +203704,56 @@ "aws:TagKeys" ], "dependent_actions": [], - "resource_type": "" + "resource_type": "object-types*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to search for profiles in a domain", + "privilege": "SearchProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" } ] }, { "access_level": "Tagging", - "description": "Grants permission to adds tags to the specified resource", + "description": "Grants permission to adds tags to a resource", "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device-identifier" + "resource_type": "calculated-attributes" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network" + "resource_type": "domains" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-resource" + "resource_type": "event-streams" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site" + "resource_type": "integrations" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "order" + "resource_type": "object-types" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -180148,33 +203762,33 @@ }, { "access_level": "Tagging", - "description": "Grants permission to removes tags from the specified resource", + "description": "Grants permission to remove tags from a resource", "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "device-identifier" + "resource_type": "calculated-attributes" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network" + "resource_type": "domains" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-resource" + "resource_type": "event-streams" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site" + "resource_type": "integrations" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "order" + "resource_type": "object-types" }, { "condition_keys": [ @@ -180187,119 +203801,426 @@ }, { "access_level": "Write", - "description": "Grants permission to update a network site", - "privilege": "UpdateNetworkSite", + "description": "Grants permission to update a calculated attribute definition in the domain", + "privilege": "UpdateCalculatedAttributeDefinition", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site*" + "resource_type": "calculated-attributes*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "domains*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a plan at a network site", - "privilege": "UpdateNetworkSitePlan", + "description": "Grants permission to update a Domain", + "privilege": "UpdateDomain", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole" + ], + "resource_type": "domains*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a profile in the domain", + "privilege": "UpdateProfile", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "network-site*" + "resource_type": "domains*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:private-networks:${Region}:${Account}:network/${NetworkName}", + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "network" + "resource": "domains" }, { - "arn": "arn:${Partition}:private-networks:${Region}:${Account}:network-site/${NetworkName}/${NetworkSiteName}", + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/object-types/${ObjectTypeName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "network-site" + "resource": "object-types" }, { - "arn": "arn:${Partition}:private-networks:${Region}:${Account}:network-resource/${NetworkName}/${ResourceId}", + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/integrations/${Uri}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "network-resource" + "resource": "integrations" }, { - "arn": "arn:${Partition}:private-networks:${Region}:${Account}:order/${NetworkName}/${OrderId}", + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/event-streams/${EventStreamName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "order" + "resource": "event-streams" }, { - "arn": "arn:${Partition}:private-networks:${Region}:${Account}:device-identifier/${NetworkName}/${DeviceId}", + "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/calculated-attributes/${CalculatedAttributeName}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "device-identifier" + "resource": "calculated-attributes" } ], - "service_name": "AWS service providing managed private networks" + "service_name": "Amazon Connect Customer Profiles" }, { "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a key that is present in the request the user makes to the customer profile service", + "description": "Filters access by tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by a tag key and value pair", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access by the list of all the tag key names present in the request the user makes to the customer profile service", + "description": "Filters access by tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "proton:EnvironmentTemplate", + "description": "Filters access by specified environment template related to resource", + "type": "String" + }, + { + "condition": "proton:ServiceTemplate", + "description": "Filters access by specified service template related to resource", + "type": "String" } ], - "prefix": "profile", + "prefix": "proton", "privileges": [ { "access_level": "Write", - "description": "Grants permission to add a profile key", - "privilege": "AddProfileKey", + "description": "Grants permission to reject an environment account connection request from another environment account", + "privilege": "AcceptEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel component deployment", + "privilege": "CancelComponentDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel an environment deployment", + "privilege": "CancelEnvironmentDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "proton:EnvironmentTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a service instance deployment", + "privilege": "CancelServiceInstanceDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-instance*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to cancel a service pipeline deployment", + "privilege": "CancelServicePipelineDeployment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create component", + "privilege": "CreateComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment", + "privilege": "CreateEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "environment*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "proton:EnvironmentTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment account connection", + "privilege": "CreateEnvironmentAccountConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment template", + "privilege": "CreateEnvironmentTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment template major version. DEPRECATED - use CreateEnvironmentTemplateVersion instead", + "privilege": "CreateEnvironmentTemplateMajorVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment template minor version. DEPRECATED - use CreateEnvironmentTemplateVersion instead", + "privilege": "CreateEnvironmentTemplateMinorVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an environment template version", + "privilege": "CreateEnvironmentTemplateVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a repository", + "privilege": "CreateRepository", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a service", + "privilege": "CreateService", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "codestar-connections:PassConnection" + ], + "resource_type": "service*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a service instance", + "privilege": "CreateServiceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-instance*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a calculated attribute definition in the domain", - "privilege": "CreateCalculatedAttributeDefinition", + "description": "Grants permission to create a service sync config", + "privilege": "CreateServiceSyncConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a service template", + "privilege": "CreateServiceTemplate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-template*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -180308,20 +204229,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create a Domain", - "privilege": "CreateDomain", + "description": "Grants permission to create a service template major version. DEPRECATED - use CreateServiceTemplateVersion instead", + "privilege": "CreateServiceTemplateMajorVersion", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "domains*" + "dependent_actions": [], + "resource_type": "service-template*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -180330,26 +204249,18 @@ }, { "access_level": "Write", - "description": "Grants permission to put an event stream in a domain", - "privilege": "CreateEventStream", + "description": "Grants permission to create a service template minor version. DEPRECATED - use CreateServiceTemplateVersion instead", + "privilege": "CreateServiceTemplateMinorVersion", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "iam:PutRolePolicy", - "kinesis:DescribeStreamSummary" - ], - "resource_type": "domains*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-streams*" + "resource_type": "service-template*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -180358,18 +204269,18 @@ }, { "access_level": "Write", - "description": "Grants permission to create an integration workflow in a domain", - "privilege": "CreateIntegrationWorkflow", + "description": "Grants permission to create a service template version", + "privilege": "CreateServiceTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-template*" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "aws:RequestTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -180378,362 +204289,382 @@ }, { "access_level": "Write", - "description": "Grants permission to create a profile in the domain", - "privilege": "CreateProfile", + "description": "Grants permission to create a template sync config", + "privilege": "CreateTemplateSyncConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a calculated attribute definition in the domain", - "privilege": "DeleteCalculatedAttributeDefinition", + "description": "Grants permission to delete account roles. DEPRECATED - use UpdateAccountSettings instead", + "privilege": "DeleteAccountRoles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete component", + "privilege": "DeleteComponent", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "component*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a Domain", - "privilege": "DeleteDomain", + "description": "Grants permission to delete a deployment", + "privilege": "DeleteDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "deployment*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete an event stream in a domain", - "privilege": "DeleteEventStream", + "description": "Grants permission to delete an environment", + "privilege": "DeleteEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:DeleteRolePolicy" - ], - "resource_type": "domains*" + "dependent_actions": [], + "resource_type": "environment*" }, { - "condition_keys": [], + "condition_keys": [ + "proton:EnvironmentTemplate" + ], "dependent_actions": [], - "resource_type": "event-streams*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a integration in a domain", - "privilege": "DeleteIntegration", + "description": "Grants permission to delete an environment account connection", + "privilege": "DeleteEnvironmentAccountConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" - }, + "resource_type": "environment-account-connection*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an environment template", + "privilege": "DeleteEnvironmentTemplate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integrations*" + "resource_type": "environment-template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a profile", - "privilege": "DeleteProfile", + "description": "Grants permission to delete an environment template major version. DEPRECATED - use DeleteEnvironmentTemplateVersion instead", + "privilege": "DeleteEnvironmentTemplateMajorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment-template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a profile key", - "privilege": "DeleteProfileKey", + "description": "Grants permission to delete an environment template minor version. DEPRECATED - use DeleteEnvironmentTemplateVersion instead", + "privilege": "DeleteEnvironmentTemplateMinorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment-template*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a profile object", - "privilege": "DeleteProfileObject", + "description": "Grants permission to delete an environment template version", + "privilege": "DeleteEnvironmentTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" - }, + "resource_type": "environment-template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a repository", + "privilege": "DeleteRepository", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types*" + "resource_type": "repository*" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a specific profile object type in the domain", - "privilege": "DeleteProfileObjectType", + "description": "Grants permission to delete a service", + "privilege": "DeleteService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service*" }, { - "condition_keys": [], + "condition_keys": [ + "proton:ServiceTemplate" + ], "dependent_actions": [], - "resource_type": "object-types*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a workflow in a domain", - "privilege": "DeleteWorkflow", + "description": "Grants permission to delete a service sync config", + "privilege": "DeleteServiceSyncConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a preview of auto merging in a domain", - "privilege": "GetAutoMergingPreview", + "access_level": "Write", + "description": "Grants permission to delete a service template", + "privilege": "DeleteServiceTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get a calculated attribute definition in the domain", - "privilege": "GetCalculatedAttributeDefinition", + "access_level": "Write", + "description": "Grants permission to delete a service template major version. DEPRECATED - use DeleteServiceTemplateVersion instead", + "privilege": "DeleteServiceTemplateMajorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes*" - }, + "resource_type": "service-template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a service template minor version. DEPRECATED - use DeleteServiceTemplateVersion instead", + "privilege": "DeleteServiceTemplateMinorVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to retrieve a calculated attribute for a specific profile in the domain", - "privilege": "GetCalculatedAttributeForProfile", + "access_level": "Write", + "description": "Grants permission to delete a service template version", + "privilege": "DeleteServiceTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes*" - }, + "resource_type": "service-template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a TemplateSyncConfig", + "privilege": "DeleteTemplateSyncConfig", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a specific domain in an account", - "privilege": "GetDomain", + "description": "Grants permission to get account roles. DEPRECATED - use GetAccountSettings instead", + "privilege": "GetAccountRoles", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a specific event stream in a domain", - "privilege": "GetEventStream", + "description": "Grants permission to describe the account settings", + "privilege": "GetAccountSettings", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "kinesis:DescribeStreamSummary" - ], - "resource_type": "domains*" - }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-streams*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get an identity resolution job in a domain", - "privilege": "GetIdentityResolutionJob", + "description": "Grants permission to describe a component", + "privilege": "GetComponent", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "component*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a specific integrations in a domain", - "privilege": "GetIntegration", + "description": "Grants permission to describe a deployment", + "privilege": "GetDeployment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "integrations*" + "resource_type": "deployment*" } ] }, { - "access_level": "List", - "description": "Grants permission to get profile matches in a domain", - "privilege": "GetMatches", + "access_level": "Read", + "description": "Grants permission to describe an environment", + "privilege": "GetEnvironment", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a specific profile object type in the domain", - "privilege": "GetProfileObjectType", + "description": "Grants permission to describe an environment account connection", + "privilege": "GetEnvironmentAccountConnection", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "object-types*" + "resource_type": "environment-account-connection*" } ] }, { "access_level": "Read", - "description": "Grants permission to get a specific object type template", - "privilege": "GetProfileObjectTypeTemplate", + "description": "Grants permission to describe an environment template", + "privilege": "GetEnvironmentTemplate", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template*" } ] }, { "access_level": "Read", - "description": "Grants permission to get workflow details in a domain", - "privilege": "GetWorkflow", + "description": "Grants permission to get an environment template major version. DEPRECATED - use GetEnvironmentTemplateVersion instead", + "privilege": "GetEnvironmentTemplateMajorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment-template*" } ] }, { "access_level": "Read", - "description": "Grants permission to get workflow step details in a domain", - "privilege": "GetWorkflowSteps", + "description": "Grants permission to get an environment template minor version. DEPRECATED - use GetEnvironmentTemplateVersion instead", + "privilege": "GetEnvironmentTemplateMinorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment-template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the integrations in the account", - "privilege": "ListAccountIntegrations", + "access_level": "Read", + "description": "Grants permission to describe an environment template version", + "privilege": "GetEnvironmentTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the calculated attribute definitions in the domain", - "privilege": "ListCalculatedAttributeDefinitions", + "access_level": "Read", + "description": "Grants permission to describe a repository", + "privilege": "GetRepository", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "repository*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all calculated attributes for a specific profile in the domain", - "privilege": "ListCalculatedAttributesForProfile", + "access_level": "Read", + "description": "Grants permission to get the latest sync status for a repository", + "privilege": "GetRepositorySyncStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the domains in an account", - "privilege": "ListDomains", + "access_level": "Read", + "description": "Grants permission to list resource template version status counts", + "privilege": "GetResourceTemplateVersionStatusCounts", "resource_types": [ { "condition_keys": [], @@ -180743,45 +204674,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the event streams in a specific domain", - "privilege": "ListEventStreams", + "access_level": "Read", + "description": "Grants permission to get resources summary", + "privilege": "GetResourcesSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list identity resolution jobs in a domain", - "privilege": "ListIdentityResolutionJobs", + "access_level": "Read", + "description": "Grants permission to describe a service", + "privilege": "GetService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the integrations in a specific domain", - "privilege": "ListIntegrations", + "access_level": "Read", + "description": "Grants permission to describe a service instance", + "privilege": "GetServiceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-instance*" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the profile object type templates in the account", - "privilege": "ListProfileObjectTypeTemplates", + "access_level": "Read", + "description": "Grants permission to describe the sync status of a service instance", + "privilege": "GetServiceInstanceSyncStatus", "resource_types": [ { "condition_keys": [], @@ -180791,590 +204722,609 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all the profile object types in the domain", - "privilege": "ListProfileObjectTypes", + "access_level": "Read", + "description": "Grants permission to describe service sync blockers on a service or service instance", + "privilege": "GetServiceSyncBlockerSummary", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list all the profile objects for a profile", - "privilege": "ListProfileObjects", + "access_level": "Read", + "description": "Grants permission to describe a service sync config", + "privilege": "GetServiceSyncConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a service template", + "privilege": "GetServiceTemplate", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types*" + "resource_type": "service-template*" } ] }, { "access_level": "Read", - "description": "Grants permission to list tags for a resource", - "privilege": "ListTagsForResource", + "description": "Grants permission to get a service template major version. DEPRECATED - use GetServiceTemplateVersion instead", + "privilege": "GetServiceTemplateMajorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes" - }, + "resource_type": "service-template*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a service template minor version. DEPRECATED - use GetServiceTemplateVersion instead", + "privilege": "GetServiceTemplateMinorVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains" - }, + "resource_type": "service-template*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a service template version", + "privilege": "GetServiceTemplateVersion", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-streams" - }, + "resource_type": "service-template*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe a TemplateSyncConfig", + "privilege": "GetTemplateSyncConfig", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integrations" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the sync status of a template", + "privilege": "GetTemplateSyncStatus", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types" + "resource_type": "" } ] }, { "access_level": "List", - "description": "Grants permission to list all the workflows in a specific domain", - "privilege": "ListWorkflows", + "description": "Grants permission to list component outputs", + "privilege": "ListComponentOutputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "component*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "deployment" } ] }, { - "access_level": "Write", - "description": "Grants permission to merge profiles in a domain", - "privilege": "MergeProfiles", + "access_level": "List", + "description": "Grants permission to list component provisioned resources", + "privilege": "ListComponentProvisionedResources", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "component*" } ] }, { - "access_level": "Write", - "description": "Grants permission to put a integration in a domain", - "privilege": "PutIntegration", + "access_level": "List", + "description": "Grants permission to list components", + "privilege": "ListComponents", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "integrations*" + "resource_type": "service" }, { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-instance" } ] }, { - "access_level": "Write", - "description": "Grants permission to put an object for a profile", - "privilege": "PutProfileObject", + "access_level": "List", + "description": "Grants permission to list deployments", + "privilege": "ListDeployments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list environment account connections", + "privilege": "ListEnvironmentAccountConnections", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types*" + "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to put a specific profile object type in the domain", - "privilege": "PutProfileObjectType", + "access_level": "List", + "description": "Grants permission to list environment outputs", + "privilege": "ListEnvironmentOutputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types*" - }, + "resource_type": "deployment" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list environment provisioned resources", + "privilege": "ListEnvironmentProvisionedResources", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment*" } ] }, { - "access_level": "Read", - "description": "Grants permission to search for profiles in a domain", - "privilege": "SearchProfiles", + "access_level": "List", + "description": "Grants permission to list environment template major versions. DEPRECATED - use ListEnvironmentTemplateVersions instead", + "privilege": "ListEnvironmentTemplateMajorVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "environment-template*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to adds tags to a resource", - "privilege": "TagResource", + "access_level": "List", + "description": "Grants permission to list an environment template minor versions. DEPRECATED - use ListEnvironmentTemplateVersions instead", + "privilege": "ListEnvironmentTemplateMinorVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes" - }, + "resource_type": "environment-template*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list environment template versions", + "privilege": "ListEnvironmentTemplateVersions", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains" - }, + "resource_type": "environment-template*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list environment templates", + "privilege": "ListEnvironmentTemplates", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-streams" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list environments", + "privilege": "ListEnvironments", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integrations" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list repositories", + "privilege": "ListRepositories", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types" - }, + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list repository sync definitions", + "privilege": "ListRepositorySyncDefinitions", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "List", + "description": "Grants permission to list service instance outputs", + "privilege": "ListServiceInstanceOutputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes" + "resource_type": "service*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains" + "resource_type": "service-instance*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "event-streams" - }, + "resource_type": "deployment" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list service instance provisioned resources", + "privilege": "ListServiceInstanceProvisionedResources", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "integrations" + "resource_type": "service*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "object-types" - }, + "resource_type": "service-instance*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list service instances", + "privilege": "ListServiceInstances", + "resource_types": [ { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a calculated attribute definition in the domain", - "privilege": "UpdateCalculatedAttributeDefinition", + "access_level": "List", + "description": "Grants permission to list service pipeline outputs", + "privilege": "ListServicePipelineOutputs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "calculated-attributes*" + "resource_type": "service*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "deployment" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a Domain", - "privilege": "UpdateDomain", + "access_level": "List", + "description": "Grants permission to list service pipeline provisioned resources", + "privilege": "ListServicePipelineProvisionedResources", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:CreateServiceLinkedRole" - ], - "resource_type": "domains*" + "dependent_actions": [], + "resource_type": "service*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a profile in the domain", - "privilege": "UpdateProfile", + "access_level": "List", + "description": "Grants permission to list service template major versions. DEPRECATED - use ListServiceTemplateVersions instead", + "privilege": "ListServiceTemplateMajorVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "domains*" + "resource_type": "service-template*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "domains" - }, - { - "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/object-types/${ObjectTypeName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "object-types" - }, - { - "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/integrations/${Uri}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "integrations" - }, - { - "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/event-streams/${EventStreamName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "event-streams" - }, - { - "arn": "arn:${Partition}:profile:${Region}:${Account}:domains/${DomainName}/calculated-attributes/${CalculatedAttributeName}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "calculated-attributes" - } - ], - "service_name": "Amazon Connect Customer Profiles" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by tag key-value pairs in the request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by tag key-value pairs attached to the resource", - "type": "String" - }, - { - "condition": "aws:TagKeys", - "description": "Filters access by tag keys in the request", - "type": "ArrayOfString" - }, - { - "condition": "proton:EnvironmentTemplate", - "description": "Filters access by specified environment template related to resource", - "type": "String" }, { - "condition": "proton:ServiceTemplate", - "description": "Filters access by specified service template related to resource", - "type": "String" - } - ], - "prefix": "proton", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to reject an environment account connection request from another environment account", - "privilege": "AcceptEnvironmentAccountConnection", + "access_level": "List", + "description": "Grants permission to list service template minor versions. DEPRECATED - use ListServiceTemplateVersions instead", + "privilege": "ListServiceTemplateMinorVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-account-connection*" + "resource_type": "service-template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel component deployment", - "privilege": "CancelComponentDeployment", + "access_level": "List", + "description": "Grants permission to list service template versions", + "privilege": "ListServiceTemplateVersions", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "service-template*" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel an environment deployment", - "privilege": "CancelEnvironmentDeployment", + "access_level": "List", + "description": "Grants permission to list service templates", + "privilege": "ListServiceTemplates", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" - }, - { - "condition_keys": [ - "proton:EnvironmentTemplate" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a service instance deployment", - "privilege": "CancelServiceInstanceDeployment", + "access_level": "List", + "description": "Grants permission to list services", + "privilege": "ListServices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance*" - }, - { - "condition_keys": [ - "proton:ServiceTemplate" - ], - "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to cancel a service pipeline deployment", - "privilege": "CancelServicePipelineDeployment", + "access_level": "Read", + "description": "Grants permission to list tags of a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "component" }, { - "condition_keys": [ - "proton:ServiceTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create component", - "privilege": "CreateComponent", - "resource_types": [ + "resource_type": "environment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "environment-account-connection" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template-major-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template-minor-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "repository" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-major-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-minor-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-version" } ] }, { "access_level": "Write", - "description": "Grants permission to create an environment", - "privilege": "CreateEnvironment", + "description": "Grants permission to notify Proton of resource deployment status changes", + "privilege": "NotifyResourceDeploymentStatusChange", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "environment*" + "dependent_actions": [], + "resource_type": "environment" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "proton:EnvironmentTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-instance" } ] }, { "access_level": "Write", - "description": "Grants permission to create an environment account connection", - "privilege": "CreateEnvironmentAccountConnection", + "description": "Grants permission to reject an environment account connection request from another environment account", + "privilege": "RejectEnvironmentAccountConnection", "resource_types": [ { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "environment-account-connection*" } ] }, { - "access_level": "Write", - "description": "Grants permission to create an environment template", - "privilege": "CreateEnvironmentTemplate", + "access_level": "Tagging", + "description": "Grants permission to add tags to a resource", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "component" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an environment template major version. DEPRECATED - use CreateEnvironmentTemplateVersion instead", - "privilege": "CreateEnvironmentTemplateMajorVersion", - "resource_types": [ + "resource_type": "environment" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "environment-account-connection" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an environment template minor version. DEPRECATED - use CreateEnvironmentTemplateVersion instead", - "privilege": "CreateEnvironmentTemplateMinorVersion", - "resource_types": [ + "resource_type": "environment-template" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "environment-template-major-version" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an environment template version", - "privilege": "CreateEnvironmentTemplateVersion", - "resource_types": [ + "resource_type": "environment-template-minor-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "environment-template-version" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a repository", - "privilege": "CreateRepository", - "resource_types": [ + "resource_type": "repository" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "service" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-major-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-minor-version" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "service-template-version" }, { "condition_keys": [ @@ -181387,135 +205337,83 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to create a service", - "privilege": "CreateService", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "codestar-connections:PassConnection" - ], - "resource_type": "service*" + "dependent_actions": [], + "resource_type": "component" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "proton:ServiceTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service instance", - "privilege": "CreateServiceInstance", - "resource_types": [ + "resource_type": "environment" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-account-connection" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment-template" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance*" + "resource_type": "environment-template-major-version" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "proton:ServiceTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service sync config", - "privilege": "CreateServiceSyncConfig", - "resource_types": [ + "resource_type": "environment-template-minor-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service template", - "privilege": "CreateServiceTemplate", - "resource_types": [ + "resource_type": "environment-template-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "repository" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service template major version. DEPRECATED - use CreateServiceTemplateVersion instead", - "privilege": "CreateServiceTemplateMajorVersion", - "resource_types": [ + "resource_type": "service" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "service-instance" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service template minor version. DEPRECATED - use CreateServiceTemplateVersion instead", - "privilege": "CreateServiceTemplateMinorVersion", - "resource_types": [ + "resource_type": "service-template" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "service-template-major-version" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a service template version", - "privilege": "CreateServiceTemplateVersion", - "resource_types": [ + "resource_type": "service-template-minor-version" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "service-template-version" }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -181524,32 +205422,36 @@ }, { "access_level": "Write", - "description": "Grants permission to create a template sync config", - "privilege": "CreateTemplateSyncConfig", + "description": "Grants permission to update account roles. DEPRECATED - use UpdateAccountSettings instead", + "privilege": "UpdateAccountRoles", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete account roles. DEPRECATED - use UpdateAccountSettings instead", - "privilege": "DeleteAccountRoles", + "description": "Grants permission to update the account settings", + "privilege": "UpdateAccountSettings", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete component", - "privilege": "DeleteComponent", + "description": "Grants permission to update component", + "privilege": "UpdateComponent", "resource_types": [ { "condition_keys": [], @@ -181560,12 +205462,14 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment", - "privilege": "DeleteEnvironment", + "description": "Grants permission to update an environment", + "privilege": "UpdateEnvironment", "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "environment*" }, { @@ -181579,8 +205483,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment account connection", - "privilege": "DeleteEnvironmentAccountConnection", + "description": "Grants permission to update an environment account connection", + "privilege": "UpdateEnvironmentAccountConnection", "resource_types": [ { "condition_keys": [], @@ -181591,8 +205495,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment template", - "privilege": "DeleteEnvironmentTemplate", + "description": "Grants permission to update an environment template", + "privilege": "UpdateEnvironmentTemplate", "resource_types": [ { "condition_keys": [], @@ -181603,8 +205507,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment template major version. DEPRECATED - use DeleteEnvironmentTemplateVersion instead", - "privilege": "DeleteEnvironmentTemplateMajorVersion", + "description": "Grants permission to update an environment template major version. DEPRECATED - use UpdateEnvironmentTemplateVersion instead", + "privilege": "UpdateEnvironmentTemplateMajorVersion", "resource_types": [ { "condition_keys": [], @@ -181615,8 +205519,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment template minor version. DEPRECATED - use DeleteEnvironmentTemplateVersion instead", - "privilege": "DeleteEnvironmentTemplateMinorVersion", + "description": "Grants permission to update an environment template minor version. DEPRECATED - use UpdateEnvironmentTemplateVersion instead", + "privilege": "UpdateEnvironmentTemplateMinorVersion", "resource_types": [ { "condition_keys": [], @@ -181627,8 +205531,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete an environment template version", - "privilege": "DeleteEnvironmentTemplateVersion", + "description": "Grants permission to update an environment template version", + "privilege": "UpdateEnvironmentTemplateVersion", "resource_types": [ { "condition_keys": [], @@ -181639,25 +205543,32 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a repository", - "privilege": "DeleteRepository", + "description": "Grants permission to update a service", + "privilege": "UpdateService", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a service", - "privilege": "DeleteService", + "description": "Grants permission to update a service instance", + "privilege": "UpdateServiceInstance", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "service-instance*" }, { "condition_keys": [ @@ -181670,44 +205581,51 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a service sync config", - "privilege": "DeleteServiceSyncConfig", + "description": "Grants permission to update a service pipeline", + "privilege": "UpdateServicePipeline", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "service*" + }, + { + "condition_keys": [ + "proton:ServiceTemplate" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a service template", - "privilege": "DeleteServiceTemplate", + "description": "Grants permission to update a service sync blocker", + "privilege": "UpdateServiceSyncBlocker", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a service template major version. DEPRECATED - use DeleteServiceTemplateVersion instead", - "privilege": "DeleteServiceTemplateMajorVersion", + "description": "Grants permission to update a service sync config", + "privilege": "UpdateServiceSyncConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to delete a service template minor version. DEPRECATED - use DeleteServiceTemplateVersion instead", - "privilege": "DeleteServiceTemplateMinorVersion", + "description": "Grants permission to update a service template", + "privilege": "UpdateServiceTemplate", "resource_types": [ { "condition_keys": [], @@ -181718,8 +205636,8 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a service template version", - "privilege": "DeleteServiceTemplateVersion", + "description": "Grants permission to update a service template major version. DEPRECATED - use UpdateServiceTemplateVersion instead", + "privilege": "UpdateServiceTemplateMajorVersion", "resource_types": [ { "condition_keys": [], @@ -181730,32 +205648,32 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a TemplateSyncConfig", - "privilege": "DeleteTemplateSyncConfig", + "description": "Grants permission to create a service template minor version. DEPRECATED - use UpdateServiceTemplateVersion instead", + "privilege": "UpdateServiceTemplateMinorVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to get account roles. DEPRECATED - use GetAccountSettings instead", - "privilege": "GetAccountRoles", + "access_level": "Write", + "description": "Grants permission to update a service template version", + "privilege": "UpdateServiceTemplateVersion", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "service-template*" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the account settings", - "privilege": "GetAccountSettings", + "access_level": "Write", + "description": "Grants permission to update a TemplateSyncConfig", + "privilege": "UpdateTemplateSyncConfig", "resource_types": [ { "condition_keys": [], @@ -181763,107 +205681,230 @@ "resource_type": "" } ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment-template" }, { - "access_level": "Read", - "description": "Grants permission to describe a component", - "privilege": "GetComponent", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "component*" - } - ] + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersion}.${MinorVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment-template-version" }, { - "access_level": "Read", - "description": "Grants permission to describe an environment", - "privilege": "GetEnvironment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment*" - } - ] + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment-template-major-version" }, { - "access_level": "Read", - "description": "Grants permission to describe an environment account connection", - "privilege": "GetEnvironmentAccountConnection", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-account-connection*" - } - ] + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersionId}.${MinorVersionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment-template-minor-version" }, { - "access_level": "Read", - "description": "Grants permission to describe an environment template", - "privilege": "GetEnvironmentTemplate", + "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-template" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersion}.${MinorVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-template-version" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-template-major-version" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersionId}.${MinorVersionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-template-minor-version" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${ServiceName}/service-instance/${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "service-instance" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-account-connection/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment-account-connection" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:repository/${Provider}:${Name}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "repository" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:component/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "component" + }, + { + "arn": "arn:${Partition}:proton:${Region}:${Account}:deployment/${Id}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "deployment" + } + ], + "service_name": "AWS Proton" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag's key and value in a request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the set of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys in a request", + "type": "ArrayOfString" + } + ], + "prefix": "purchase-orders", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add a new purchase order", + "privilege": "AddPurchaseOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get an environment template major version. DEPRECATED - use GetEnvironmentTemplateVersion instead", - "privilege": "GetEnvironmentTemplateMajorVersion", + "access_level": "Write", + "description": "Grants permission to delete a purchase order", + "privilege": "DeletePurchaseOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get an environment template minor version. DEPRECATED - use GetEnvironmentTemplateVersion instead", - "privilege": "GetEnvironmentTemplateMinorVersion", + "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", + "privilege": "GetConsoleActionSetEnforced", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe an environment template version", - "privilege": "GetEnvironmentTemplateVersion", + "description": "Grants permission to get a purchase order", + "privilege": "GetPurchaseOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a repository", - "privilege": "GetRepository", + "access_level": "List", + "description": "Grants permission to list purchase order invoices", + "privilege": "ListPurchaseOrderInvoices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository*" + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get the latest sync status for a repository", - "privilege": "GetRepositorySyncStatus", + "access_level": "List", + "description": "Grants permission to list all purchase orders for an account", + "privilege": "ListPurchaseOrders", "resource_types": [ { "condition_keys": [], @@ -181874,56 +205915,89 @@ }, { "access_level": "Read", - "description": "Grants permission to list resource template version status counts", - "privilege": "GetResourceTemplateVersionStatusCounts", + "description": "Grants permission to list tags for a purchase order", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "purchase-order" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to get resources summary", - "privilege": "GetResourcesSummary", + "access_level": "Write", + "description": "Grants permission to modify purchase orders and details", + "privilege": "ModifyPurchaseOrders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a service", - "privilege": "GetService", + "access_level": "Tagging", + "description": "Grants permission to tag purchase orders with given key value pairs", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a service instance", - "privilege": "GetServiceInstance", + "access_level": "Tagging", + "description": "Grants permission to remove tags from a purchase order", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance*" + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe the sync status of a service instance", - "privilege": "GetServiceInstanceSyncStatus", + "access_level": "Write", + "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", + "privilege": "UpdateConsoleActionSetEnforced", "resource_types": [ { "condition_keys": [], @@ -181933,81 +206007,118 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe service sync blockers on a service or service instance", - "privilege": "GetServiceSyncBlockerSummary", + "access_level": "Write", + "description": "Grants permission to update an existing purchase order", + "privilege": "UpdatePurchaseOrder", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Read", - "description": "Grants permission to describe a service sync config", - "privilege": "GetServiceSyncConfig", + "access_level": "Write", + "description": "Grants permission to set purchase order status", + "privilege": "UpdatePurchaseOrderStatus", "resource_types": [ { "condition_keys": [], "dependent_actions": [], + "resource_type": "purchase-order*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a service template", - "privilege": "GetServiceTemplate", + "description": "Grants permission to view purchase orders and details", + "privilege": "ViewPurchaseOrders", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "purchase-order" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] - }, + } + ], + "resources": [ + { + "arn": "arn:${Partition}:purchase-orders::${Account}:purchase-order/${ResourceName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "purchase-order" + } + ], + "service_name": "AWS Purchase Orders Console" + }, + { + "conditions": [], + "prefix": "q", + "privileges": [ { "access_level": "Read", - "description": "Grants permission to get a service template major version. DEPRECATED - use GetServiceTemplateVersion instead", - "privilege": "GetServiceTemplateMajorVersion", + "description": "Grants permission to get individual messages associated with a specific conversation with Amazon Q", + "privilege": "GetConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to get a service template minor version. DEPRECATED - use GetServiceTemplateVersion instead", - "privilege": "GetServiceTemplateMinorVersion", + "description": "Grants permission to Amazon Q to get the identity metadata", + "privilege": "GetIdentityMetadata", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a service template version", - "privilege": "GetServiceTemplateVersion", + "description": "Grants permission to get troubleshooting results with Amazon Q", + "privilege": "GetTroubleshootingResults", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "" } ] }, { "access_level": "Read", - "description": "Grants permission to describe a TemplateSyncConfig", - "privilege": "GetTemplateSyncConfig", + "description": "Grants permission to list individual conversations associated with a specific Amazon Q user", + "privilege": "ListConversations", "resource_types": [ { "condition_keys": [], @@ -182017,9 +206128,9 @@ ] }, { - "access_level": "Read", - "description": "Grants permission to describe the sync status of a template", - "privilege": "GetTemplateSyncStatus", + "access_level": "Write", + "description": "Grants permission to allow Amazon Q to perform actions on your behalf", + "privilege": "PassRequest", "resource_types": [ { "condition_keys": [], @@ -182029,55 +206140,45 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list component outputs", - "privilege": "ListComponentOutputs", + "access_level": "Write", + "description": "Grants permission to send a message to Amazon Q", + "privilege": "SendMessage", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list component provisioned resources", - "privilege": "ListComponentProvisionedResources", + "access_level": "Write", + "description": "Grants permission to start a conversation with Amazon Q", + "privilege": "StartConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list components", - "privilege": "ListComponents", + "access_level": "Write", + "description": "Grants permission to start a troubleshooting analysis with Amazon Q", + "privilege": "StartTroubleshootingAnalysis", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "service" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "service-instance" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list environment account connections", - "privilege": "ListEnvironmentAccountConnections", + "access_level": "Write", + "description": "Grants permission to start a troubleshooting resolution explanation with Amazon Q", + "privilege": "StartTroubleshootingResolutionExplanation", "resource_types": [ { "condition_keys": [], @@ -182087,151 +206188,175 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list environment outputs", - "privilege": "ListEnvironmentOutputs", + "access_level": "Write", + "description": "Grants permission to update a troubleshooting command result with Amazon Q", + "privilege": "UpdateTroubleshootingCommandResult", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] + } + ], + "resources": [], + "service_name": "Amazon Q" + }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" }, { - "access_level": "List", - "description": "Grants permission to list environment provisioned resources", - "privilege": "ListEnvironmentProvisionedResources", + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "qbusiness", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to add one or more users for licenses", + "privilege": "AddUserLicenses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list environment template major versions. DEPRECATED - use ListEnvironmentTemplateVersions instead", - "privilege": "ListEnvironmentTemplateMajorVersions", + "access_level": "Write", + "description": "Grants permission to batch delete document", + "privilege": "BatchDeleteDocument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list an environment template minor versions. DEPRECATED - use ListEnvironmentTemplateVersions instead", - "privilege": "ListEnvironmentTemplateMinorVersions", - "resource_types": [ + "resource_type": "application*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "index*" } ] }, { - "access_level": "List", - "description": "Grants permission to list environment template versions", - "privilege": "ListEnvironmentTemplateVersions", + "access_level": "Write", + "description": "Grants permission to batch put document", + "privilege": "BatchPutDocument", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list environment templates", - "privilege": "ListEnvironmentTemplates", - "resource_types": [ + "resource_type": "application*" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "List", - "description": "Grants permission to list environments", - "privilege": "ListEnvironments", + "access_level": "Read", + "description": "Grants permission to chat using an application", + "privilege": "Chat", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list repositories", - "privilege": "ListRepositories", + "access_level": "Read", + "description": "Grants permission to chat synchronously using an application", + "privilege": "ChatSync", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list repository sync definitions", - "privilege": "ListRepositorySyncDefinitions", + "access_level": "Write", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service instance outputs", - "privilege": "ListServiceInstanceOutputs", + "access_level": "Write", + "description": "Grants permission to create a data source for a given application and index", + "privilege": "CreateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance*" + "resource_type": "index*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service instance provisioned resources", - "privilege": "ListServiceInstanceProvisionedResources", + "access_level": "Write", + "description": "Grants permission to create an index for a given application", + "privilege": "CreateIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "application*" }, { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [], - "resource_type": "service-instance*" + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service instances", - "privilege": "ListServiceInstances", + "access_level": "Write", + "description": "Grants permission to create a license", + "privilege": "CreateLicense", "resource_types": [ { "condition_keys": [], @@ -182241,546 +206366,573 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list service pipeline outputs", - "privilege": "ListServicePipelineOutputs", + "access_level": "Write", + "description": "Grants permission to create a plugin for a given application", + "privilege": "CreatePlugin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service pipeline provisioned resources", - "privilege": "ListServicePipelineProvisionedResources", + "access_level": "Write", + "description": "Grants permission to create a retriever for a given application", + "privilege": "CreateRetriever", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service template major versions. DEPRECATED - use ListServiceTemplateVersions instead", - "privilege": "ListServiceTemplateMajorVersions", + "access_level": "Write", + "description": "Grants permission to create a user", + "privilege": "CreateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list service template minor versions. DEPRECATED - use ListServiceTemplateVersions instead", - "privilege": "ListServiceTemplateMinorVersions", + "access_level": "Write", + "description": "Grants permission to create a web experience for a given application", + "privilege": "CreateWebExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "application*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { - "access_level": "List", - "description": "Grants permission to list service template versions", - "privilege": "ListServiceTemplateVersions", + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list service templates", - "privilege": "ListServiceTemplates", + "access_level": "Write", + "description": "Grants permission to delete chat controls configuration for an application", + "privilege": "DeleteChatControlsConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "List", - "description": "Grants permission to list services", - "privilege": "ListServices", + "access_level": "Write", + "description": "Grants permission to delete a conversation", + "privilege": "DeleteConversation", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags of a resource", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to delete a DataSource", + "privilege": "DeleteDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-account-connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template-major-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template-minor-version" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template-version" + "resource_type": "data-source*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a group", + "privilege": "DeleteGroup", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an index", + "privilege": "DeleteIndex", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-major-version" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a plugin", + "privilege": "DeletePlugin", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-minor-version" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-version" + "resource_type": "plugin*" } ] }, { "access_level": "Write", - "description": "Grants permission to notify Proton of resource deployment status changes", - "privilege": "NotifyResourceDeploymentStatusChange", + "description": "Grants permission to delete a retriever", + "privilege": "DeleteRetriever", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance" + "resource_type": "retriever*" } ] }, { "access_level": "Write", - "description": "Grants permission to reject an environment account connection request from another environment account", - "privilege": "RejectEnvironmentAccountConnection", + "description": "Grants permission to delete a user", + "privilege": "DeleteUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-account-connection*" + "resource_type": "application*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to add tags to a resource", - "privilege": "TagResource", + "access_level": "Write", + "description": "Grants permission to delete a web-experience", + "privilege": "DeleteWebExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-account-connection" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template-major-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template-minor-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-template-version" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "repository" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service" - }, + "resource_type": "web-experience*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an application", + "privilege": "GetApplication", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to get chat controls configuration for an application", + "privilege": "GetChatControlsConfiguration", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a data source", + "privilege": "GetDataSource", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-major-version" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-minor-version" + "resource_type": "data-source*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-version" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a resource", - "privilege": "UntagResource", + "access_level": "Read", + "description": "Grants permission to get a group", + "privilege": "GetGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "environment-account-connection" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an index", + "privilege": "GetIndex", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template-major-version" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template-minor-version" - }, + "resource_type": "index*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a license", + "privilege": "GetLicense", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template-version" - }, + "resource_type": "user-license*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a plugin", + "privilege": "GetPlugin", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "repository" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service" - }, + "resource_type": "plugin*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a retriever", + "privilege": "GetRetriever", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template" - }, + "resource_type": "retriever*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a user", + "privilege": "GetUser", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-major-version" - }, + "resource_type": "application*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a web-experience", + "privilege": "GetWebExperience", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-minor-version" + "resource_type": "application*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template-version" - }, - { - "condition_keys": [ - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "web-experience*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update account roles. DEPRECATED - use UpdateAccountSettings instead", - "privilege": "UpdateAccountRoles", + "access_level": "List", + "description": "Grants permission to list the applications", + "privilege": "ListApplications", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], + "dependent_actions": [], "resource_type": "" } ] }, { - "access_level": "Write", - "description": "Grants permission to update the account settings", - "privilege": "UpdateAccountSettings", + "access_level": "List", + "description": "Grants permission to list all conversations for an application", + "privilege": "ListConversations", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" + "dependent_actions": [], + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update component", - "privilege": "UpdateComponent", + "access_level": "List", + "description": "Grants permission to get Data Source sync job history", + "privilege": "ListDataSourceSyncJobs", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "component*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-source*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an environment", - "privilege": "UpdateEnvironment", + "access_level": "List", + "description": "Grants permission to list the data sources of an application and an index", + "privilege": "ListDataSources", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "environment*" + "dependent_actions": [], + "resource_type": "application*" }, { - "condition_keys": [ - "proton:EnvironmentTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an environment account connection", - "privilege": "UpdateEnvironmentAccountConnection", + "access_level": "List", + "description": "Grants permission to list all documents", + "privilege": "ListDocuments", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-account-connection*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an environment template", - "privilege": "UpdateEnvironmentTemplate", + "access_level": "List", + "description": "Grants permission to list groups", + "privilege": "ListGroups", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an environment template major version. DEPRECATED - use UpdateEnvironmentTemplateVersion instead", - "privilege": "UpdateEnvironmentTemplateMajorVersion", + "access_level": "List", + "description": "Grants permission to list the indices of an application", + "privilege": "ListIndices", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an environment template minor version. DEPRECATED - use UpdateEnvironmentTemplateVersion instead", - "privilege": "UpdateEnvironmentTemplateMinorVersion", + "access_level": "List", + "description": "Grants permission to list all messages", + "privilege": "ListMessages", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update an environment template version", - "privilege": "UpdateEnvironmentTemplateVersion", + "access_level": "List", + "description": "Grants permission to list the plugins of an application", + "privilege": "ListPlugins", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "environment-template*" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a service", - "privilege": "UpdateService", + "access_level": "List", + "description": "Grants permission to list the retrievers of an application", + "privilege": "ListRetrievers", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" - }, - { - "condition_keys": [ - "proton:ServiceTemplate" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a service instance", - "privilege": "UpdateServiceInstance", + "access_level": "Read", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-instance*" + "resource_type": "application" }, { - "condition_keys": [ - "proton:ServiceTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update a service pipeline", - "privilege": "UpdateServicePipeline", - "resource_types": [ + "resource_type": "data-source" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "service*" + "resource_type": "index" }, { - "condition_keys": [ - "proton:ServiceTemplate" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "plugin" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "retriever" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "web-experience" } ] }, { - "access_level": "Write", - "description": "Grants permission to update a service sync blocker", - "privilege": "UpdateServiceSyncBlocker", + "access_level": "List", + "description": "Grants permission to list licenses", + "privilege": "ListUserLicenses", "resource_types": [ { "condition_keys": [], @@ -182790,209 +206942,136 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to update a service sync config", - "privilege": "UpdateServiceSyncConfig", + "access_level": "List", + "description": "Grants permission to list the web experiences of an application", + "privilege": "ListWebExperiences", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a service template", - "privilege": "UpdateServiceTemplate", + "description": "Grants permission to put feedback about a conversation message", + "privilege": "PutFeedback", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a service template major version. DEPRECATED - use UpdateServiceTemplateVersion instead", - "privilege": "UpdateServiceTemplateMajorVersion", + "description": "Grants permission to put a group of users", + "privilege": "PutGroup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to create a service template minor version. DEPRECATED - use UpdateServiceTemplateVersion instead", - "privilege": "UpdateServiceTemplateMinorVersion", + "description": "Grants permission to remove licenses for one or more users", + "privilege": "RemoveUserLicenses", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update a service template version", - "privilege": "UpdateServiceTemplateVersion", + "description": "Grants permission to start Data Source sync job", + "privilege": "StartDataSourceSyncJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "service-template*" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-source*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to update a TemplateSyncConfig", - "privilege": "UpdateTemplateSyncConfig", + "description": "Grants permission to stop Data Source sync job", + "privilege": "StopDataSourceSyncJob", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-source*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index*" } ] - } - ], - "resources": [ - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment-template" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersion}.${MinorVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment-template-version" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment-template-major-version" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-template/${TemplateName}:${MajorVersionId}.${MinorVersionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment-template-minor-version" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service-template" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersion}.${MinorVersion}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service-template-version" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service-template-major-version" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service-template/${TemplateName}:${MajorVersionId}.${MinorVersionId}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service-template-minor-version" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:service/${ServiceName}/service-instance/${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "service-instance" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:environment-account-connection/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "environment-account-connection" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:repository/${Provider}:${Name}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "repository" - }, - { - "arn": "arn:${Partition}:proton:${Region}:${Account}:component/${Id}", - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "resource": "component" - } - ], - "service_name": "AWS Proton" - }, - { - "conditions": [ - { - "condition": "aws:RequestTag/${TagKey}", - "description": "Filters access by a tag's key and value in a request", - "type": "String" - }, - { - "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access by the set of tag key-value pairs attached to the resource", - "type": "String" }, { - "condition": "aws:TagKeys", - "description": "Filters access by the tag keys in a request", - "type": "ArrayOfString" - } - ], - "prefix": "purchase-orders", - "privileges": [ - { - "access_level": "Write", - "description": "Grants permission to add a new purchase order", - "privilege": "AddPurchaseOrder", + "access_level": "Tagging", + "description": "Grants permission to tag a resource with given key value pairs", + "privilege": "TagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "application" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-source" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "index" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plugin" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "retriever" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "web-experience" }, { "condition_keys": [ @@ -183005,68 +207084,43 @@ ] }, { - "access_level": "Write", - "description": "Grants permission to delete a purchase order", - "privilege": "DeletePurchaseOrder", + "access_level": "Tagging", + "description": "Grants permission to remove the tag with the given key from a resource", + "privilege": "UntagResource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "application" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to view whether existing or fine-grained IAM actions are being used to control authorization to Billing, Cost Management, and Account consoles", - "privilege": "GetConsoleActionSetEnforced", - "resource_types": [ + "resource_type": "data-source" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get a purchase order", - "privilege": "GetPurchaseOrder", - "resource_types": [ + "resource_type": "index" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "plugin" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to list purchase order invoices", - "privilege": "ListPurchaseOrderInvoices", - "resource_types": [ + "resource_type": "retriever" + }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "web-experience" }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -183074,178 +207128,182 @@ ] }, { - "access_level": "List", - "description": "Grants permission to list all purchase orders for an account", - "privilege": "ListPurchaseOrders", + "access_level": "Write", + "description": "Grants permission to update an Application", + "privilege": "UpdateApplication", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to list tags for a purchase order", - "privilege": "ListTagsForResource", + "access_level": "Write", + "description": "Grants permission to update chat controls configuration for an application", + "privilege": "UpdateChatControlsConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { "access_level": "Write", - "description": "Grants permission to modify purchase orders and details", - "privilege": "ModifyPurchaseOrders", + "description": "Grants permission to update a DataSource", + "privilege": "UpdateDataSource", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "application*" }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}", - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Tagging", - "description": "Grants permission to tag purchase orders with given key value pairs", - "privilege": "TagResource", - "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "data-source*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { - "access_level": "Tagging", - "description": "Grants permission to remove tags from a purchase order", - "privilege": "UntagResource", + "access_level": "Write", + "description": "Grants permission to update an index", + "privilege": "UpdateIndex", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "application*" }, { - "condition_keys": [ - "aws:TagKeys", - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "index*" } ] }, { "access_level": "Write", - "description": "Grants permission to change whether existing or fine-grained IAM actions will be used to control authorization to Billing, Cost Management, and Account consoles", - "privilege": "UpdateConsoleActionSetEnforced", + "description": "Grants permission to update a plugin", + "privilege": "UpdatePlugin", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "plugin*" } ] }, { "access_level": "Write", - "description": "Grants permission to update an existing purchase order", - "privilege": "UpdatePurchaseOrder", + "description": "Grants permission to update a Retriever", + "privilege": "UpdateRetriever", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" + "resource_type": "application*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "retriever*" } ] }, { "access_level": "Write", - "description": "Grants permission to set purchase order status", - "privilege": "UpdatePurchaseOrderStatus", + "description": "Grants permission to update a user", + "privilege": "UpdateUser", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order*" - }, - { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" + "resource_type": "application*" } ] }, { - "access_level": "Read", - "description": "Grants permission to view purchase orders and details", - "privilege": "ViewPurchaseOrders", + "access_level": "Write", + "description": "Grants permission to update a WebExperience", + "privilege": "UpdateWebExperience", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "purchase-order" + "resource_type": "application*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "web-experience*" } ] } ], "resources": [ { - "arn": "arn:${Partition}:purchase-orders::${Account}:purchase-order/${ResourceName}", + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], - "resource": "purchase-order" + "resource": "application" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/retriever/${RetrieverId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "retriever" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/index/${IndexId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "index" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/index/${IndexId}/data-source/${DataSourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "data-source" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/plugin/${PluginId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "plugin" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/web-experience/${WebExperienceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "web-experience" + }, + { + "arn": "arn:${Partition}:qbusiness:${Region}:${Account}:application/${ApplicationId}/user-license/${UserLicenseId}", + "condition_keys": [], + "resource": "user-license" } ], - "service_name": "AWS Purchase Orders Console" + "service_name": "Amazon Q Business" }, { "conditions": [ @@ -183864,7 +207922,7 @@ { "condition": "quicksight:IamArn", "description": "Filters access by IAM user or role ARN", - "type": "String" + "type": "ARN" }, { "condition": "quicksight:SessionName", @@ -183932,7 +207990,10 @@ "privilege": "CreateAccountSubscription", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "quicksight:Edition", + "quicksight:DirectoryType" + ], "dependent_actions": [], "resource_type": "" } @@ -184105,8 +208166,430 @@ }, { "access_level": "Write", - "description": "Grants permission to create a QuickSight group", - "privilege": "CreateGroup", + "description": "Grants permission to create a QuickSight group", + "privilege": "CreateGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a QuickSight user to a QuickSight group", + "privilege": "CreateGroupMembership", + "resource_types": [ + { + "condition_keys": [ + "quicksight:UserName" + ], + "dependent_actions": [], + "resource_type": "group*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an assignment with one specified IAM Policy ARN that will be assigned to specified groups or users of QuickSight", + "privilege": "CreateIAMPolicyAssignment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "assignment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start a SPICE ingestion on a dataset", + "privilege": "CreateIngestion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ingestion*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an QuickSight namespace", + "privilege": "CreateNamespace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "ds:CreateIdentityPoolDirectory" + ], + "resource_type": "namespace*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision Amazon QuickSight readers", + "privilege": "CreateReader", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a refresh schedule for a dataset", + "privilege": "CreateRefreshSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "refreshschedule*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add a group member to a role", + "privilege": "CreateRoleMembership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a template", + "privilege": "CreateTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a template alias", + "privilege": "CreateTemplateAlias", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "template*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a theme", + "privilege": "CreateTheme", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "theme*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an alias for a theme version", + "privilege": "CreateThemeAlias", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "theme*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a topic", + "privilege": "CreateTopic", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "quicksight:PassDataSet" + ], + "resource_type": "dataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a refresh schedule for a topic", + "privilege": "CreateTopicRefreshSchedule", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "topic*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to provision Amazon QuickSight authors and readers", + "privilege": "CreateUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a vpc connection", + "privilege": "CreateVPCConnection", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an account customization for QuickSight account or namespace", + "privilege": "DeleteAccountCustomization", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "customization*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a QuickSight account", + "privilege": "DeleteAccountSubscription", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "account*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an analysis", + "privilege": "DeleteAnalysis", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "analysis*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete a custom permissions resource", + "privilege": "DeleteCustomPermissions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a QuickSight Dashboard", + "privilege": "DeleteDashboard", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a dataset", + "privilege": "DeleteDataSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete dataset refresh properties for a dataset", + "privilege": "DeleteDataSetRefreshProperties", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a data source", + "privilege": "DeleteDataSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "datasource*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a QuickSight email customization template", + "privilege": "DeleteEmailCustomizationTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "emailCustomizationTemplate*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a QuickSight Folder", + "privilege": "DeleteFolder", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "folder*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a QuickSight Dashboard, Analysis or Dataset from a QuickSight Folder", + "privilege": "DeleteFolderMembership", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "folder*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "analysis" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dataset" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a user group from QuickSight", + "privilege": "DeleteGroup", "resource_types": [ { "condition_keys": [], @@ -184117,8 +208600,8 @@ }, { "access_level": "Write", - "description": "Grants permission to add a QuickSight user to a QuickSight group", - "privilege": "CreateGroupMembership", + "description": "Grants permission to remove a user from a group so that he/she is no longer a member of the group", + "privilege": "DeleteGroupMembership", "resource_types": [ { "condition_keys": [ @@ -184126,21 +208609,13 @@ ], "dependent_actions": [], "resource_type": "group*" - }, - { - "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" - ], - "dependent_actions": [], - "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an assignment with one specified IAM Policy ARN that will be assigned to specified groups or users of QuickSight", - "privilege": "CreateIAMPolicyAssignment", + "description": "Grants permission to update an existing assignment", + "privilege": "DeleteIAMPolicyAssignment", "resource_types": [ { "condition_keys": [], @@ -184151,33 +208626,25 @@ }, { "access_level": "Write", - "description": "Grants permission to start a SPICE ingestion on a dataset", - "privilege": "CreateIngestion", + "description": "Grants permission to remove AWS services for trusted identity propagation in QuickSight", + "privilege": "DeleteIdentityPropagationConfig", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "ingestion*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create an QuickSight namespace", - "privilege": "CreateNamespace", + "description": "Grants permission to delete a QuickSight namespace", + "privilege": "DeleteNamespace", "resource_types": [ { "condition_keys": [], "dependent_actions": [ - "ds:CreateIdentityPoolDirectory" + "ds:DeleteDirectory" ], "resource_type": "namespace*" } @@ -184185,20 +208652,8 @@ }, { "access_level": "Write", - "description": "Grants permission to provision Amazon QuickSight readers", - "privilege": "CreateReader", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a refresh schedule for a dataset", - "privilege": "CreateRefreshSchedule", + "description": "Grants permission to delete a refresh schedule for a dataset", + "privilege": "DeleteRefreshSchedule", "resource_types": [ { "condition_keys": [], @@ -184209,374 +208664,28 @@ }, { "access_level": "Write", - "description": "Grants permission to create a template", - "privilege": "CreateTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a template alias", - "privilege": "CreateTemplateAlias", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "template*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a theme", - "privilege": "CreateTheme", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "theme*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create an alias for a theme version", - "privilege": "CreateThemeAlias", + "description": "Grants permission to remove the custom permission associated with a role", + "privilege": "DeleteRoleCustomPermission", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "theme*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to create a topic", - "privilege": "CreateTopic", + "description": "Grants permission to remove a group member from a role", + "privilege": "DeleteRoleMembership", "resource_types": [ { "condition_keys": [], - "dependent_actions": [ - "quicksight:PassDataSet" - ], - "resource_type": "dataset*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a refresh schedule for a topic", - "privilege": "CreateTopicRefreshSchedule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "topic*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to provision Amazon QuickSight authors and readers", - "privilege": "CreateUser", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "user*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to create a vpc connection", - "privilege": "CreateVPCConnection", - "resource_types": [ - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [ - "iam:PassRole" - ], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an account customization for QuickSight account or namespace", - "privilege": "DeleteAccountCustomization", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "customization*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a QuickSight account", - "privilege": "DeleteAccountSubscription", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "account*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete an analysis", - "privilege": "DeleteAnalysis", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "analysis*" - } - ] - }, - { - "access_level": "Permissions management", - "description": "Grants permission to delete a custom permissions resource", - "privilege": "DeleteCustomPermissions", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a QuickSight Dashboard", - "privilege": "DeleteDashboard", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dashboard*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a dataset", - "privilege": "DeleteDataSet", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], - "dependent_actions": [], - "resource_type": "" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete dataset refresh properties for a dataset", - "privilege": "DeleteDataSetRefreshProperties", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a data source", - "privilege": "DeleteDataSource", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "datasource*" - }, - { - "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:TagKeys" - ], "dependent_actions": [], "resource_type": "" } ] }, - { - "access_level": "Write", - "description": "Grants permission to delete a QuickSight email customization template", - "privilege": "DeleteEmailCustomizationTemplate", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "emailCustomizationTemplate*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a QuickSight Folder", - "privilege": "DeleteFolder", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "folder*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove a QuickSight Dashboard, Analysis or Dataset from a QuickSight Folder", - "privilege": "DeleteFolderMembership", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "folder*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "analysis" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dashboard" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "dataset" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove a user group from QuickSight", - "privilege": "DeleteGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to remove a user from a group so that he/she is no longer a member of the group", - "privilege": "DeleteGroupMembership", - "resource_types": [ - { - "condition_keys": [ - "quicksight:UserName" - ], - "dependent_actions": [], - "resource_type": "group*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to update an existing assignment", - "privilege": "DeleteIAMPolicyAssignment", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "assignment*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a QuickSight namespace", - "privilege": "DeleteNamespace", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [ - "ds:DeleteDirectory" - ], - "resource_type": "namespace*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to delete a refresh schedule for a dataset", - "privilege": "DeleteRefreshSchedule", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "refreshschedule*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to delete a template", @@ -184821,6 +208930,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a dashboard snapshot job", + "privilege": "DescribeDashboardSnapshotJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboardSnapshotJob*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe result of a dashboard snapshot job", + "privilege": "DescribeDashboardSnapshotJobResult", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboardSnapshotJob*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a dataset", @@ -185055,6 +209188,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the custom permission associated with a role", + "privilege": "DescribeRoleCustomPermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a template", @@ -185246,6 +209391,11 @@ "dependent_actions": [], "resource_type": "dashboard" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "theme" + }, { "condition_keys": [], "dependent_actions": [], @@ -185527,6 +209677,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list AWS services enabled for trusted identity propagation in QuickSight", + "privilege": "ListIdentityPropagationConfigs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all SPICE ingestions on a dataset", @@ -185578,6 +209740,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the members of a role", + "privilege": "ListRoleMemberships", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list tags of a QuickSight resource", @@ -185952,6 +210126,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to search the QuickSight users belonging to this account", + "privilege": "SearchUsers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "user*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to use Amazon QuickSight, in Enterprise edition, to display your Microsoft Active Directory directory groups so that you can choose which ones to map to roles in Amazon QuickSight", @@ -185988,6 +210174,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a dashboard snapshot job", + "privilege": "StartDashboardSnapshotJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboardSnapshotJob*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to subscribe to Amazon QuickSight, and also to allow the user to upgrade the subscription to Enterprise edition", @@ -186226,6 +210424,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a QuickSight Dashboard\u2019s links", + "privilege": "UpdateDashboardLinks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "dashboard*" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to update permissions for a QuickSight Dashboard", @@ -186399,6 +210609,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to add and update AWS services for trusted identity propagation in QuickSight", + "privilege": "UpdateIdentityPropagationConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the IP restrictions for QuickSight account", @@ -186447,6 +210669,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the custom permission associated with a role", + "privilege": "UpdateRoleCustomPermission", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update QuickSight SPICE capacity configuration", + "privilege": "UpdateSPICECapacityConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a template", @@ -186735,6 +210981,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "topic" + }, + { + "arn": "arn:${Partition}:quicksight:${Region}:${Account}:dashboard/${DashboardId}/snapshot-job/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "dashboardSnapshotJob" } ], "service_name": "Amazon QuickSight" @@ -186821,7 +211074,8 @@ }, { "condition_keys": [ - "ram:ShareOwnerAccountId" + "ram:ShareOwnerAccountId", + "ram:ResourceShareName" ], "dependent_actions": [], "resource_type": "" @@ -187144,6 +211398,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "resource-share-invitation*" + }, + { + "condition_keys": [ + "ram:ResourceShareName" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -187309,7 +211570,8 @@ }, { "condition_keys": [ - "ram:ShareOwnerAccountId" + "ram:ShareOwnerAccountId", + "ram:ResourceShareName" ], "dependent_actions": [], "resource_type": "" @@ -187403,7 +211665,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -187769,6 +212030,11 @@ "description": "Filters access by the value that specifies whether the DB instance runs in multiple Availability Zones. To indicate that the DB instance is using Multi-AZ, specify true", "type": "Bool" }, + { + "condition": "rds:MultiTenant", + "description": "Filters access by the value that specifies whether the DB instance is in the multi-tenant configuration", + "type": "String" + }, { "condition": "rds:Piops", "description": "Filters access by the value that contains the number of Provisioned IOPS (PIOPS) that the instance supports. To indicate a DB instance that does not have PIOPS enabled, specify 0", @@ -187784,6 +212050,11 @@ "description": "Filters access by the storage volume size (in GB)", "type": "Numeric" }, + { + "condition": "rds:TenantDatabaseName", + "description": "Filters access by the tenant database name in CreateTenantDatabase and by the new tenant database name in ModifyTenantDatabase", + "type": "String" + }, { "condition": "rds:Vpc", "description": "Filters access by the value that specifies whether the DB instance runs in an Amazon Virtual Private Cloud (Amazon VPC). To indicate that the DB instance runs in an Amazon VPC, specify true", @@ -187937,6 +212208,11 @@ "dependent_actions": [], "resource_type": "es" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration" + }, { "condition_keys": [], "dependent_actions": [], @@ -187972,6 +212248,11 @@ "dependent_actions": [], "resource_type": "snapshot" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot-tenant-database" + }, { "condition_keys": [], "dependent_actions": [], @@ -187982,6 +212263,11 @@ "dependent_actions": [], "resource_type": "target-group" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -188243,7 +212529,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new Amazon Aurora DB cluster", + "description": "Grants permission to create a new DB cluster", "privilege": "CreateDBCluster", "resource_types": [ { @@ -188306,7 +212592,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster", + "description": "Grants permission to create a new custom endpoint and associates it with an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "privilege": "CreateDBClusterEndpoint", "resource_types": [ { @@ -188397,6 +212683,7 @@ "kms:DescribeKey", "kms:GenerateDataKey", "rds:AddTagsToResource", + "rds:CreateTenantDatabase", "secretsmanager:CreateSecret", "secretsmanager:TagResource" ], @@ -188433,7 +212720,8 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys", "rds:req-tag/${TagKey}", - "rds:ManageMasterUserPassword" + "rds:ManageMasterUserPassword", + "rds:MultiTenant" ], "dependent_actions": [], "resource_type": "" @@ -188451,6 +212739,11 @@ "iam:PassRole", "rds:AddTagsToResource" ], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "db*" }, { @@ -188458,6 +212751,11 @@ "dependent_actions": [], "resource_type": "og*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "pg*" + }, { "condition_keys": [], "dependent_actions": [], @@ -188562,6 +212860,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new Aurora Limitless Database DB shard group", + "privilege": "CreateDBShardGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "shardgrp*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a DBSnapshot", @@ -188579,6 +212894,11 @@ "dependent_actions": [], "resource_type": "snapshot*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot-tenant-database*" + }, { "condition_keys": [ "rds:BackupTarget", @@ -188639,7 +212959,7 @@ }, { "access_level": "Write", - "description": "Grants permission to create an Aurora global database spread across multiple regions", + "description": "Grants permission to create an Aurora global database or DocumentDB global database spread across multiple regions", "privilege": "CreateGlobalCluster", "resource_types": [ { @@ -188654,6 +212974,36 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an Aurora zero-ETL integration with Redshift", + "privilege": "CreateIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "kms:CreateGrant", + "kms:DescribeKey", + "rds:AddTagsToResource" + ], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "rds:req-tag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new option group", @@ -188677,6 +213027,34 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new tenant database", + "privilege": "CreateTenantDatabase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "rds:AddTagsToResource" + ], + "resource_type": "db*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "rds:TenantDatabaseName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to access a resource in the remote Region when executing cross-Region operations, such as cross-Region snapshot copy or cross-Region read replica creation", @@ -188705,10 +213083,7 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "rds:req-tag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -188748,7 +213123,19 @@ }, { "access_level": "Write", - "description": "Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster", + "description": "Grants permission to delete cluster automated backups based on the source cluster's DbClusterResourceId value or the restorable cluster's resource ID", + "privilege": "DeleteDBClusterAutomatedBackup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-auto-backup*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a custom endpoint and removes it from an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "privilege": "DeleteDBClusterEndpoint", "resource_types": [ { @@ -188789,20 +213176,22 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "rds:DeleteTenantDatabase" + ], "resource_type": "db*" } ] }, { "access_level": "Write", - "description": "Grants permission to deletes automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID", + "description": "Grants permission to delete automated backups based on the source instance's DbiResourceId value or the restorable instance's resource ID", "privilege": "DeleteDBInstanceAutomatedBackup", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "auto-backup*" } ] }, @@ -188854,6 +213243,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an Aurora Limitless Database DB shard group", + "privilege": "DeleteDBShardGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "shardgrp*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a DBSnapshot", @@ -188902,6 +213303,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an Aurora zero-ETL integration with Redshift", + "privilege": "DeleteIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing option group", @@ -188914,6 +213327,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a tenant database", + "privilege": "DeleteTenantDatabase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remove targets from a database proxy target group", @@ -188977,6 +213407,23 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return a list of cluster automated backups for both current and deleted clusters", + "privilege": "DescribeDBClusterAutomatedBackups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-auto-backup*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + } + ] + }, { "access_level": "List", "description": "Grants permission to return information about backtracks for a DB cluster", @@ -189056,7 +213503,7 @@ }, { "access_level": "List", - "description": "Grants permission to return information about provisioned Aurora DB clusters", + "description": "Grants permission to return information about provisioned Aurora DB clusters or DocumentDB clusters", "privilege": "DescribeDBClusters", "resource_types": [ { @@ -189083,6 +213530,11 @@ "description": "Grants permission to return a list of automated backups for both current and deleted instances", "privilege": "DescribeDBInstanceAutomatedBackups", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "auto-backup" + }, { "condition_keys": [], "dependent_actions": [], @@ -189187,22 +213639,24 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "cluster*" - }, - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "db*" + "resource_type": "proxy*" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "proxy*" - }, + "resource_type": "target-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list recommendation details", + "privilege": "DescribeDBRecommendations", + "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "target-group*" + "resource_type": "" } ] }, @@ -189218,6 +213672,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return information about all Aurora Limitless Database DB shard groups for this account. You can filter by shard group(s)", + "privilege": "DescribeDBShardGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "shardgrp*" + } + ] + }, { "access_level": "List", "description": "Grants permission to return a list of DB snapshot attribute names and values for a manual DB snapshot", @@ -189259,6 +213725,28 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return information about tenant databases in DB snapshots. You can filter by Region or snapshot", + "privilege": "DescribeDbSnapshotTenantDatabases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot-tenant-database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + } + ] + }, { "access_level": "List", "description": "Grants permission to return the default engine and system parameter information for the cluster database engine", @@ -189333,7 +213821,7 @@ }, { "access_level": "List", - "description": "Grants permission to return information about Aurora global database clusters", + "description": "Grants permission to return information about Aurora global database clusters or DocumentDB global database clusters", "privilege": "DescribeGlobalClusters", "resource_types": [ { @@ -189343,6 +213831,25 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe an Aurora zero-ETL integration with Redshift", + "privilege": "DescribeIntegrations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe all available options", @@ -189456,6 +213963,23 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to return information about provisioned tenant databases. You can filter by Region or snapshot", + "privilege": "DescribeTenantDatabases", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db" + } + ] + }, { "access_level": "List", "description": "Grants permission to list available modifications you can make to your DB instance", @@ -189468,6 +213992,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disable http endpoint for a DB cluster", + "privilege": "DisableHttpEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to download specified log file", @@ -189492,6 +214028,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to enable http endpoint for a DB cluster", + "privilege": "EnableHttpEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to force a failover for a DB cluster", @@ -189561,6 +214109,11 @@ "dependent_actions": [], "resource_type": "es" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration" + }, { "condition_keys": [], "dependent_actions": [], @@ -189596,6 +214149,11 @@ "dependent_actions": [], "resource_type": "snapshot" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot-tenant-database" + }, { "condition_keys": [], "dependent_actions": [], @@ -189605,6 +214163,11 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "target-group" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database" } ] }, @@ -189634,7 +214197,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify current cluster capacity for an Amazon Aurora Severless DB cluster", + "description": "Grants permission to modify current cluster capacity for an Amazon Aurora Serverless DB cluster", "privilege": "ModifyCurrentDBClusterCapacity", "resource_types": [ { @@ -189658,7 +214221,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a setting for an Amazon Aurora DB cluster", + "description": "Grants permission to modify a setting for an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "privilege": "ModifyDBCluster", "resource_types": [ { @@ -189700,7 +214263,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify the properties of an endpoint in an Amazon Aurora DB cluster", + "description": "Grants permission to modify the properties of an endpoint in an Amazon Aurora DB cluster or Amazon DocumentDB cluster", "privilege": "ModifyDBClusterEndpoint", "resource_types": [ { @@ -189747,6 +214310,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey", + "rds:AddTagsToResource", + "rds:CreateTenantDatabase", "secretsmanager:CreateSecret", "secretsmanager:RotateSecret", "secretsmanager:TagResource" @@ -189770,7 +214335,8 @@ }, { "condition_keys": [ - "rds:ManageMasterUserPassword" + "rds:ManageMasterUserPassword", + "rds:MultiTenant" ], "dependent_actions": [], "resource_type": "" @@ -189827,6 +214393,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify recommendation", + "privilege": "ModifyDBRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify properties of an Aurora Limitless Database DB shard group", + "privilege": "ModifyDBShardGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "shardgrp*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a manual DB snapshot, which can be encrypted or not encrypted, with a new engine version", @@ -189882,7 +214472,7 @@ }, { "access_level": "Write", - "description": "Grants permission to modify a setting for an Amazon Aurora global cluster", + "description": "Grants permission to modify a setting for an Amazon Aurora global cluster or Amazon DocumentDB global cluster", "privilege": "ModifyGlobalCluster", "resource_types": [ { @@ -189892,6 +214482,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify an Aurora zero-ETL integration with Redshift", + "privilege": "ModifyIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify an existing option group", @@ -189918,6 +214520,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify a tenant database", + "privilege": "ModifyTenantDatabase", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database*" + }, + { + "condition_keys": [ + "rds:TenantDatabaseName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to promote a Read Replica DB instance to a standalone DB instance", @@ -189988,6 +214614,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reboot an Aurora Limitless Database DB shard group", + "privilege": "RebootDBShardGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "shardgrp*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add targets to a database proxy target group", @@ -190002,7 +214640,7 @@ }, { "access_level": "Write", - "description": "Grants permission to detach an Aurora secondary cluster from an Aurora global database cluster", + "description": "Grants permission to detach an Aurora secondary cluster from an Aurora global database cluster or DocumentDB global cluster", "privilege": "RemoveFromGlobalCluster", "resource_types": [ { @@ -190102,6 +214740,11 @@ "dependent_actions": [], "resource_type": "es" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "integration" + }, { "condition_keys": [], "dependent_actions": [], @@ -190137,6 +214780,11 @@ "dependent_actions": [], "resource_type": "snapshot" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot-tenant-database" + }, { "condition_keys": [], "dependent_actions": [], @@ -190147,6 +214795,11 @@ "dependent_actions": [], "resource_type": "target-group" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tenant-database" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -190308,6 +214961,11 @@ "dependent_actions": [], "resource_type": "subgrp*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster-auto-backup" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -190331,7 +214989,8 @@ "condition_keys": [], "dependent_actions": [ "iam:PassRole", - "rds:AddTagsToResource" + "rds:AddTagsToResource", + "rds:CreateTenantDatabase" ], "resource_type": "db*" }, @@ -190422,7 +215081,8 @@ "condition_keys": [], "dependent_actions": [ "iam:PassRole", - "rds:AddTagsToResource" + "rds:AddTagsToResource", + "rds:CreateTenantDatabase" ], "resource_type": "db*" }, @@ -190441,6 +215101,11 @@ "dependent_actions": [], "resource_type": "subgrp*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "auto-backup" + }, { "condition_keys": [ "rds:BackupTarget", @@ -190511,6 +215176,11 @@ "description": "Grants permission to start replication of automated backups to a different AWS Region", "privilege": "StartDBInstanceAutomatedBackupsReplication", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "auto-backup*" + }, { "condition_keys": [], "dependent_actions": [], @@ -190602,16 +215272,30 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", - "aws:ResourceTag/${TagKey}", - "aws:TagKeys", - "rds:req-tag/${TagKey}" + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Write", + "description": "Grants permission to switchover a global cluster", + "privilege": "SwitchoverGlobalCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "global-cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to switch over a read replica, making it the new primary database", @@ -190634,6 +215318,21 @@ ], "resource": "cluster" }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:shard-group:${DbShardGroupResourceId}", + "condition_keys": [], + "resource": "shardgrp" + }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:cluster-auto-backup:${DbClusterAutomatedBackupId}", + "condition_keys": [], + "resource": "cluster-auto-backup" + }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:auto-backup:${DbInstanceAutomatedBackupId}", + "condition_keys": [], + "resource": "auto-backup" + }, { "arn": "arn:${Partition}:rds:${Region}:${Account}:cluster-endpoint:${DbClusterEndpoint}", "condition_keys": [ @@ -190748,11 +215447,6 @@ ], "resource": "subgrp" }, - { - "arn": "arn:${Partition}:rds:${Region}:${Account}:target:${TargetId}", - "condition_keys": [], - "resource": "target" - }, { "arn": "arn:${Partition}:rds:${Region}:${Account}:target-group:${TargetGroupId}", "condition_keys": [ @@ -190773,6 +215467,27 @@ "aws:ResourceTag/${TagKey}" ], "resource": "deployment" + }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:integration:${IntegrationIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "integration" + }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:snapshot-tenant-database:${SnapshotName}:${TenantResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "snapshot-tenant-database" + }, + { + "arn": "arn:${Partition}:rds:${Region}:${Account}:tenant-database:${TenantResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "tenant-database" } ], "service_name": "Amazon RDS" @@ -190972,10 +215687,15 @@ "description": "Filters access by actions based on the presence of mandatory tags in the request", "type": "ArrayOfString" }, + { + "condition": "redshift:AllowWrites", + "description": "Filters access by the allowWrites input parameter", + "type": "Bool" + }, { "condition": "redshift:ConsumerArn", "description": "Filters access by the datashare consumer arn", - "type": "String" + "type": "ARN" }, { "condition": "redshift:ConsumerIdentifier", @@ -190996,6 +215716,11 @@ "condition": "redshift:DurationSeconds", "description": "Filters access by the number of seconds until a temporary credential set expires", "type": "String" + }, + { + "condition": "redshift:InboundIntegrationArn", + "description": "Filters access by the ARN of an inbound zero-ETL Integration resource", + "type": "String" } ], "prefix": "redshift", @@ -191036,7 +215761,8 @@ }, { "condition_keys": [ - "redshift:ConsumerArn" + "redshift:ConsumerArn", + "redshift:AllowWrites" ], "dependent_actions": [], "resource_type": "" @@ -191072,7 +215798,8 @@ }, { "condition_keys": [ - "redshift:ConsumerIdentifier" + "redshift:ConsumerIdentifier", + "redshift:AllowWrites" ], "dependent_actions": [], "resource_type": "" @@ -191400,6 +216127,40 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a qev2 idc application", + "privilege": "CreateQev2IdcApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:CreateApplication", + "sso:PutApplicationAccessScope", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a redshift idc application", + "privilege": "CreateRedshiftIdcApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:CreateApplication", + "sso:PutApplicationAccessScope", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create saved SQL queries through the Amazon Redshift console", @@ -191742,6 +216503,46 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a qev2 idc application", + "privilege": "DeleteQev2IdcApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:DeleteApplication" + ], + "resource_type": "qev2idcapplication*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a redshift idc application", + "privilege": "DeleteRedshiftIdcApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:DeleteApplication" + ], + "resource_type": "redshiftidcapplication*" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the resource policy for a specified resource", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete saved SQL queries through the Amazon Redshift console", @@ -192101,7 +216902,7 @@ ] }, { - "access_level": "Permissions management", + "access_level": "List", "description": "Grants permission to authorize describe activity for redshift-managed vpc endpoint", "privilege": "DescribeEndpointAuthorization", "resource_types": [ @@ -192172,6 +216973,20 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the inbound integrations", + "privilege": "DescribeInboundIntegrations", + "resource_types": [ + { + "condition_keys": [ + "redshift:InboundIntegrationArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe whether information, such as queries and connection attempts, is being logged for a cluster", @@ -192220,6 +217035,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe qev2 idc applications", + "privilege": "DescribeQev2IdcApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a query through the Amazon Redshift console", @@ -192232,6 +217059,21 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe redshift idc applications", + "privilege": "DescribeRedshiftIdcApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:GetApplicationGrant", + "sso:ListApplicationAccessScopes" + ], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested", @@ -192542,6 +217384,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to failover the primary compute of an Multi-AZ cluster to another AZ", + "privilege": "FailoverPrimaryCompute", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to fetch query results through the Amazon Redshift console", @@ -192629,6 +217483,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the resource policy for a specified resource", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to join the specified Amazon Redshift group", @@ -192653,6 +217519,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Advisor recommendations", + "privilege": "ListRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list saved queries through the Amazon Redshift console", @@ -192849,6 +217727,40 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to modify a qev2 idc application", + "privilege": "ModifyQev2IdcApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:UpdateApplication" + ], + "resource_type": "qev2idcapplication*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to modify a redshift idc application", + "privilege": "ModifyRedshiftIdcApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:DeleteApplicationAccessScope", + "sso:DeleteApplicationGrant", + "sso:GetApplicationGrant", + "sso:ListApplicationAccessScopes", + "sso:PutApplicationAccessScope", + "sso:PutApplicationGrant", + "sso:UpdateApplication" + ], + "resource_type": "redshiftidcapplication*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to modify an existing saved query through the Amazon Redshift console", @@ -192933,6 +217845,18 @@ } ] }, + { + "access_level": "Permissions management", + "description": "Grants permission to update the resource policy for a specified resource", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to reboot a cluster", @@ -192998,7 +217922,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -193183,7 +218106,7 @@ "resource": "hsmconfiguration" }, { - "arn": "arn:${Partition}:redshift:${Region}:${Account}:namespace:${ProducerClusterNamespace}", + "arn": "arn:${Partition}:redshift:${Region}:${Account}:namespace:${ClusterNamespace}", "condition_keys": [ "aws:ResourceTag/${TagKey}" ], @@ -193251,6 +218174,16 @@ "aws:ResourceTag/${TagKey}" ], "resource": "usagelimit" + }, + { + "arn": "arn:${Partition}:redshift:${Region}:${Account}:redshiftidcapplication:${RedshiftIdcApplicationId}", + "condition_keys": [], + "resource": "redshiftidcapplication" + }, + { + "arn": "arn:${Partition}:redshift:${Region}:${Account}:qev2idcapplication:${Qev2IdcApplicationId}", + "condition_keys": [], + "resource": "qev2idcapplication" } ], "service_name": "Amazon Redshift" @@ -193511,6 +218444,28 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a custom domain association in Amazon Redshift Serverless", + "privilege": "CreateCustomDomainAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "acm:DescribeCertificate" + ], + "resource_type": "workgroup*" } ] }, @@ -193546,6 +218501,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a scheduled action for a specified Amazon Redshift Serverless namespace", + "privilege": "CreateScheduledAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a snapshot of all databases in a namespace", @@ -193555,6 +218522,26 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "snapshot*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a snapshot copy configuration for a specified Amazon Redshift Serverless namespace", + "privilege": "CreateSnapshotCopyConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" } ] }, @@ -193590,6 +218577,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a custom domain association", + "privilege": "DeleteCustomDomainAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workgroup*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an Amazon Redshift Serverless managed VPC endpoint", @@ -193626,6 +218625,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a scheduled action from Amazon Redshift Serverless", + "privilege": "DeleteScheduledAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a snapshot from Amazon Redshift Serverless", @@ -193638,6 +218649,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a snapshot copy configuration for a Amazon Redshift Serverless namespace", + "privilege": "DeleteSnapshotCopyConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a usage limit from Amazon Redshift Serverless", @@ -193662,6 +218685,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to see on the Amazon Redshift Serverless console the remaining number of free trial credits and their expiration date", + "privilege": "DescribeOneTimeCredit", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to get a database user name and temporary password with temporary authorization to log on to Amazon Redshift Serverless", @@ -193674,6 +218709,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about a specific custom domain association", + "privilege": "GetCustomDomainAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workgroup*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to create an Amazon Redshift Serverless managed VPC endpoint", @@ -193722,6 +218769,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about a specific scheduled action", + "privilege": "GetScheduledAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a specific snapshot", @@ -193770,6 +218829,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list custom domain associations in Amazon Redshift Serverless", + "privilege": "ListCustomDomainAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list EndpointAccess objects and relevant information", @@ -193806,6 +218877,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list scheduled actions", + "privilege": "ListScheduledActions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list SnapshotCopyConfiguration objects and relevant information", + "privilege": "ListSnapshotCopyConfigurations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace" + } + ] + }, { "access_level": "List", "description": "Grants permission to list snapshots", @@ -193914,6 +219009,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to restore a table from a recovery point", + "privilege": "RestoreTableFromRecoveryPoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "namespace*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recoveryPoint*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to restore a table from a snapshot", @@ -193941,6 +219053,16 @@ "dependent_actions": [], "resource_type": "namespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recoveryPoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], @@ -193967,6 +219089,16 @@ "dependent_actions": [], "resource_type": "namespace" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "recoveryPoint" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "snapshot" + }, { "condition_keys": [], "dependent_actions": [], @@ -193981,6 +219113,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a certificate associated with a custom domain", + "privilege": "UpdateCustomDomainAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "acm:DescribeCertificate" + ], + "resource_type": "workgroup*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an Amazon Redshift Serverless managed VPC endpoint", @@ -194005,6 +219151,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a scheduled action", + "privilege": "UpdateScheduledAction", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a snapshot", @@ -194017,6 +219175,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a snapshot copy configuration for a Amazon Redshift Serverless namespace", + "privilege": "UpdateSnapshotCopyConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a usage limit in Amazon Redshift Serverless", @@ -194052,7 +219222,9 @@ }, { "arn": "arn:${Partition}:redshift-serverless:${Region}:${Account}:snapshot/${SnapshotId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "snapshot" }, { @@ -194064,7 +219236,9 @@ }, { "arn": "arn:${Partition}:redshift-serverless:${Region}:${Account}:recoverypoint/${RecoveryPointId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "recoveryPoint" }, { @@ -194693,6 +219867,11 @@ "description": "Grants permission to create a collection in an AWS Region", "privilege": "CreateCollection", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "collection*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -194991,7 +220170,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "projectversion" } ] }, @@ -195127,6 +220306,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read the reference to job results in S3 and additional information about a media analysis job", + "privilege": "GetMediaAnalysisJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to read the list of persons detected in a stored video by an asynchronous person tracking job", @@ -195183,7 +220374,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "collection*" + "resource_type": "" } ] }, @@ -195223,6 +220414,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read the list of media analysis jobs", + "privilege": "ListMediaAnalysisJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the resource policies attached to a project", @@ -195415,6 +220618,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start a media analysis job", + "privilege": "StartMediaAnalysisJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "projectversion" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start the asynchronous tracking of persons in a stored video", @@ -195618,6 +220833,196 @@ ], "service_name": "Amazon Rekognition" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "repostspace", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new private re:Post in your account", + "privilege": "CreateSpace", + "resource_types": [ + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a private re:Post from your account", + "privilege": "DeleteSpace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove an administrator to a private re:Post in your account", + "privilege": "DeregisterAdmin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get the description for a private re:Post in your account", + "privilege": "GetSpace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list all private re:Posts in your account", + "privilege": "ListSpaces", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags associated with a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to add an administrator to a private re:post in your account", + "privilege": "RegisterAdmin", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send invites to users of a private re:Post in your account", + "privilege": "SendInvites", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a private re:Post in your account", + "privilege": "UpdateSpace", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:repostspace:${Region}:${Account}:space/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "space" + } + ], + "service_name": "AWS re:Post Private" + }, { "conditions": [ { @@ -195657,6 +221062,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to include or exclude one or more operational recommendations", + "privilege": "BatchUpdateRecommendationStatus", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create application", @@ -195958,6 +221375,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list compliance drifts that were detected while running an assessment", + "privilege": "ListAppAssessmentComplianceDrifts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list application assessment", @@ -196401,7 +221830,7 @@ "resource": "recommendation-template" } ], - "service_name": "AWS Resilience Hub Service" + "service_name": "AWS Resilience Hub" }, { "conditions": [], @@ -196447,7 +221876,7 @@ } ], "resources": [], - "service_name": "AWS Tag Editor" + "service_name": "Tag Editor" }, { "conditions": [ @@ -196561,6 +221990,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to Resource Explorer to access account level data within your AWS Organization", + "privilege": "GetAccountLevelServiceConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the Amazon resource name (ARN) of the view that is the default for the AWS Region in which you call this operation", @@ -196609,6 +222050,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the organization member account's indexes in all AWS Regions", + "privilege": "ListIndexesForMembers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve a list of all resource types currently supported by Resource Explorer", @@ -196704,7 +222157,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -196775,6 +222227,18 @@ ], "prefix": "resource-groups", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associate a resource to an Application", + "privilege": "AssociateResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a resource group with a specified name, description, and resource query", @@ -196785,7 +222249,9 @@ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], - "dependent_actions": [], + "dependent_actions": [ + "cloudformation:DescribeStacks" + ], "resource_type": "" } ] @@ -196802,6 +222268,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a resource-based policy for the specified group", + "privilege": "DeleteGroupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a resource from an Application", + "privilege": "DisassociateResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the current status of optional features in Resource Groups", @@ -196838,6 +222328,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a resource-based policy for the specified group", + "privilege": "GetGroupPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "group*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the query associated with a specified resource group", @@ -196902,6 +222404,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list supported resource types", + "privilege": "ListResourceTypes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to put the service configuration associated with the specified resource group", @@ -197024,7 +222538,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "cloudformation:DescribeStacks" + ], "resource_type": "group*" } ] @@ -198152,6 +223668,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a mapping rule from a profile", + "privilege": "DeleteAttributeMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a certificate revocation list (crl)", @@ -198385,6 +223913,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put a mapping rule into a profile", + "privilege": "PutAttributeMapping", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to attach notification settings to a trust anchor", @@ -198471,7 +224011,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -199588,13 +225127,13 @@ }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters access based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters access based on the presence of tag keys in the request", - "type": "String" + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" } ], "prefix": "route53-recovery-control-config", @@ -199779,6 +225318,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the resource policy of a cluster", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list associated Route 53 health checks", @@ -200937,6 +226488,270 @@ "resources": [], "service_name": "Amazon Route 53 Domains" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the presence of tag key-value pairs attached to the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of tag keys in the request", + "type": "ArrayOfString" + } + ], + "prefix": "route53profiles", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to associates a Profile to the customer VPC", + "privilege": "AssociateProfile", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "ec2:DescribeVpcs" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associates a resource, such as DNS Firewall rule group, private hosted zone, resolver rule, etc. to a specified Profile", + "privilege": "AssociateResourceToProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new Profile resource", + "privilege": "CreateProfile", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Profile specified byt the ProfileId", + "privilege": "DeleteProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an association between a customer VPC and the specified Profile", + "privilege": "DisassociateProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the asoociation between the resource. such as DNS Firewall rule group, private hosted zone, resolver rule, etc. and the specified Profile", + "privilege": "DisassociateResourceFromProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a Profile", + "privilege": "GetProfile", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a Profile to a VPC association specified by the Profile association ID", + "privilege": "GetProfileAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a Profile resource association based on the ProfileResourceAssociationId", + "privilege": "GetProfileResourceAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all VPCs the specified Profile is associated to", + "privilege": "ListProfileAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the associations between the resources, such as DNS Firewall rule groups, private hosted zones, resolver rules, etc. for the given Profile ID", + "privilege": "ListProfileResourceAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all the Profiles created by, and shared to the customer", + "privilege": "ListProfiles", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all tags associated with the resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add a tag to the given resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile-association" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to delete a tag from the given resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "profile-association" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the Profile resource association name or the resource properties or both, if both name and resource properties are null, the api returns the existing Profile resource association", + "privilege": "UpdateProfileResourceAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:route53profiles:${Region}:${Account}:profile/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "profile" + }, + { + "arn": "arn:${Partition}:route53profiles:${Region}:${Account}:profile-association/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "profile-association" + } + ], + "service_name": "Amazon Route 53 Profiles enables sharing DNS settings with VPCs" + }, { "conditions": [ { @@ -201048,6 +226863,11 @@ "description": "Grants permission to create a Firewall rule within a Firewall rule group", "privilege": "CreateFirewallRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-domain-list*" + }, { "condition_keys": [], "dependent_actions": [], @@ -201075,6 +226895,28 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a Route 53 Resolver on Outposts", + "privilege": "CreateOutpostResolver", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "outposts:GetOutpost" + ], + "resource_type": "outpost-resolver*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a Resolver endpoint. There are two types of Resolver endpoints, inbound and outbound", @@ -201153,6 +226995,11 @@ "description": "Grants permission to delete a Firewall rule within a Firewall rule group", "privilege": "DeleteFirewallRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-domain-list*" + }, { "condition_keys": [], "dependent_actions": [], @@ -201172,6 +227019,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a Route 53 Resolver on Outposts", + "privilege": "DeleteOutpostResolver", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost-resolver*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a Resolver endpoint. The effect of deleting a Resolver endpoint depends on whether it's an inbound or an outbound endpoint", @@ -201324,6 +227183,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about a specified Route 53 Resolver on Outposts", + "privilege": "GetOutpostResolver", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost-resolver*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the Resolver Config status within the specified resource", @@ -201458,7 +227329,7 @@ "dependent_actions": [ "ec2:DescribeVpcs" ], - "resource_type": "firewall-config*" + "resource_type": "" } ] }, @@ -201522,6 +227393,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all instances of Route 53 Resolver on Outposts that were created using the current AWS account", + "privilege": "ListOutpostResolvers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list Resolver Config statuses", @@ -201646,6 +227529,11 @@ "dependent_actions": [], "resource_type": "firewall-rule-group-association" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost-resolver" + }, { "condition_keys": [], "dependent_actions": [], @@ -201724,6 +227612,11 @@ "dependent_actions": [], "resource_type": "firewall-rule-group-association" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost-resolver" + }, { "condition_keys": [], "dependent_actions": [], @@ -201779,6 +227672,11 @@ "dependent_actions": [], "resource_type": "firewall-rule-group-association" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost-resolver" + }, { "condition_keys": [], "dependent_actions": [], @@ -201839,6 +227737,11 @@ "description": "Grants permission to update selected settings for an Firewall rule in a Firewall rule group", "privilege": "UpdateFirewallRule", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "firewall-domain-list*" + }, { "condition_keys": [], "dependent_actions": [], @@ -201858,6 +227761,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update seletected settings for a specified Route 53 Resolver on Outposts", + "privilege": "UpdateOutpostResolver", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "outpost-resolver*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the Resolver Config status within the specified resource", @@ -201976,6 +227891,13 @@ "arn": "arn:${Partition}:route53resolver:${Region}:${Account}:resolver-config/${ResourceId}", "condition_keys": [], "resource": "resolver-config" + }, + { + "arn": "arn:${Partition}:route53resolver:${Region}:${Account}:outpost-resolver/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "outpost-resolver" } ], "service_name": "Amazon Route 53 Resolver" @@ -202199,7 +228121,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -202263,6 +228184,11 @@ "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" }, + { + "condition": "s3:AccessGrantsInstanceArn", + "description": "Filters access by access grants instance ARN", + "type": "ARN" + }, { "condition": "s3:AccessPointNetworkOrigin", "description": "Filters access by the network origin (Internet or VPC)", @@ -202293,6 +228219,11 @@ "description": "Filters access by existing object tag key and value", "type": "String" }, + { + "condition": "s3:InventoryAccessibleOptionalFields", + "description": "Filters access by restricting which optional metadata fields a user can add when configuring S3 Inventory reports", + "type": "ArrayOfString" + }, { "condition": "s3:JobSuspendedCause", "description": "Filters access by a specific job suspended cause (for example, AWAITING_CONFIRMATION) to cancelling suspended jobs", @@ -202446,7 +228377,7 @@ { "condition": "s3:x-amz-server-side-encryption-aws-kms-key-id", "description": "Filters access by AWS KMS customer managed CMK for server-side encryption", - "type": "String" + "type": "ARN" }, { "condition": "s3:x-amz-server-side-encryption-customer-algorithm", @@ -202479,6 +228410,7 @@ { "condition_keys": [ "s3:DataAccessPointArn", + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:AccessPointNetworkOrigin", "s3:authType", @@ -202493,6 +228425,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate Access Grants identity center", + "privilege": "AssociateAccessGrantsIdentityCenter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to allow circumvention of governance-mode object retention settings", @@ -202539,6 +228496,87 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create Access Grant", + "privilege": "CreateAccessGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Create Access Grants Instance", + "privilege": "CreateAccessGrantsInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create Access Grants location", + "privilege": "CreateAccessGrantsLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new access point", @@ -202678,6 +228716,127 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon S3 Storage Lens group", + "privilege": "CreateStorageLensGroup", + "resource_types": [ + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete Access Grant", + "privilege": "DeleteAccessGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrant*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to Delete Access Grants Instance", + "privilege": "DeleteAccessGrantsInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to read Access grants instance resource policy", + "privilege": "DeleteAccessGrantsInstanceResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete Access Grants location", + "privilege": "DeleteAccessGrantsLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the access point named in the URI", @@ -202922,6 +229081,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -202977,6 +229137,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -203070,6 +229231,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing S3 Storage Lens group", + "privilege": "DeleteStorageLensGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagelensgroup*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the configuration parameters and status for a batch operations job", @@ -203117,6 +229302,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate Access Grants identity center", + "privilege": "DissociateAccessGrantsIdentityCenter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to uses the accelerate subresource to return the Transfer Acceleration state of a bucket, which is either Enabled or Suspended", @@ -203141,6 +229351,131 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to read Access Grant", + "privilege": "GetAccessGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrant*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Read Access Grants Instance", + "privilege": "GetAccessGrantsInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Read Access Grants Instance by prefix", + "privilege": "GetAccessGrantsInstanceForPrefix", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read Access grants instance resource policy", + "privilege": "GetAccessGrantsInstanceResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read Access Grants location", + "privilege": "GetAccessGrantsLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return configuration information about the specified access point", @@ -203704,6 +230039,31 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get Access", + "privilege": "GetDataAccess", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return the default encryption configuration an Amazon S3 bucket", @@ -203964,6 +230324,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -203992,6 +230353,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204154,6 +230516,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204183,6 +230546,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204403,6 +230767,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an Amazon S3 Storage Lens group", + "privilege": "GetStorageLensGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagelensgroup*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to initiate the replication process by setting replication status of an object to pending", @@ -204422,6 +230810,75 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Access Grant", + "privilege": "ListAccessGrants", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to List Access Grants Instances", + "privilege": "ListAccessGrantsInstances", + "resource_types": [ + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Access Grants locations", + "privilege": "ListAccessGrantsLocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list access points", @@ -204491,6 +230948,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204521,6 +230979,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204548,6 +231007,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204615,6 +231075,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -204649,6 +231110,64 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list S3 Storage Lens groups", + "privilege": "ListStorageLensGroups", + "resource_types": [ + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the tags attached to the specified resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagelensgroup" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Permissions management", "description": "Grants permission to change replica ownership", @@ -204697,6 +231216,31 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put Access grants instance resource policy", + "privilege": "PutAccessGrantsInstanceResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set the configuration of the object lambda enabled access point", @@ -205191,7 +231735,8 @@ "s3:signatureAge", "s3:signatureversion", "s3:TlsVersion", - "s3:x-amz-content-sha256" + "s3:x-amz-content-sha256", + "s3:InventoryAccessibleOptionalFields" ], "dependent_actions": [], "resource_type": "" @@ -205312,6 +231857,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -205358,6 +231904,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -205481,6 +232028,7 @@ }, { "condition_keys": [ + "s3:AccessGrantsInstanceArn", "s3:DataAccessPointAccount", "s3:DataAccessPointArn", "s3:AccessPointNetworkOrigin", @@ -205737,6 +232285,112 @@ } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to the specified resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagelensgroup" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from the specified resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantsinstance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagelensgroup" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Access Grants location", + "privilege": "UpdateAccessGrantsLocation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "accessgrantslocation*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the priority of an existing job", @@ -205790,6 +232444,30 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update an existing S3 Storage Lens group", + "privilege": "UpdateStorageLensGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "storagelensgroup*" + }, + { + "condition_keys": [ + "s3:authType", + "s3:ResourceAccount", + "s3:signatureAge", + "s3:signatureversion", + "s3:TlsVersion", + "s3:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -205810,16 +232488,31 @@ }, { "arn": "arn:${Partition}:s3:${Region}:${Account}:job/${JobId}", - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], "resource": "job" }, { "arn": "arn:${Partition}:s3:${Region}:${Account}:storage-lens/${ConfigId}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" ], "resource": "storagelensconfiguration" }, + { + "arn": "arn:${Partition}:s3:${Region}:${Account}:storage-lens-group/${Name}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "storagelensgroup" + }, { "arn": "arn:${Partition}:s3-object-lambda:${Region}:${Account}:accesspoint/${AccessPointName}", "condition_keys": [], @@ -205834,6 +232527,33 @@ "arn": "arn:${Partition}:s3:us-west-2:${Account}:async-request/mrap/${Operation}/${Token}", "condition_keys": [], "resource": "multiregionaccesspointrequestarn" + }, + { + "arn": "arn:${Partition}:s3:${Region}:${Account}:access-grants/default", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "accessgrantsinstance" + }, + { + "arn": "arn:${Partition}:s3:${Region}:${Account}:access-grants/default/location/${Token}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "accessgrantslocation" + }, + { + "arn": "arn:${Partition}:s3:${Region}:${Account}:access-grants/default/grant/${Token}", + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "resource": "accessgrant" } ], "service_name": "Amazon S3" @@ -206248,7 +232968,7 @@ }, { "access_level": "Permissions management", - "description": "Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket.", + "description": "Grants permission to set the access control list (ACL) permissions for new or existing objects in an S3 bucket", "privilege": "PutObjectAcl", "resource_types": [ { @@ -206441,7 +233161,7 @@ { "condition": "s3-outposts:DataAccessPointArn", "description": "Filters access by an access point Amazon Resource Name (ARN)", - "type": "String" + "type": "ARN" }, { "condition": "s3-outposts:ExistingObjectTag/", @@ -207657,6 +234377,220 @@ ], "service_name": "Amazon S3 on Outposts" }, + { + "conditions": [ + { + "condition": "s3express:LocationName", + "description": "Filters access by a specific Availability Zone ID", + "type": "String" + }, + { + "condition": "s3express:ResourceAccount", + "description": "Filters access by the resource owner AWS account ID", + "type": "String" + }, + { + "condition": "s3express:SessionMode", + "description": "Filters access by the permission requested by CreateSession API, such as ReadOnly and ReadWrite", + "type": "String" + }, + { + "condition": "s3express:TlsVersion", + "description": "Filters access by the TLS version used by the client", + "type": "Numeric" + }, + { + "condition": "s3express:authType", + "description": "Filters access by authentication method", + "type": "String" + }, + { + "condition": "s3express:signatureAge", + "description": "Filters access by the age in milliseconds of the request signature", + "type": "Numeric" + }, + { + "condition": "s3express:signatureversion", + "description": "Filters access by the AWS Signature Version used on the request", + "type": "String" + }, + { + "condition": "s3express:x-amz-content-sha256", + "description": "Filters access by unsigned content in your bucket", + "type": "String" + } + ], + "prefix": "s3express", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new bucket", + "privilege": "CreateBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:LocationName", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to Create Session token which is used for object APIs such as PutObject, GetObject, ect", + "privilege": "CreateSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:SessionMode", + "s3express:signatureAge", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete the bucket named in the URI", + "privilege": "DeleteBucket", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to delete the policy on a specified bucket", + "privilege": "DeleteBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return the policy of the specified bucket", + "privilege": "GetBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all directory buckets owned by the authenticated sender of the request", + "privilege": "ListAllMyDirectoryBuckets", + "resource_types": [ + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Permissions management", + "description": "Grants permission to add or replace a bucket policy on a bucket", + "privilege": "PutBucketPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bucket*" + }, + { + "condition_keys": [ + "s3express:authType", + "s3express:ResourceAccount", + "s3express:signatureversion", + "s3express:TlsVersion", + "s3express:x-amz-content-sha256" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:s3express:${Region}:${Account}:bucket/${BucketName}", + "condition_keys": [], + "resource": "bucket" + } + ], + "service_name": "Amazon S3 Express" + }, { "conditions": [ { @@ -207699,11 +234633,21 @@ "description": "Filters access by the direct internet access associated with the resource in the request", "type": "String" }, + { + "condition": "sagemaker:DomainId", + "description": "You can use the domainId as a policy variable to filter requests from specific SageMaker Domains", + "type": "String" + }, { "condition": "sagemaker:DomainSharingOutputKmsKey", "description": "Filters access by the Domain sharing output KMS key associated with the resource in the request", "type": "ARN" }, + { + "condition": "sagemaker:EnableRemoteDebug", + "description": "Filters access by the remote debug config in the request", + "type": "Bool" + }, { "condition": "sagemaker:FeatureGroupDisableGlueTableCreation", "description": "Filters access by the DisableGlueTableCreation flag associated with the feature group resource in the request", @@ -207762,12 +234706,12 @@ { "condition": "sagemaker:ImageArns", "description": "Filters access by the list of all image arns associated with the resource in the request", - "type": "ArrayOfString" + "type": "ArrayOfARN" }, { "condition": "sagemaker:ImageVersionArns", "description": "Filters access by the list of all image version arns associated with the resource in the request", - "type": "ArrayOfString" + "type": "ArrayOfARN" }, { "condition": "sagemaker:InstanceTypes", @@ -207814,6 +234758,11 @@ "description": "Filters access by the output kms key associated with the resource in the request", "type": "ARN" }, + { + "condition": "sagemaker:OwnerUserProfileArn", + "description": "Filters access by the OwnerUserProfile arn associated with the space in the request", + "type": "ARN" + }, { "condition": "sagemaker:ResourceTag/", "description": "Filters access by the preface string for a tag key and value pair attached to a resource", @@ -207829,6 +234778,11 @@ "description": "Filters access by the root access associated with the resource in the request", "type": "String" }, + { + "condition": "sagemaker:SearchVisibilityCondition/${FilterKey}", + "description": "Limits the results of your search request to the resources that you can access. $ { FilterKey} is a key that the VisibilityConditions configuration presents in the Search request", + "type": "String" + }, { "condition": "sagemaker:ServerlessMaxConcurrency", "description": "Filters access by limiting maximum concurrency used for Serverless inference in the request", @@ -207839,6 +234793,11 @@ "description": "Filters access by limiting memory size used for Serverless inference in the request", "type": "Numeric" }, + { + "condition": "sagemaker:SpaceSharingType", + "description": "Filters access by the sharing type associated with the space in the request", + "type": "String" + }, { "condition": "sagemaker:TaggingAction", "description": "Filters access by the API actions to which a user can apply tags. Uses the name of the API operation that creates a taggable resource to filter access", @@ -207849,6 +234808,11 @@ "description": "Filters access by the target model associated with the Multi-Model Endpoint in the request", "type": "String" }, + { + "condition": "sagemaker:UserProfileName", + "description": "You can use the UserProfileName as a policy variable to filter requests from specific user profiles within a SageMaker Domain. This context key is not applicable to user profiles within shared spaces", + "type": "String" + }, { "condition": "sagemaker:VolumeKmsKey", "description": "Filters access by the volume kms key associated with the resource in the request", @@ -207883,37 +234847,27 @@ "privilege": "AddAssociation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" } @@ -207925,310 +234879,237 @@ "privilege": "AddTags", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "algorithm" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app-image-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "automl-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "code-repository" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "compilation-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "data-quality-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device-fleet" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "domain" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-packaging-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "flow-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "human-task-ui" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hyper-parameter-tuning-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-recommendations-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "labeling-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-bias-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-explainability-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-quality-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "processing-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "project" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "studio-lifecycle-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "training-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "transform-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam" }, @@ -208254,9 +235135,7 @@ "resource_type": "experiment-trial*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" } @@ -208268,9 +235147,7 @@ "privilege": "BatchDescribeModelPackage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package*" } @@ -208328,9 +235205,7 @@ "privilege": "CreateAction", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208352,9 +235227,7 @@ "privilege": "CreateAlgorithm", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208376,9 +235249,7 @@ "privilege": "CreateApp", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208390,7 +235261,9 @@ "aws:TagKeys", "sagemaker:InstanceTypes", "sagemaker:ImageArns", - "sagemaker:ImageVersionArns" + "sagemaker:ImageVersionArns", + "sagemaker:OwnerUserProfileArn", + "sagemaker:SpaceSharingType" ], "dependent_actions": [], "resource_type": "" @@ -208403,9 +235276,7 @@ "privilege": "CreateAppImageConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208427,9 +235298,7 @@ "privilege": "CreateArtifact", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208451,9 +235320,7 @@ "privilege": "CreateAutoMLJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208481,9 +235348,7 @@ "privilege": "CreateAutoMLJobV2", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208507,13 +235372,34 @@ }, { "access_level": "Write", - "description": "Grants permission to create a CodeRepository", - "privilege": "CreateCodeRepository", + "description": "Grants permission to create a SageMaker HyperPod cluster", + "privilege": "CreateCluster", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole", + "sagemaker:AddTags" + ], + "resource_type": "cluster*" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys" ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a CodeRepository", + "privilege": "CreateCodeRepository", + "resource_types": [ + { + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208535,9 +235421,7 @@ "privilege": "CreateCompilationJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208560,9 +235444,7 @@ "privilege": "CreateContext", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208584,9 +235466,7 @@ "privilege": "CreateDataQualityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208617,9 +235497,7 @@ "privilege": "CreateDeviceFleet", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208642,9 +235520,7 @@ "privilege": "CreateDomain", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:CreateServiceLinkedRole", "iam:PassRole", @@ -208676,9 +235552,7 @@ "privilege": "CreateEdgeDeploymentPlan", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208701,9 +235575,7 @@ "privilege": "CreateEdgeDeploymentStage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208726,9 +235598,7 @@ "privilege": "CreateEdgePackagingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208751,14 +235621,17 @@ "privilege": "CreateEndpoint", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], "resource_type": "endpoint*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "endpoint-config*" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -208775,10 +235648,9 @@ "privilege": "CreateEndpointConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ + "iam:PassRole", "sagemaker:AddTags" ], "resource_type": "endpoint-config*" @@ -208792,7 +235664,10 @@ "sagemaker:ModelArn", "sagemaker:VolumeKmsKey", "sagemaker:ServerlessMaxConcurrency", - "sagemaker:ServerlessMemorySize" + "sagemaker:ServerlessMemorySize", + "sagemaker:NetworkIsolation", + "sagemaker:VpcSecurityGroupIds", + "sagemaker:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -208805,9 +235680,7 @@ "privilege": "CreateExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208829,9 +235702,7 @@ "privilege": "CreateFeatureGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208860,9 +235731,7 @@ "privilege": "CreateFlowDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208887,9 +235756,7 @@ "privilege": "CreateHub", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208911,9 +235778,7 @@ "privilege": "CreateHumanTaskUi", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -208935,9 +235800,7 @@ "privilege": "CreateHyperParameterTuningJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208972,9 +235835,7 @@ "privilege": "CreateImage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -208996,12 +235857,38 @@ "description": "Grants permission to create a SageMaker ImageVersion", "privilege": "CreateImageVersion", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "image*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an inference component on an endpoint", + "privilege": "CreateInferenceComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sagemaker:AddTags" + ], + "resource_type": "endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component*" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:TagKeys", + "sagemaker:ModelArn" ], "dependent_actions": [], - "resource_type": "image*" + "resource_type": "" } ] }, @@ -209011,9 +235898,7 @@ "privilege": "CreateInferenceExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209036,9 +235921,7 @@ "privilege": "CreateInferenceRecommendationsJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209061,9 +235944,7 @@ "privilege": "CreateLabelingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209102,9 +235983,7 @@ "privilege": "CreateModel", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209130,9 +236009,7 @@ "privilege": "CreateModelBiasJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209163,9 +236040,7 @@ "privilege": "CreateModelCard", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209187,9 +236062,7 @@ "privilege": "CreateModelCardExportJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card*" } @@ -209201,9 +236074,7 @@ "privilege": "CreateModelExplainabilityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209234,18 +236105,14 @@ "privilege": "CreateModelPackage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], "resource_type": "model-package" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group" }, @@ -209267,9 +236134,7 @@ "privilege": "CreateModelPackageGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209291,9 +236156,7 @@ "privilege": "CreateModelQualityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209324,9 +236187,7 @@ "privilege": "CreateMonitoringSchedule", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209357,9 +236218,7 @@ "privilege": "CreateNotebookInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209402,9 +236261,7 @@ "privilege": "CreatePipeline", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209427,9 +236284,7 @@ "privilege": "CreatePresignedDomainUrl", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile*" } @@ -209441,9 +236296,7 @@ "privilege": "CreatePresignedNotebookInstanceUrl", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance*" } @@ -209455,9 +236308,7 @@ "privilege": "CreateProcessingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209488,9 +236339,7 @@ "privilege": "CreateProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209524,9 +236373,7 @@ "privilege": "CreateSpace", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209538,7 +236385,9 @@ "aws:TagKeys", "sagemaker:InstanceTypes", "sagemaker:ImageArns", - "sagemaker:ImageVersionArns" + "sagemaker:ImageVersionArns", + "sagemaker:OwnerUserProfileArn", + "sagemaker:SpaceSharingType" ], "dependent_actions": [], "resource_type": "" @@ -209551,9 +236400,7 @@ "privilege": "CreateStudioLifecycleConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209575,9 +236422,7 @@ "privilege": "CreateTrainingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209600,7 +236445,8 @@ "sagemaker:VolumeKmsKey", "sagemaker:VpcSecurityGroupIds", "sagemaker:VpcSubnets", - "sagemaker:KeepAlivePeriod" + "sagemaker:KeepAlivePeriod", + "sagemaker:EnableRemoteDebug" ], "dependent_actions": [], "resource_type": "" @@ -209613,9 +236459,7 @@ "privilege": "CreateTransformJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209641,12 +236485,15 @@ "privilege": "CreateTrial", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], + "resource_type": "experiment*" + }, + { + "condition_keys": [], + "dependent_actions": [], "resource_type": "experiment-trial*" }, { @@ -209665,9 +236512,7 @@ "privilege": "CreateTrialComponent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209689,9 +236534,7 @@ "privilege": "CreateUserProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole", "sagemaker:AddTags" @@ -209719,9 +236562,7 @@ "privilege": "CreateWorkforce", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209743,9 +236584,7 @@ "privilege": "CreateWorkteam", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], @@ -209767,9 +236606,7 @@ "privilege": "DeleteAction", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action*" } @@ -209781,9 +236618,7 @@ "privilege": "DeleteAlgorithm", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "algorithm*" } @@ -209794,12 +236629,18 @@ "description": "Grants permission to delete an App", "privilege": "DeleteApp", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "app*" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "sagemaker:OwnerUserProfileArn", + "sagemaker:SpaceSharingType" ], "dependent_actions": [], - "resource_type": "app*" + "resource_type": "" } ] }, @@ -209809,9 +236650,7 @@ "privilege": "DeleteAppImageConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app-image-config*" } @@ -209823,9 +236662,7 @@ "privilege": "DeleteArtifact", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact*" } @@ -209837,65 +236674,75 @@ "privilege": "DeleteAssociation", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a SageMaker HyperPod cluster", + "privilege": "DeleteCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a CodeRepository", "privilege": "DeleteCodeRepository", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "code-repository*" } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a compilation job", + "privilege": "DeleteCompilationJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "compilation-job*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a context", "privilege": "DeleteContext", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context*" } @@ -209907,9 +236754,7 @@ "privilege": "DeleteDataQualityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "data-quality-job-definition*" } @@ -209921,9 +236766,7 @@ "privilege": "DeleteDeviceFleet", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device-fleet*" } @@ -209935,9 +236778,7 @@ "privilege": "DeleteDomain", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "domain*" } @@ -209949,9 +236790,7 @@ "privilege": "DeleteEdgeDeploymentPlan", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan*" } @@ -209963,9 +236802,7 @@ "privilege": "DeleteEdgeDeploymentStage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan*" } @@ -209977,9 +236814,7 @@ "privilege": "DeleteEndpoint", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint*" } @@ -209991,9 +236826,7 @@ "privilege": "DeleteEndpointConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint-config*" } @@ -210005,9 +236838,7 @@ "privilege": "DeleteExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment*" } @@ -210019,9 +236850,7 @@ "privilege": "DeleteFeatureGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group*" }, @@ -210040,9 +236869,7 @@ "privilege": "DeleteFlowDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "flow-definition*" } @@ -210054,9 +236881,7 @@ "privilege": "DeleteHub", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" } @@ -210068,16 +236893,12 @@ "privilege": "DeleteHubContent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub-content*" } @@ -210101,23 +236922,31 @@ "privilege": "DeleteHumanTaskUi", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "human-task-ui*" } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a hyper parameter tuning job", + "privilege": "DeleteHyperParameterTuningJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "hyper-parameter-tuning-job*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a SageMaker Image", "privilege": "DeleteImage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image*" } @@ -210135,15 +236964,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an inference component. Amazon SageMaker frees up the resources that were reserved when the inference component was created", + "privilege": "DeleteInferenceComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an inference experiment", "privilege": "DeleteInferenceExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-experiment*" } @@ -210167,9 +237006,7 @@ "privilege": "DeleteModel", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model*" } @@ -210181,9 +237018,7 @@ "privilege": "DeleteModelBiasJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-bias-job-definition*" } @@ -210195,9 +237030,7 @@ "privilege": "DeleteModelCard", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card*" } @@ -210209,9 +237042,7 @@ "privilege": "DeleteModelExplainabilityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-explainability-job-definition*" } @@ -210223,9 +237054,7 @@ "privilege": "DeleteModelPackage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package*" } @@ -210237,9 +237066,7 @@ "privilege": "DeleteModelPackageGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group*" } @@ -210251,9 +237078,7 @@ "privilege": "DeleteModelPackageGroupPolicy", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group*" } @@ -210265,9 +237090,7 @@ "privilege": "DeleteModelQualityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-quality-job-definition*" } @@ -210279,9 +237102,7 @@ "privilege": "DeleteMonitoringSchedule", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule*" } @@ -210293,9 +237114,7 @@ "privilege": "DeleteNotebookInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance*" } @@ -210319,9 +237138,7 @@ "privilege": "DeletePipeline", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline*" } @@ -210333,9 +237150,7 @@ "privilege": "DeleteProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "project*" } @@ -210353,17 +237168,35 @@ } ] }, + { + "access_level": "Write", + "description": "Grants AWS Resource Access Manager permission to delete a resource policy on a SageMaker resource that supports cross-account sharing", + "privilege": "DeleteResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a Space", "privilege": "DeleteSpace", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space*" + }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "sagemaker:OwnerUserProfileArn", + "sagemaker:SpaceSharingType" ], "dependent_actions": [], - "resource_type": "space*" + "resource_type": "" } ] }, @@ -210373,9 +237206,7 @@ "privilege": "DeleteStudioLifecycleConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "studio-lifecycle-config*" } @@ -210387,310 +237218,237 @@ "privilege": "DeleteTags", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "algorithm" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app-image-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "automl-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "code-repository" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "compilation-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "data-quality-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device-fleet" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "domain" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-packaging-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "flow-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "human-task-ui" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hyper-parameter-tuning-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-recommendations-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "labeling-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-bias-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-explainability-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-quality-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "processing-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "project" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "studio-lifecycle-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "training-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "transform-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam" }, @@ -210709,9 +237467,7 @@ "privilege": "DeleteTrial", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial*" } @@ -210723,9 +237479,7 @@ "privilege": "DeleteTrialComponent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" } @@ -210737,9 +237491,7 @@ "privilege": "DeleteUserProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile*" } @@ -210751,9 +237503,7 @@ "privilege": "DeleteWorkforce", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workforce*" } @@ -210765,9 +237515,7 @@ "privilege": "DeleteWorkteam", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam*" } @@ -210779,9 +237527,7 @@ "privilege": "DeregisterDevices", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device*" } @@ -210793,9 +237539,7 @@ "privilege": "DescribeAction", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action*" } @@ -210807,9 +237551,7 @@ "privilege": "DescribeAlgorithm", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "algorithm*" } @@ -210821,9 +237563,7 @@ "privilege": "DescribeApp", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app*" } @@ -210835,9 +237575,7 @@ "privilege": "DescribeAppImageConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app-image-config*" } @@ -210849,9 +237587,7 @@ "privilege": "DescribeArtifact", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact*" } @@ -210863,9 +237599,7 @@ "privilege": "DescribeAutoMLJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "automl-job*" } @@ -210877,23 +237611,43 @@ "privilege": "DescribeAutoMLJobV2", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "automl-job*" } ] }, + { + "access_level": "Read", + "description": "Grants permission to return information about a SageMaker HyperPod cluster", + "privilege": "DescribeCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return information about a SageMaker HyperPod cluster node", + "privilege": "DescribeClusterNode", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe a CodeRepository", "privilege": "DescribeCodeRepository", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "code-repository*" } @@ -210905,9 +237659,7 @@ "privilege": "DescribeCompilationJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "compilation-job*" } @@ -210919,9 +237671,7 @@ "privilege": "DescribeContext", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context*" } @@ -210933,9 +237683,7 @@ "privilege": "DescribeDataQualityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "data-quality-job-definition*" } @@ -210947,9 +237695,7 @@ "privilege": "DescribeDevice", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device*" } @@ -210961,9 +237707,7 @@ "privilege": "DescribeDeviceFleet", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device-fleet*" } @@ -210975,9 +237719,7 @@ "privilege": "DescribeDomain", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "domain*" } @@ -210989,9 +237731,7 @@ "privilege": "DescribeEdgeDeploymentPlan", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan*" } @@ -211003,9 +237743,7 @@ "privilege": "DescribeEdgePackagingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-packaging-job*" } @@ -211017,9 +237755,7 @@ "privilege": "DescribeEndpoint", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint*" } @@ -211031,9 +237767,7 @@ "privilege": "DescribeEndpointConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint-config*" } @@ -211045,9 +237779,7 @@ "privilege": "DescribeExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment*" } @@ -211059,9 +237791,7 @@ "privilege": "DescribeFeatureGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group*" } @@ -211073,9 +237803,7 @@ "privilege": "DescribeFeatureMetadata", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group*" } @@ -211087,9 +237815,7 @@ "privilege": "DescribeFlowDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "flow-definition*" } @@ -211101,9 +237827,7 @@ "privilege": "DescribeHub", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" } @@ -211115,16 +237839,12 @@ "privilege": "DescribeHubContent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub-content*" } @@ -211148,9 +237868,7 @@ "privilege": "DescribeHumanTaskUi", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "human-task-ui*" } @@ -211162,9 +237880,7 @@ "privilege": "DescribeHyperParameterTuningJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hyper-parameter-tuning-job*" } @@ -211176,9 +237892,7 @@ "privilege": "DescribeImage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image*" } @@ -211196,15 +237910,25 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return the description of an inference component", + "privilege": "DescribeInferenceComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about an inference experiment", "privilege": "DescribeInferenceExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-experiment*" } @@ -211216,9 +237940,7 @@ "privilege": "DescribeInferenceRecommendationsJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-recommendations-job*" } @@ -211230,9 +237952,7 @@ "privilege": "DescribeLabelingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "labeling-job*" } @@ -211256,9 +237976,7 @@ "privilege": "DescribeModel", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model*" } @@ -211270,9 +237988,7 @@ "privilege": "DescribeModelBiasJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-bias-job-definition*" } @@ -211284,9 +238000,7 @@ "privilege": "DescribeModelCard", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card*" } @@ -211310,9 +238024,7 @@ "privilege": "DescribeModelExplainabilityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-explainability-job-definition*" } @@ -211324,9 +238036,7 @@ "privilege": "DescribeModelPackage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package*" } @@ -211338,9 +238048,7 @@ "privilege": "DescribeModelPackageGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group*" } @@ -211352,9 +238060,7 @@ "privilege": "DescribeModelQualityJobDefinition", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-quality-job-definition*" } @@ -211366,9 +238072,7 @@ "privilege": "DescribeMonitoringSchedule", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule*" } @@ -211380,9 +238084,7 @@ "privilege": "DescribeNotebookInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance*" } @@ -211406,9 +238108,7 @@ "privilege": "DescribePipeline", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline*" } @@ -211444,9 +238144,7 @@ "privilege": "DescribeProcessingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "processing-job*" } @@ -211458,9 +238156,7 @@ "privilege": "DescribeProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "project*" } @@ -211484,9 +238180,7 @@ "privilege": "DescribeSpace", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "space*" } @@ -211498,9 +238192,7 @@ "privilege": "DescribeStudioLifecycleConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "studio-lifecycle-config*" } @@ -211512,9 +238204,7 @@ "privilege": "DescribeSubscribedWorkteam", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam*" } @@ -211526,9 +238216,7 @@ "privilege": "DescribeTrainingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "training-job*" } @@ -211540,9 +238228,7 @@ "privilege": "DescribeTransformJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "transform-job*" } @@ -211554,9 +238240,7 @@ "privilege": "DescribeTrial", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial*" } @@ -211568,9 +238252,7 @@ "privilege": "DescribeTrialComponent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" } @@ -211582,9 +238264,7 @@ "privilege": "DescribeUserProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile*" } @@ -211596,9 +238276,7 @@ "privilege": "DescribeWorkforce", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workforce*" } @@ -211610,9 +238288,7 @@ "privilege": "DescribeWorkteam", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam*" } @@ -211636,23 +238312,17 @@ "privilege": "DisassociateTrialComponent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "processing-job*" } @@ -211724,9 +238394,7 @@ "privilege": "GetModelPackageGroupPolicy", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group*" } @@ -211744,6 +238412,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants AWS Resource Access Manager permission to retrieve a resource policy on a SageMaker resource that supports cross-account sharing", + "privilege": "GetResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get a SageMaker Service Catalog Portfolio", @@ -211756,6 +238436,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a scaling policy configuration recommendation", + "privilege": "GetScalingConfigurationRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-recommendations-job*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get search suggestions when provided with a keyword", @@ -211774,18 +238466,14 @@ "privilege": "ImportHubContent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "sagemaker:AddTags" ], "resource_type": "hub*" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub-content*" }, @@ -211809,6 +238497,11 @@ "dependent_actions": [], "resource_type": "endpoint*" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component" + }, { "condition_keys": [ "sagemaker:TargetModel" @@ -211830,6 +238523,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the inference response as a stream from the specified endpoint", + "privilege": "InvokeEndpointWithResponseStream", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component" + } + ] + }, { "access_level": "List", "description": "Grants permission to list actions", @@ -211860,9 +238570,7 @@ "privilege": "ListAliases", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image*" }, @@ -211945,6 +238653,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list nodes within a SageMaker HyperPod cluster", + "privilege": "ListClusterNodes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list SageMaker HyperPod clusters", + "privilege": "ListClusters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list code repositories", @@ -212119,9 +238851,7 @@ "privilege": "ListHubContentVersions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" }, @@ -212138,9 +238868,7 @@ "privilege": "ListHubContents", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" } @@ -212200,9 +238928,7 @@ "privilege": "ListImageVersions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image*" } @@ -212220,6 +238946,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list inference components", + "privilege": "ListInferenceComponents", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list inference experiments", @@ -212274,9 +239012,7 @@ "privilege": "ListLabelingJobsForWorkteam", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam*" } @@ -212312,9 +239048,7 @@ "privilege": "ListModelCardExportJobs", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card*" } @@ -212326,9 +239060,7 @@ "privilege": "ListModelCardVersions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card*" } @@ -212388,11 +239120,9 @@ "privilege": "ListModelPackages", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], - "resource_type": "model-package-group" + "resource_type": "model-package" } ] }, @@ -212510,9 +239240,7 @@ "privilege": "ListPipelineExecutions", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline*" } @@ -212566,6 +239294,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list resource catalogs", + "privilege": "ListResourceCatalogs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list shared model events", @@ -212656,310 +239396,237 @@ "privilege": "ListTags", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "algorithm" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app-image-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "automl-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "code-repository" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "compilation-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "data-quality-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device-fleet" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "domain" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-packaging-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "flow-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "human-task-ui" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hyper-parameter-tuning-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "image" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-recommendations-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "labeling-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-bias-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-explainability-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package-group" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-quality-job-definition" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "processing-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "project" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], + "dependent_actions": [], + "resource_type": "space" + }, + { + "condition_keys": [], "dependent_actions": [], "resource_type": "studio-lifecycle-config" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "training-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "transform-job" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile" }, { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam" } @@ -212983,9 +239650,7 @@ "privilege": "ListTrainingJobsForHyperParameterTuningJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hyper-parameter-tuning-job*" } @@ -213099,6 +239764,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants AWS Resource Access Manager permission to create a resource policy on a SageMaker resource that supports cross-account sharing", + "privilege": "PutResourcePolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to explore the lineage graph", @@ -213117,9 +239794,7 @@ "privilege": "RegisterDevices", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device*" }, @@ -213165,7 +239840,9 @@ "privilege": "Search", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "sagemaker:SearchVisibilityCondition/${FilterKey}" + ], "dependent_actions": [], "resource_type": "" } @@ -213225,9 +239902,7 @@ "privilege": "StartEdgeDeploymentStage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan*" } @@ -213251,9 +239926,7 @@ "privilege": "StartInferenceExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-experiment*" } @@ -213265,9 +239938,7 @@ "privilege": "StartMonitoringSchedule", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule*" } @@ -213279,9 +239950,7 @@ "privilege": "StartNotebookInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance*" } @@ -213293,9 +239962,7 @@ "privilege": "StartPipelineExecution", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "pipeline*" } @@ -213307,9 +239974,7 @@ "privilege": "StopAutoMLJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "automl-job*" } @@ -213321,9 +239986,7 @@ "privilege": "StopCompilationJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "compilation-job*" } @@ -213335,9 +239998,7 @@ "privilege": "StopEdgeDeploymentStage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-deployment-plan*" } @@ -213349,9 +240010,7 @@ "privilege": "StopEdgePackagingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "edge-packaging-job*" } @@ -213375,9 +240034,7 @@ "privilege": "StopHyperParameterTuningJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hyper-parameter-tuning-job*" } @@ -213389,9 +240046,7 @@ "privilege": "StopInferenceExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-experiment*" } @@ -213403,9 +240058,7 @@ "privilege": "StopInferenceRecommendationsJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-recommendations-job*" } @@ -213417,9 +240070,7 @@ "privilege": "StopLabelingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "labeling-job*" } @@ -213431,9 +240082,7 @@ "privilege": "StopMonitoringSchedule", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule*" } @@ -213445,9 +240094,7 @@ "privilege": "StopNotebookInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance*" } @@ -213471,9 +240118,7 @@ "privilege": "StopProcessingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "processing-job*" } @@ -213485,9 +240130,7 @@ "privilege": "StopTrainingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "training-job*" } @@ -213499,9 +240142,7 @@ "privilege": "StopTransformJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "transform-job*" } @@ -213513,9 +240154,7 @@ "privilege": "UpdateAction", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "action*" } @@ -213527,9 +240166,7 @@ "privilege": "UpdateAppImageConfig", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "app-image-config*" } @@ -213541,23 +240178,45 @@ "privilege": "UpdateArtifact", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "artifact*" } ] }, + { + "access_level": "Write", + "description": "Grants permission to update a SageMaker HyperPod cluster", + "privilege": "UpdateCluster", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "cluster*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update platform software for a SageMaker HyperPod cluster", + "privilege": "UpdateClusterSoftware", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "cluster*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a CodeRepository", "privilege": "UpdateCodeRepository", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "code-repository*" } @@ -213569,9 +240228,7 @@ "privilege": "UpdateContext", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "context*" } @@ -213583,9 +240240,7 @@ "privilege": "UpdateDeviceFleet", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device-fleet*" } @@ -213597,9 +240252,7 @@ "privilege": "UpdateDevices", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "device*" } @@ -213611,9 +240264,7 @@ "privilege": "UpdateDomain", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "domain*" }, @@ -213623,7 +240274,9 @@ "sagemaker:InstanceTypes", "sagemaker:DomainSharingOutputKmsKey", "sagemaker:ImageArns", - "sagemaker:ImageVersionArns" + "sagemaker:ImageVersionArns", + "sagemaker:AppNetworkAccessType", + "sagemaker:VpcSubnets" ], "dependent_actions": [], "resource_type": "" @@ -213636,11 +240289,14 @@ "privilege": "UpdateEndpoint", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "endpoint-config*" } ] }, @@ -213650,9 +240306,7 @@ "privilege": "UpdateEndpointWeightsAndCapacities", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "endpoint*" } @@ -213664,9 +240318,7 @@ "privilege": "UpdateExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment*" } @@ -213678,9 +240330,7 @@ "privilege": "UpdateFeatureGroup", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group*" } @@ -213692,9 +240342,7 @@ "privilege": "UpdateFeatureMetadata", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "feature-group*" } @@ -213706,9 +240354,7 @@ "privilege": "UpdateHub", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "hub*" } @@ -213720,9 +240366,7 @@ "privilege": "UpdateImage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole" ], @@ -213742,15 +240386,37 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an inference component to use the specification and configurations specified in the request", + "privilege": "UpdateInferenceComponent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the runtime config of a given inference component", + "privilege": "UpdateInferenceComponentRuntimeConfig", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "inference-component*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an inference experiment", "privilege": "UpdateInferenceExperiment", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "inference-experiment*" } @@ -213762,9 +240428,7 @@ "privilege": "UpdateModelCard", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-card*" } @@ -213776,9 +240440,7 @@ "privilege": "UpdateModelPackage", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "model-package*" }, @@ -213799,9 +240461,7 @@ "privilege": "UpdateMonitoringAlert", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "monitoring-schedule*" }, @@ -213818,9 +240478,7 @@ "privilege": "UpdateMonitoringSchedule", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole" ], @@ -213850,9 +240508,7 @@ "privilege": "UpdateNotebookInstance", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "notebook-instance*" }, @@ -213886,9 +240542,7 @@ "privilege": "UpdatePipeline", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [ "iam:PassRole" ], @@ -213914,9 +240568,7 @@ "privilege": "UpdateProject", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "project*" }, @@ -213948,9 +240600,7 @@ "privilege": "UpdateSpace", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "space*" }, @@ -213958,7 +240608,9 @@ "condition_keys": [ "sagemaker:InstanceTypes", "sagemaker:ImageArns", - "sagemaker:ImageVersionArns" + "sagemaker:ImageVersionArns", + "sagemaker:OwnerUserProfileArn", + "sagemaker:SpaceSharingType" ], "dependent_actions": [], "resource_type": "" @@ -213971,16 +240623,15 @@ "privilege": "UpdateTrainingJob", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "training-job*" }, { "condition_keys": [ "sagemaker:InstanceTypes", - "sagemaker:KeepAlivePeriod" + "sagemaker:KeepAlivePeriod", + "sagemaker:EnableRemoteDebug" ], "dependent_actions": [], "resource_type": "" @@ -213993,9 +240644,7 @@ "privilege": "UpdateTrial", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial*" } @@ -214007,9 +240656,7 @@ "privilege": "UpdateTrialComponent", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "experiment-trial-component*" } @@ -214021,9 +240668,7 @@ "privilege": "UpdateUserProfile", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "user-profile*" }, @@ -214047,9 +240692,7 @@ "privilege": "UpdateWorkforce", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workforce*" } @@ -214061,9 +240704,7 @@ "privilege": "UpdateWorkteam", "resource_types": [ { - "condition_keys": [ - "aws:ResourceTag/${TagKey}" - ], + "condition_keys": [], "dependent_actions": [], "resource_type": "workteam*" } @@ -214264,6 +240905,14 @@ ], "resource": "algorithm" }, + { + "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:cluster/${ClusterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], + "resource": "cluster" + }, { "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:training-job/${TrainingJobName}", "condition_keys": [ @@ -214336,6 +240985,14 @@ ], "resource": "endpoint" }, + { + "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:inference-component/${InferenceComponentName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sagemaker:ResourceTag/${TagKey}" + ], + "resource": "inference-component" + }, { "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:transform-job/${TransformJobName}", "condition_keys": [ @@ -214507,6 +241164,11 @@ "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:shared-model-event/${EventId}", "condition_keys": [], "resource": "shared-model-event" + }, + { + "arn": "arn:${Partition}:sagemaker:${Region}:${Account}:sagemaker-catalog/${ResourceCatalogName}", + "condition_keys": [], + "resource": "sagemaker-catalog" } ], "service_name": "Amazon SageMaker" @@ -214576,7 +241238,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "EarthObservationJob*" }, { @@ -214595,7 +241259,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "VectorEnrichmentJob*" }, { @@ -214652,7 +241318,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "EarthObservationJob*" } ] @@ -214760,7 +241428,10 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole", + "sagemaker-geospatial:TagResource" + ], "resource_type": "EarthObservationJob*" }, { @@ -214780,7 +241451,10 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole", + "sagemaker-geospatial:TagResource" + ], "resource_type": "VectorEnrichmentJob*" }, { @@ -215073,18 +241747,18 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the allowed set of values for each of the tags", + "description": "Filters access by the allowed set of values for each of the tags", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag-value assoicated with the resource", + "description": "Filters access by tag-value assoicated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of mandatory tags in the request", - "type": "String" + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" } ], "prefix": "savingsplans", @@ -215197,6 +241871,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to return a savings plan", + "privilege": "ReturnSavingsPlan", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "savingsplan*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a savings plan", @@ -215275,7 +241968,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "schedule*" }, { @@ -215333,7 +242028,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "scheduler:DeleteSchedule" + ], "resource_type": "schedule-group*" }, { @@ -215474,7 +242171,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "schedule*" }, { @@ -216022,6 +242721,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a BillOfMaterialsImportJob which will import a CSV file of BillOfMaterials records", + "privilege": "CreateBillOfMaterialsImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new AWS Supply Chain instance", @@ -216082,6 +242793,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view status and details of a BillOfMaterialsImportJob", + "privilege": "GetBillOfMaterialsImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "bill-of-materials-import-job*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list AWS Supply Chain administrators of an instance", @@ -216130,6 +242853,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a DataIntegrationEvent which will ingest data in real-time", + "privilege": "SendDataIntegrationEvent", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag an AWS Supply Chain instance", @@ -216162,7 +242897,6 @@ }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -216188,6 +242922,11 @@ "arn": "arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}", "condition_keys": [], "resource": "instance" + }, + { + "arn": "arn:${Partition}:scn:${Region}:${Account}:instance/${InstanceId}/bill-of-materials-import-job/${JobId}", + "condition_keys": [], + "resource": "bill-of-materials-import-job" } ], "service_name": "AWS Supply Chain" @@ -216370,7 +243109,7 @@ }, { "condition": "secretsmanager:KmsKeyId", - "description": "Filters access by the ARN of the KMS key in the request", + "description": "Filters access by the key identifier of the KMS key in the request", "type": "String" }, { @@ -216431,6 +243170,18 @@ ], "prefix": "secretsmanager", "privileges": [ + { + "access_level": "List", + "description": "Grants permission to retrieve and decrypt a list of secrets", + "privilege": "BatchGetSecretValue", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to cancel an in-progress secret rotation", @@ -217053,6 +243804,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about configuration policies associated with a specific list of member accounts and organizational units of the calling account's organization", + "privilege": "BatchGetConfigurationPolicyAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the enablement and compliance status of controls, the findings count for controls, and the overall security score for controls on the Security Hub console", @@ -217184,6 +243947,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a configuration policy to manage organization member settings in Security Hub", + "privilege": "CreateConfigurationPolicy", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a finding aggregator, which contains the cross-Region finding aggregation configuration", @@ -217244,6 +244022,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing configuration policy", + "privilege": "DeleteConfigurationPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a finding aggregator, which disables finding aggregation across Regions", @@ -217510,6 +244300,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a complete overview of one configuration policy created by the calling account", + "privilege": "GetConfigurationPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about a configuration policy associated with a member account or organizational unit of the calling account's organization", + "privilege": "GetConfigurationPolicyAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a security score and counts of finding and control statuses for a security standard", @@ -217666,6 +244480,20 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get the definition details of a specific security control identified by ID", + "privilege": "GetSecurityControlDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "securityhub:DescribeStandardsControls" + ], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about Security Hub usage by accounts", @@ -217702,6 +244530,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the summaries of all configuration policies created by the calling account", + "privilege": "ListConfigurationPolicies", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about all configuration policies associationed with all member accounts and organizational units of the calling account's organization", + "privilege": "ListConfigurationPolicyAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve a list of controls for a standard, including the control IDs, statuses and finding counts", @@ -217812,6 +244664,11 @@ "dependent_actions": [], "resource_type": "automation-rule" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy" + }, { "condition_keys": [], "dependent_actions": [], @@ -217843,6 +244700,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a configuration policy with a member account or organizational unit in the calling account's organization", + "privilege": "StartConfigurationPolicyAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to remove a configuration policy association from a member account or organizational unit in the calling account's organization", + "privilege": "StartConfigurationPolicyDisassociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to a Security Hub resource", @@ -217853,6 +244734,11 @@ "dependent_actions": [], "resource_type": "automation-rule" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy" + }, { "condition_keys": [], "dependent_actions": [], @@ -217870,6 +244756,11 @@ "dependent_actions": [], "resource_type": "automation-rule" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy" + }, { "condition_keys": [], "dependent_actions": [], @@ -217889,6 +244780,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing configuration policy", + "privilege": "UpdateConfigurationPolicy", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "configuration-policy*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a finding aggregator, which contains the cross-Region finding aggregation configuration", @@ -217937,6 +244840,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update properties of a specific security control identified by ID or ARN", + "privilege": "UpdateSecurityControl", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "securityhub:UpdateStandardsControl" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update Security Hub configuration", @@ -217984,12 +244901,33 @@ "arn": "arn:${Partition}:securityhub:${Region}:${Account}:automation-rule/${AutomationRuleId}", "condition_keys": [], "resource": "automation-rule" + }, + { + "arn": "arn:${Partition}:securityhub:${Region}:${Account}:configuration-policy/${ConfigurationPolicyId}", + "condition_keys": [], + "resource": "configuration-policy" } ], "service_name": "AWS Security Hub" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], "prefix": "securitylake", "privileges": [ { @@ -218053,18 +244991,22 @@ "iam:CreateServiceLinkedRole", "iam:DeleteRolePolicy", "iam:GetRole", + "iam:ListAttachedRolePolicies", "iam:PassRole", "iam:PutRolePolicy", "kms:CreateGrant", "kms:DescribeKey", "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", + "lambda:AddPermission", "lambda:CreateEventSourceMapping", "lambda:CreateFunction", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListDelegatedServicesForAccount", "s3:CreateBucket", + "s3:GetObject", + "s3:GetObjectVersion", "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", @@ -218074,6 +245016,14 @@ "sqs:SetQueueAttributes" ], "resource_type": "data-lake*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -218107,7 +245057,10 @@ "privilege": "CreateSubscriber", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], "dependent_actions": [ "iam:CreateRole", "iam:DeleteRolePolicy", @@ -218391,6 +245344,23 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all tags for the resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-lake" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriber" + } + ] + }, { "access_level": "Write", "description": "Grants permission to designate an account as the Amazon Security Lake administrator account for the organization", @@ -218410,6 +245380,55 @@ } ] }, + { + "access_level": "Tagging", + "description": "Grants permission to add tags to the resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-lake" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriber" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove tags from the resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "data-lake" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "subscriber" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a security data lake", @@ -218423,16 +245442,20 @@ "iam:CreateServiceLinkedRole", "iam:DeleteRolePolicy", "iam:GetRole", + "iam:ListAttachedRolePolicies", "iam:PutRolePolicy", "kms:CreateGrant", "kms:DescribeKey", "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", + "lambda:AddPermission", "lambda:CreateEventSourceMapping", "lambda:CreateFunction", "organizations:DescribeOrganization", "organizations:ListDelegatedServicesForAccount", "s3:CreateBucket", + "s3:GetObject", + "s3:GetObjectVersion", "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", @@ -218522,12 +245545,18 @@ "resources": [ { "arn": "arn:${Partition}:securitylake:${Region}:${Account}:data-lake/default", - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "resource": "data-lake" }, { "arn": "arn:${Partition}:securitylake:${Region}:${Account}:subscriber/${SubscriberId}", - "condition_keys": [], + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" + ], "resource": "subscriber" } ], @@ -220441,7 +247470,7 @@ { "condition": "servicediscovery:NamespaceArn", "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related namespace", - "type": "String" + "type": "ARN" }, { "condition": "servicediscovery:NamespaceName", @@ -220451,7 +247480,7 @@ { "condition": "servicediscovery:ServiceArn", "description": "Filters access by specifying the Amazon Resource Name (ARN) for the related service", - "type": "String" + "type": "ARN" }, { "condition": "servicediscovery:ServiceName", @@ -220585,6 +247614,21 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to discover the revision of the instances for a specified namespace and service", + "privilege": "DiscoverInstancesRevision", + "resource_types": [ + { + "condition_keys": [ + "servicediscovery:NamespaceName", + "servicediscovery:ServiceName" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get information about a specified instance", @@ -220752,8 +247796,7 @@ "resource_types": [ { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -220893,7 +247936,10 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization", + "organizations:EnableAWSServiceAccess" + ], "resource_type": "" } ] @@ -220905,7 +247951,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] @@ -220917,7 +247965,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] @@ -220941,7 +247991,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] @@ -220965,7 +248017,16 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit" + ], "resource_type": "" } ] @@ -220977,7 +248038,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] @@ -221025,7 +248088,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "" } ] @@ -221037,7 +248102,16 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit" + ], "resource_type": "" } ] @@ -221073,7 +248147,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "organizations:DescribeOrganization" + ], "resource_type": "quota" }, { @@ -221126,7 +248202,6 @@ "resource_types": [ { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -223149,42 +250224,47 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the presence of tag key-value pairs in the request", + "description": "Filters access by the presence of tag key-value pairs in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on tag key-value pairs attached to the resource", + "description": "Filters access by tag key-value pairs attached to the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the presence of tag keys in the request", + "description": "Filters access by the presence of tag keys in the request", "type": "ArrayOfString" }, { "condition": "ses:ApiVersion", - "description": "Filters actions based on the SES API version", + "description": "Filters access by the SES API version", + "type": "String" + }, + { + "condition": "ses:ExportSourceType", + "description": "Filters access by the export source type", "type": "String" }, { "condition": "ses:FeedbackAddress", - "description": "Filters actions based on the \"Return-Path\" address, which specifies where bounces and complaints are sent by email feedback forwarding", + "description": "Filters access by the \"Return-Path\" address, which specifies where bounces and complaints are sent by email feedback forwarding", "type": "String" }, { "condition": "ses:FromAddress", - "description": "Filters actions based on the \"From\" address of a message", + "description": "Filters access by the \"From\" address of a message", "type": "String" }, { "condition": "ses:FromDisplayName", - "description": "Filters actions based on the \"From\" address that is used as the display name of a message", + "description": "Filters access by the \"From\" address that is used as the display name of a message", "type": "String" }, { "condition": "ses:Recipients", - "description": "Filters actions based on the recipient addresses of a message, which include the \"To\", \"CC\", and \"BCC\" addresses", + "description": "Filters access by the recipient addresses of a message, which include the \"To\", \"CC\", and \"BCC\" addresses", "type": "ArrayOfString" } ], @@ -223215,6 +250295,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to cancel an export job", + "privilege": "CancelExportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "export-job*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "ses:ExportSourceType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new configuration set", @@ -223418,6 +250518,21 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an export job", + "privilege": "CreateExportJob", + "resource_types": [ + { + "condition_keys": [ + "ses:ApiVersion", + "ses:ExportSourceType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to creates an import job for a data destination", @@ -223931,6 +251046,26 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get information about an export job", + "privilege": "GetExportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "export-job*" + }, + { + "condition_keys": [ + "ses:ApiVersion", + "ses:ExportSourceType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to provide information about an import job", @@ -223950,6 +251085,20 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to provide insights about a message", + "privilege": "GetMessageInsights", + "resource_types": [ + { + "condition_keys": [ + "ses:ApiVersion" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about a specific email address that's on the suppression list for your account", @@ -224095,6 +251244,21 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all the exports jobs for your account", + "privilege": "ListExportJobs", + "resource_types": [ + { + "condition_keys": [ + "ses:ApiVersion", + "ses:ExportSourceType" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all of the import jobs for your account", @@ -224893,6 +252057,11 @@ ], "resource": "deliverability-test-report" }, + { + "arn": "arn:${Partition}:ses:${Region}:${Account}:export-job/${ExportJobId}", + "condition_keys": [], + "resource": "export-job" + }, { "arn": "arn:${Partition}:ses:${Region}:${Account}:identity/${IdentityName}", "condition_keys": [ @@ -225526,13 +252695,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "signing-profile*" - }, - { - "condition_keys": [ - "signer:ProfileVersion" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -225699,13 +252861,6 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "signing-profile*" - }, - { - "condition_keys": [ - "signer:ProfileVersion" - ], - "dependent_actions": [], - "resource_type": "" } ] }, @@ -225842,6 +252997,48 @@ ], "service_name": "AWS Signer" }, + { + "conditions": [], + "prefix": "signin", + "privileges": [ + { + "access_level": "Write", + "description": "Creates trusted identity propagation application for console", + "privilege": "CreateTrustedIdentityPropagationApplicationForConsole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:CreateApplication", + "sso:GetSharedSsoConfiguration", + "sso:ListApplications", + "sso:PutApplicationAssignmentConfiguration", + "sso:PutApplicationAuthenticationMethod", + "sso:PutApplicationGrant" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Lists trusted identity propagation application for console", + "privilege": "ListTrustedIdentityPropagationApplicationsForConsole", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sso:GetSharedSsoConfiguration", + "sso:ListApplications" + ], + "resource_type": "" + } + ] + } + ], + "resources": [], + "service_name": "AWS Signin" + }, { "conditions": [ { @@ -226761,6 +253958,86 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a registration", + "privilege": "CreateRegistration", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "sms-voice:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to associate a registration with a phone number or another registration", + "privilege": "CreateRegistrationAssociation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "PhoneNumber" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a registration attachment", + "privilege": "CreateRegistrationAttachment", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "sms-voice:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a registration version", + "privilege": "CreateRegistrationVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a verified destination number", + "privilege": "CreateVerifiedDestinationNumber", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "sms-voice:TagResource" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a configuration set", @@ -226862,6 +254139,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a registration", + "privilege": "DeleteRegistration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a registration attachment", + "privilege": "DeleteRegistrationAttachment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RegistrationAttachment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an optional registration field value", + "privilege": "DeleteRegistrationFieldValue", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an override for your account's text messaging monthly spend limit", @@ -226874,6 +254187,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a verified destination number", + "privilege": "DeleteVerifiedDestinationNumber", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VerifiedDestinationNumber*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an override for your account's voice messaging monthly spend limit", @@ -226987,6 +254312,90 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the registration attachments in your account", + "privilege": "DescribeRegistrationAttachments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RegistrationAttachment" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the field definitions for a given registration type", + "privilege": "DescribeRegistrationFieldDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the field values for a given registration", + "privilege": "DescribeRegistrationFieldValues", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the section definitions for a given registration type", + "privilege": "DescribeRegistrationSectionDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the registration types supported by the service", + "privilege": "DescribeRegistrationTypeDefinitions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the versions for a given registration", + "privilege": "DescribeRegistrationVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe the registrations in your account", + "privilege": "DescribeRegistrations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the sender IDs in your account", @@ -227011,6 +254420,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe the verified destination numbers in your account", + "privilege": "DescribeVerifiedDestinationNumbers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VerifiedDestinationNumber" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disassociate an origination phone number or sender ID from a pool", @@ -227033,6 +254454,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to discard the latest version of a given registration", + "privilege": "DiscardRegistrationVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list all origination phone numbers and sender IDs associated to a pool", @@ -227045,6 +254478,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list all resources associated to a registration", + "privilege": "ListRegistrationAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the tags for a resource", @@ -227106,6 +254551,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to put a registration field value", + "privilege": "PutRegistrationFieldValue", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to release an origination phone number", @@ -227118,6 +254575,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to release a sender ID", + "privilege": "ReleaseSenderId", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SenderId*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to request an origination phone number", @@ -227141,6 +254610,48 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to request an unregistered sender ID", + "privilege": "RequestSenderId", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "sms-voice:TagResource" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to send a text or voice message containing a verification code to a destination phone number", + "privilege": "SendDestinationNumberVerificationCode", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "sms-voice:SendTextMessage", + "sms-voice:SendVoiceMessage" + ], + "resource_type": "PhoneNumber" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Pool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SenderId" + } + ] + }, { "access_level": "Write", "description": "Grants permission to send a text message to a destination phone number", @@ -227228,6 +254739,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to submit the latest version of a given registration", + "privilege": "SubmitRegistrationVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration*" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add tags to a resource", @@ -227253,11 +254776,26 @@ "dependent_actions": [], "resource_type": "Pool" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RegistrationAttachment" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "SenderId" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VerifiedDestinationNumber" + }, { "condition_keys": [ "aws:RequestTag/${TagKey}", @@ -227293,14 +254831,28 @@ "dependent_actions": [], "resource_type": "Pool" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Registration" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "RegistrationAttachment" + }, { "condition_keys": [], "dependent_actions": [], "resource_type": "SenderId" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VerifiedDestinationNumber" + }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -227329,7 +254881,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "PhoneNumber*" } ] @@ -227341,10 +254895,36 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "iam:PassRole" + ], "resource_type": "Pool*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a sender ID's configuration", + "privilege": "UpdateSenderId", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "SenderId*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to verify a destination phone number", + "privilege": "VerifyDestinationNumber", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "VerifiedDestinationNumber*" + } + ] } ], "resources": [ @@ -227382,6 +254962,27 @@ "aws:ResourceTag/${TagKey}" ], "resource": "SenderId" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:registration/${RegistrationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "Registration" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:registration-attachment/${RegistrationAttachmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "RegistrationAttachment" + }, + { + "arn": "arn:${Partition}:sms-voice:${Region}:${Account}:verified-destination-number/${VerifiedDestinationNumberId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "VerifiedDestinationNumber" } ], "service_name": "Amazon Pinpoint SMS Voice V2" @@ -227869,6 +255470,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Address objects where pickup is available, of the specified length", + "privilege": "ListPickupLocations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all supported versions for Snow on-device services", @@ -228932,6 +256545,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get database structure metadata for auto-completion", + "privilege": "GetAutocompletionMetadata", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get database structure information for auto-completion", + "privilege": "GetAutocompletionResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get charts on your account", @@ -228980,6 +256617,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get text to SQL recommendations", + "privilege": "GetQSqlRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the query execution history on your account", @@ -229325,8 +256974,7 @@ }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -229369,6 +257017,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update account-wide text to SQL settings", + "privilege": "UpdateAccountQSqlSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update a chart on your account", @@ -229864,6 +257524,11 @@ "description": "Filters access by 'Create' requests based on whether mandatory tags are included in the request", "type": "ArrayOfString" }, + { + "condition": "ec2:SourceInstanceARN", + "description": "Filters access by the ARN of the instance from which the request originated", + "type": "ARN" + }, { "condition": "ssm:AutoApprove", "description": "Filters access by verifying that a user has permission to start Change Manager workflows without a review step (with the exception of change freeze events)", @@ -229876,12 +257541,12 @@ }, { "condition": "ssm:Overwrite", - "description": "Controls whether Systems Manager parameters can be overwritten", + "description": "Filters access by controling whether Systems Manager parameters can be overwritten", "type": "String" }, { "condition": "ssm:Recursive", - "description": "Filters access to Systems Manager parameters created in a hierarchical structure", + "description": "Filters access by Systems Manager parameters created in a hierarchical structure", "type": "String" }, { @@ -229889,6 +257554,11 @@ "description": "Filters access by verifying that a user has permission to access either the default Session Manager configuration document or the custom configuration document specified in a request", "type": "Bool" }, + { + "condition": "ssm:SourceInstanceARN", + "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile", + "type": "ARN" + }, { "condition": "ssm:SyncType", "description": "Filters access by verifying that a user also has access to the ResourceDataSync SyncType specified in the request", @@ -229896,7 +257566,17 @@ }, { "condition": "ssm:resourceTag/${TagKey}", - "description": "Filters access based on a tag key-value pair assigned to the Systems Manager resource", + "description": "Filters access by a tag key-value pair assigned to the Systems Manager resource", + "type": "String" + }, + { + "condition": "ssm:resourceTag/aws:ssmmessages:session-id", + "description": "Filters access by based on a tag key-value pair assigned to the Systems Manager session resource", + "type": "String" + }, + { + "condition": "ssm:resourceTag/aws:ssmmessages:target-id", + "description": "Filters access by based on a tag key-value pair assigned to the Systems Manager session resource", "type": "String" }, { @@ -229927,6 +257607,11 @@ "dependent_actions": [], "resource_type": "document" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance" + }, { "condition_keys": [], "dependent_actions": [], @@ -229957,8 +257642,14 @@ "dependent_actions": [], "resource_type": "patchbaseline" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -230023,6 +257714,11 @@ "description": "Grants permission to associate a specified Systems Manager document with specified instances or other targets", "privilege": "CreateAssociation", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "association*" + }, { "condition_keys": [], "dependent_actions": [], @@ -230040,6 +257736,7 @@ }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:RequestTag/${TagKey}", "aws:TagKeys" ], @@ -230067,6 +257764,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -230207,6 +257913,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -230246,6 +257959,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an OpsItem", + "privilege": "DeleteOpsItem", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "opsitem*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an OpsMetadata object", @@ -230416,6 +258141,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -230428,6 +258160,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -230440,6 +258179,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -230529,6 +258275,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -230558,6 +258311,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231202,6 +258962,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231315,6 +259082,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231441,6 +259215,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "patchbaseline" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231482,6 +259263,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231625,6 +259414,11 @@ "dependent_actions": [], "resource_type": "document" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "instance" + }, { "condition_keys": [], "dependent_actions": [], @@ -231655,8 +259449,14 @@ "dependent_actions": [], "resource_type": "patchbaseline" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "task" + }, { "condition_keys": [ + "aws:ResourceTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -231685,6 +259485,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "session*" + }, + { + "condition_keys": [ + "ssm:resourceTag/aws:ssmmessages:session-id", + "ssm:resourceTag/aws:ssmmessages:target-id" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231744,6 +259552,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "association*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231845,6 +259660,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "session*" + }, + { + "condition_keys": [ + "ssm:resourceTag/aws:ssmmessages:session-id", + "ssm:resourceTag/aws:ssmmessages:target-id" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231884,6 +259707,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231906,6 +259736,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231964,6 +259803,15 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN", + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -231981,6 +259829,14 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "managed-instance" + }, + { + "condition_keys": [ + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -232147,7 +260003,8 @@ "arn": "arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}", "condition_keys": [ "aws:ResourceTag/${TagKey}", - "ssm:DocumentCategories" + "ssm:DocumentCategories", + "ssm:resourceTag/${TagKey}" ], "resource": "document" }, @@ -232218,7 +260075,10 @@ }, { "arn": "arn:${Partition}:ssm:${Region}:${Account}:session/${SessionId}", - "condition_keys": [], + "condition_keys": [ + "ssm:resourceTag/aws:ssmmessages:session-id", + "ssm:resourceTag/aws:ssmmessages:target-id" + ], "resource": "session" }, { @@ -232233,12 +260093,18 @@ }, { "arn": "arn:${Partition}:ssm:${Region}:${Account}:windowtarget/${WindowTargetId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ssm:resourceTag/tag-key" + ], "resource": "windowtarget" }, { "arn": "arn:${Partition}:ssm:${Region}:${Account}:windowtask/${WindowTaskId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "ssm:resourceTag/tag-key" + ], "resource": "windowtask" }, { @@ -232841,7 +260707,7 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to terminate a GUI Connect session", + "description": "Grants permission to terminate a GUI Connect connection", "privilege": "CancelConnection", "resource_types": [ { @@ -232853,7 +260719,7 @@ }, { "access_level": "Read", - "description": "Grants permission to get the metadata for a GUI Connect session", + "description": "Grants permission to get the metadata for a GUI Connect connection", "privilege": "GetConnection", "resource_types": [ { @@ -232865,7 +260731,7 @@ }, { "access_level": "Write", - "description": "Grants permission to start a GUI Connect session", + "description": "Grants permission to start a GUI Connect connection", "privilege": "StartConnection", "resource_types": [ { @@ -232899,6 +260765,23 @@ ], "prefix": "ssm-incidents", "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to retrieve details about specified findings for an incident record", + "privilege": "BatchGetIncidentFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "incident-record*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "response-plan*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a replication set", @@ -233082,6 +260965,23 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list findings for an incident record", + "privilege": "ListIncidentFindings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "incident-record*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "response-plan*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the contents of all incident records", @@ -233096,7 +260996,7 @@ }, { "access_level": "List", - "description": "Grants permission to list related items of an incident records", + "description": "Grants permission to list related items of an incident record", "privilege": "ListRelatedItems", "resource_types": [ { @@ -233433,7 +261333,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application" } ] }, @@ -233457,7 +261357,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "component" } ] }, @@ -233517,7 +261417,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application" } ] }, @@ -233596,6 +261496,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start an on-demand discovery of a registered SSM for SAP application", + "privilege": "StartApplicationRefresh", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "application" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to tag a specified resource ARN", @@ -233606,6 +261518,11 @@ "dependent_actions": [], "resource_type": "application" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component" + }, { "condition_keys": [], "dependent_actions": [], @@ -233631,6 +261548,11 @@ "dependent_actions": [], "resource_type": "application" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "component" + }, { "condition_keys": [], "dependent_actions": [], @@ -233653,7 +261575,7 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "application" } ] }, @@ -233678,6 +261600,13 @@ ], "resource": "application" }, + { + "arn": "arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}/COMPONENT/${ComponentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "component" + }, { "arn": "arn:${Partition}:ssm-sap:${Region}:${Account}:${ApplicationType}/${ApplicationId}/DB/${DatabaseId}", "condition_keys": [ @@ -233690,10 +261619,15 @@ }, { "conditions": [ + { + "condition": "ec2:SourceInstanceARN", + "description": "Filters access by the ARN of the instance from which the request originated", + "type": "ARN" + }, { "condition": "ssm:SourceInstanceARN", "description": "Filters access by verifying the Amazon Resource Name (ARN) of the AWS Systems Manager's managed instance from which the request is made. This key is not present when the request comes from the managed instance authenticated with an IAM role associated with EC2 instance profile", - "type": "String" + "type": "ARN" } ], "prefix": "ssmmessages", @@ -233705,7 +261639,8 @@ "resource_types": [ { "condition_keys": [ - "ssm:SourceInstanceARN" + "ssm:SourceInstanceARN", + "ec2:SourceInstanceARN" ], "dependent_actions": [], "resource_type": "" @@ -233750,7 +261685,7 @@ } ], "resources": [], - "service_name": "Amazon Session Manager Message Gateway Service" + "service_name": "Amazon Message Gateway Service" }, { "conditions": [ @@ -233768,6 +261703,11 @@ "condition": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" + }, + { + "condition": "sso:ApplicationAccount", + "description": "Filters access by the account which creates the application", + "type": "String" } ], "prefix": "sso", @@ -233854,6 +261794,50 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an application", + "privilege": "CreateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApplicationProvider*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an application assignment", + "privilege": "CreateApplicationAssignment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add an application instance to AWS IAM Identity Center", @@ -233878,6 +261862,29 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an identity center instance", + "privilege": "CreateInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "iam:CreateServiceLinkedRole", + "organizations:DescribeOrganization" + ], + "resource_type": "Instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to enable the instance for ABAC and specify the attributes", @@ -233962,6 +261969,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a trusted token issuer for an instance", + "privilege": "CreateTrustedTokenIssuer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a Principal's access from a specified AWS account using a specified permission set", @@ -233984,6 +262011,101 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an application", + "privilege": "DeleteApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an access scope to an application", + "privilege": "DeleteApplicationAccessScope", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an application assignment", + "privilege": "DeleteApplicationAssignment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an authentication method to an application", + "privilege": "DeleteApplicationAuthenticationMethod", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a grant from an application", + "privilege": "DeleteApplicationGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete the application instance", @@ -234025,6 +262147,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an identity center instance", + "privilege": "DeleteInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to disable ABAC and remove the attributes list for the instance", @@ -234107,6 +262241,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a trusted token issuer for an instance", + "privilege": "DeleteTrustedTokenIssuer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TrustedTokenIssuer*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to describe the status of the assignment creation request", @@ -234131,6 +262277,56 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to obtain information about an application", + "privilege": "DescribeApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve an application assignment", + "privilege": "DescribeApplicationAssignment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to describe an application provider", + "privilege": "DescribeApplicationProvider", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApplicationProvider*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to obtain information about the directories for this account", @@ -234143,6 +262339,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to obtain information about an identity center instance", + "privilege": "DescribeInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get the list of attributes used by the instance for ABAC", @@ -234208,6 +262416,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to describe a trusted token issuer for an instance", + "privilege": "DescribeTrustedTokenIssuer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TrustedTokenIssuer*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to obtain information about the trust relationships for this account", @@ -234280,6 +262500,82 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an access scope to an application", + "privilege": "GetApplicationAccessScope", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to read assignment configurations for an application", + "privilege": "GetApplicationAssignmentConfiguration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an authentication method to an application", + "privilege": "GetApplicationAuthenticationMethod", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to obtain details about a grant belonging to an application", + "privilege": "GetApplicationGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve details for an application instance", @@ -234506,6 +262802,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list accounts assigned to user or group", + "privilege": "ListAccountAssignmentsForPrincipal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list all the AWS accounts where the specified permission set is provisioned", @@ -234523,6 +262831,101 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list access scopes to an application", + "privilege": "ListApplicationAccessScopes", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list application assignments", + "privilege": "ListApplicationAssignments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list applications assigned to user or group", + "privilege": "ListApplicationAssignmentsForPrincipal", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list authentication methods to an application", + "privilege": "ListApplicationAuthenticationMethods", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list grants from an application", + "privilege": "ListApplicationGrants", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve all of the certificates for a given application instance", @@ -234549,6 +262952,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list application providers", + "privilege": "ListApplicationProviders", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "ApplicationProvider*" + } + ] + }, { "access_level": "List", "description": "Grants permission to retrieve all supported application templates", @@ -234565,7 +262980,7 @@ }, { "access_level": "List", - "description": "Grants permission to retrieve all supported applications", + "description": "Grants permission to retrieve all applications associated with the instance of IAM Identity Center", "privilege": "ListApplications", "resource_types": [ { @@ -234708,12 +263123,34 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "Application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "PermissionSet*" + "resource_type": "Instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "PermissionSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TrustedTokenIssuer" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list trusted token issuers for an instance", + "privilege": "ListTrustedTokenIssuers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" } ] }, @@ -234739,6 +263176,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create/update an access scope to an application", + "privilege": "PutApplicationAccessScope", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add assignment configurations to an application", @@ -234747,6 +263203,51 @@ { "condition_keys": [], "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create/update an authentication method to an application", + "privilege": "PutApplicationAuthenticationMethod", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create/update a grant to an application", + "privilege": "PutApplicationGrant", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], "resource_type": "" } ] @@ -234860,12 +263361,22 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "Application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "PermissionSet*" + "resource_type": "Instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "PermissionSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TrustedTokenIssuer" }, { "condition_keys": [ @@ -234885,16 +263396,25 @@ { "condition_keys": [], "dependent_actions": [], - "resource_type": "Instance*" + "resource_type": "Application" }, { "condition_keys": [], "dependent_actions": [], - "resource_type": "PermissionSet*" + "resource_type": "Instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "PermissionSet" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TrustedTokenIssuer" }, { "condition_keys": [ - "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependent_actions": [], @@ -234902,6 +263422,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an application", + "privilege": "UpdateApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + }, + { + "condition_keys": [ + "sso:ApplicationAccount" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set a certificate as the active one for this application instance", @@ -234998,6 +263537,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an identity center instance", + "privilege": "UpdateInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Instance*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the attributes to use with the instance for ABAC", @@ -235074,6 +263625,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a trusted token issuer for an instance", + "privilege": "UpdateTrustedTokenIssuer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "TrustedTokenIssuer*" + } + ] } ], "resources": [ @@ -235091,8 +263654,30 @@ }, { "arn": "arn:${Partition}:sso:::instance/${InstanceId}", - "condition_keys": [], + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], "resource": "Instance" + }, + { + "arn": "arn:${Partition}:sso::${AccountId}:application/${InstanceId}/${ApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "sso:ApplicationAccount" + ], + "resource": "Application" + }, + { + "arn": "arn:${Partition}:sso::${AccountId}:trustedTokenIssuer/${InstanceId}/${TrustedTokenIssuerId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "TrustedTokenIssuer" + }, + { + "arn": "arn:${Partition}:sso::aws:applicationProvider/${ApplicationProviderId}", + "condition_keys": [], + "resource": "ApplicationProvider" } ], "service_name": "AWS IAM Identity Center (successor to AWS Single Sign-On)" @@ -235729,6 +264314,32 @@ "resources": [], "service_name": "AWS IAM Identity Center (successor to AWS Single Sign-On) directory" }, + { + "conditions": [], + "prefix": "sso-oauth", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create OAuth/OIDC tokens to access IAM Identity Center integrated applications", + "privilege": "CreateTokenWithIAM", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Application*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:sso::${AccountId}:application/${InstanceId}/${ApplicationId}", + "condition_keys": [], + "resource": "Application" + } + ], + "service_name": "AWS IAM Identity Center OIDC service" + }, { "conditions": [ { @@ -235746,6 +264357,16 @@ "description": "Filters access by a list of tag keys that are allowed in the request", "type": "ArrayOfString" }, + { + "condition": "states:HTTPEndpoint", + "description": "Filters access by the endpoint that the HTTP Task state allows in the request", + "type": "String" + }, + { + "condition": "states:HTTPMethod", + "description": "Filters access by the method that the HTTP Task state allows in the request", + "type": "String" + }, { "condition": "states:StateMachineQualifier", "description": "Filters access by the qualifier of a state machine ARN", @@ -235782,6 +264403,7 @@ { "condition_keys": [], "dependent_actions": [ + "iam:PassRole", "states:PublishStateMachineVersion" ], "resource_type": "statemachine*" @@ -235992,6 +264614,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to invoke the HTTP Task state", + "privilege": "InvokeHTTPEndpoint", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the existing activities", @@ -236112,6 +264746,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to redrive an execution", + "privilege": "RedriveExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "execution*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to reveal sensitive data from an execution", + "privilege": "RevealSecrets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to report that the task identified by the taskToken failed", @@ -236223,6 +264881,20 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to test a state machine definition", + "privilege": "TestState", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "states:RevealSecrets" + ], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to remove a tag from an AWS Step Functions resource", @@ -236267,6 +264939,7 @@ { "condition_keys": [], "dependent_actions": [ + "iam:PassRole", "states:PublishStateMachineVersion" ], "resource_type": "statemachine*" @@ -236299,6 +264972,18 @@ "resource_type": "" } ] + }, + { + "access_level": "Read", + "description": "Grants permission to validate a state machine definition", + "privilege": "ValidateStateMachineDefinition", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] } ], "resources": [ @@ -236342,6 +265027,16 @@ "arn": "arn:${Partition}:states:${Region}:${Account}:mapRun:${StateMachineName}/${MapRunLabel}:${MapRunId}", "condition_keys": [], "resource": "maprun" + }, + { + "arn": "arn:${Partition}:states:${Region}:${Account}:execution:${StateMachineName}/${MapRunLabel}:${ExecutionId}", + "condition_keys": [], + "resource": "labelled execution" + }, + { + "arn": "arn:${Partition}:states:${Region}:${Account}:express:${StateMachineName}/${MapRunLabel}:${ExecutionId}:${ExpressId}", + "condition_keys": [], + "resource": "labelled express" } ], "service_name": "AWS Step Functions" @@ -237166,7 +265861,7 @@ }, { "access_level": "List", - "description": "Grants permission to list the automatic tape creation policies configured on the specified gateway-VTL or all gateway-VTLs owned by your account", + "description": "Grants permission to list the automatic tape creation policies configured on the specified gateway-VTL or all gateway-VTLs owned by your AWS account", "privilege": "ListAutomaticTapeCreationPolicies", "resource_types": [ { @@ -237178,7 +265873,7 @@ }, { "access_level": "List", - "description": "Grants permission to get a list of the file shares for a specific file gateway, or the list of file shares that belong to the calling user account", + "description": "Grants permission to get a list of the file shares for a specific file gateway, or the list of file shares owned by your AWS account", "privilege": "ListFileShares", "resource_types": [ { @@ -237958,11 +266653,26 @@ "description": "Filters access by the service that is obtaining a bearer token", "type": "String" }, + { + "condition": "sts:DurationSeconds", + "description": "Filters access by the duration in seconds when getting a bearer token", + "type": "String" + }, { "condition": "sts:ExternalId", "description": "Filters access by the unique identifier required when you assume a role in another account", "type": "String" }, + { + "condition": "sts:RequestContext/${ContextKey}", + "description": "Filters access by the session context key-value pairs embedded in the signed context assertion retrieved from a trusted context provider", + "type": "String" + }, + { + "condition": "sts:RequestContextProviders", + "description": "Filters access by the context provider ARNs", + "type": "ArrayOfARN" + }, { "condition": "sts:RoleSessionName", "description": "Filters access by the role session name required when you assume a role", @@ -237976,7 +266686,7 @@ { "condition": "sts:TransitiveTagKeys", "description": "Filters access by the transitive tag keys that are passed in the request", - "type": "String" + "type": "ArrayOfString" }, { "condition": "www.amazon.com:app_id", @@ -238009,7 +266719,19 @@ "sts:ExternalId", "sts:RoleSessionName", "iam:ResourceTag/${TagKey}", - "sts:SourceIdentity" + "sts:SourceIdentity", + "cognito-identity.amazonaws.com:amr", + "cognito-identity.amazonaws.com:aud", + "cognito-identity.amazonaws.com:sub", + "www.amazon.com:app_id", + "www.amazon.com:user_id", + "graph.facebook.com:app_id", + "graph.facebook.com:id", + "accounts.google.com:aud", + "accounts.google.com:sub", + "saml:namequalifier", + "saml:sub", + "saml:sub_type" ], "dependent_actions": [], "resource_type": "" @@ -238167,7 +266889,8 @@ "resource_types": [ { "condition_keys": [ - "sts:AWSServiceName" + "sts:AWSServiceName", + "sts:DurationSeconds" ], "dependent_actions": [], "resource_type": "" @@ -238186,6 +266909,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to set context keys on a STS session", + "privilege": "SetContext", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "role" + }, + { + "condition_keys": [ + "sts:RequestContext/${ContextKey}", + "sts:RequestContextProviders" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to set a source identity on a STS session", @@ -238242,7 +266985,8 @@ { "arn": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}", "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "iam:ResourceTag/${TagKey}" ], "resource": "role" }, @@ -238330,6 +267074,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a single communication and attachments for a single AWS Support case", + "privilege": "DescribeCommunication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the communications and attachments for one or more AWS Support cases", @@ -240245,6 +269001,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to view/download tax documents/forms", + "privilege": "GetTaxInfoReportingDocument", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view tax inheritance status", @@ -240358,7 +269126,23 @@ "service_name": "AWS Tax Settings" }, { - "conditions": [], + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], "prefix": "textract", "privileges": [ { @@ -240403,6 +269187,65 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon Textract adapter", + "privilege": "CreateAdapter", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create an Amazon Textract adapter version", + "privilege": "CreateAdapterVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon Textract adapter", + "privilege": "DeleteAdapter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an Amazon Textract adapter version", + "privilege": "DeleteAdapterVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapterversion*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to detect text in document images", @@ -240417,6 +269260,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get an Amazon Textract adapter", + "privilege": "GetAdapter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get an Amazon Textract adapter version", + "privilege": "GetAdapterVersion", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapterversion*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about a document analysis job", @@ -240477,6 +269344,47 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to list Amazon Textract adapter versions", + "privilege": "ListAdapterVersions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list Amazon Textract adapters", + "privilege": "ListAdapters", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to return a list of tags associated with a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapterversion" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start an asynchronous job to detect instances of real-world document entities within an image or pdf provided as input", @@ -240532,11 +269440,360 @@ "resource_type": "" } ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapterversion" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapterversion" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update Amazon Textract adapter", + "privilege": "UpdateAdapter", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "adapter*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:textract:${Region}:${Account}:/adapters/${AdapterId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "adapter" + }, + { + "arn": "arn:${Partition}:textract:${Region}:${Account}:/adapters/${AdapterId}/versions/${AdapterVersion}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "adapterversion" } ], - "resources": [], "service_name": "Amazon Textract" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the tags that are passed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by the tags associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "thinclient", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create environments", + "privilege": "CreateEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete devices", + "privilege": "DeleteDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete environments", + "privilege": "DeleteEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to deregister devices", + "privilege": "DeregisterDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of devices", + "privilege": "GetDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of environments", + "privilege": "GetEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details of software sets", + "privilege": "GetSoftwareSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "softwareset*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list device sessions", + "privilege": "ListDeviceSessions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list devices", + "privilege": "ListDevices", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list environments", + "privilege": "ListEnvironments", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list software sets", + "privilege": "ListSoftwareSets", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list tags for a resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to add one or more tags to a resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to remove one or more tags from a resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update devices", + "privilege": "UpdateDevice", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "device*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update environments", + "privilege": "UpdateEnvironment", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "environment*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update software set", + "privilege": "UpdateSoftwareSet", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "softwareset*" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:thinclient::${Account}:environment/${EnvironmentId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "environment" + }, + { + "arn": "arn:${Partition}:thinclient::${Account}:device/${DeviceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "device" + }, + { + "arn": "arn:${Partition}:thinclient::${Account}:softwareset/${SoftwareSetId}", + "condition_keys": [], + "resource": "softwareset" + } + ], + "service_name": "Amazon WorkSpaces Thin Client" + }, { "conditions": [ { @@ -241143,6 +270400,222 @@ ], "service_name": "Amazon Timestream" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by a tag key and value pair that is allowed in the request", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by a tag key and value pair of a resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by a list of tag keys that are allowed in the request", + "type": "ArrayOfString" + } + ], + "prefix": "timestream-influxdb", + "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to create a new Timestream InfluxDB instance", + "privilege": "CreateDbInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-parameter-group" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to create a new Timestream InfluxDB parameter group", + "privilege": "CreateDbParameterGroup", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete a Timestream InfluxDB instance", + "privilege": "DeleteDbInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-instance*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a Timestream InfluxDB instance", + "privilege": "GetDbInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-instance*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get information about a Timestream InfluxDB parameter group", + "privilege": "GetDbParameterGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-parameter-group*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about all Timestream InfluxDB instances in the account", + "privilege": "ListDbInstances", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list information about all Timestream InfluxDB parameter groups", + "privilege": "ListDbParameterGroups", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list tags for a Timestream InfluxDB resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag a Timestream InfluxDB resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-parameter-group" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag a Timestream InfluxDB resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-instance" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-parameter-group" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a Timestream InfluxDB instance", + "privilege": "UpdateDbInstance", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-instance*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "db-parameter-group" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:timestream-influxdb:${Region}:${Account}:db-instance/${DbInstanceIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "db-instance" + }, + { + "arn": "arn:${Partition}:timestream-influxdb:${Region}:${Account}:db-parameter-group/${DbParameterGroupIdentifier}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "db-parameter-group" + } + ], + "service_name": "Amazon Timestream InfluxDB" + }, { "conditions": [], "prefix": "tiros", @@ -242035,6 +271508,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a previously submitted Medical Scribe job", + "privilege": "DeleteMedicalScribeJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "medicalscribejob*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a previously submitted medical transcription job", @@ -242131,6 +271616,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to return information about a Medical Scribe job", + "privilege": "GetMedicalScribeJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "medicalscribejob*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to return information about a medical transcription job", @@ -242227,6 +271724,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Medical Scribe jobs with the specified status", + "privilege": "ListMedicalScribeJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list medical transcription jobs with the specified status", @@ -242340,6 +271849,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start an asynchronous job to transcribe patient-clinician conversations and generates clinical notes", + "privilege": "StartMedicalScribeJob", + "resource_types": [ + { + "condition_keys": [ + "transcribe:OutputBucketName", + "transcribe:OutputEncryptionKMSKeyId", + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "s3:GetObject" + ], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to start a protocol where audio is streamed to Transcribe Medical and the transcription results are streamed to your application", @@ -242564,6 +272092,13 @@ "arn": "arn:${Partition}:transcribe:${Region}:${Account}:analytics-category/${CategoryName}", "condition_keys": [], "resource": "callanalyticscategory" + }, + { + "arn": "arn:${Partition}:transcribe:${Region}:${Account}:medical-scribe-job/${JobName}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "medicalscribejob" } ], "service_name": "Amazon Transcribe" @@ -243291,6 +272826,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to test a connector's connection to remote server", + "privilege": "TestConnection", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "connector*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to test a server's custom identity provider", @@ -244158,6 +273705,30 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get a specific recommendation within an AWS Organization's organization. This API supports only prioritized recommendations", + "privilege": "GetOrganizationRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get a specific Recommendation", + "privilege": "GetRecommendation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to include recommendations for AWS Trusted Advisor checks", @@ -244182,6 +273753,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list a filterable set of Checks", + "privilege": "ListChecks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view all communications for an engagement", @@ -244218,6 +273801,42 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the accounts that own the resources for an AWS Organization aggregate recommendation. This API only supports prioritized recommendations", + "privilege": "ListOrganizationRecommendationAccounts", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list Resources of a Recommendation within an AWS Organization. This API only supports prioritized recommendations", + "privilege": "ListOrganizationRecommendationResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list a filterable set of Recommendations within an AWS Organization. This API only supports prioritized recommendations", + "privilege": "ListOrganizationRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view, in the Trusted Advisor console, all of the organizational units (OUs) in a parent organizational unit or root", @@ -244230,6 +273849,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list Resources of a Recommendation", + "privilege": "ListRecommendationResources", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list a filterable set of Recommendations", + "privilege": "ListRecommendations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to view, in the Trusted Advisor console, all of the roots that are defined in an AWS organization", @@ -244278,6 +273921,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the details of an engagement", + "privilege": "UpdateEngagement", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the status of an engagement", @@ -244314,6 +273969,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update the lifecyle of a Recommendation within an AWS Organization. This API only supports prioritized recommendations", + "privilege": "UpdateOrganizationRecommendationLifecycle", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the lifecyle of a Recommendation. This API only supports prioritized recommendations", + "privilege": "UpdateRecommendationLifecycle", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the risk status in AWS Trusted Advisor Priority", @@ -244336,6 +274015,179 @@ ], "service_name": "AWS Trusted Advisor" }, + { + "conditions": [ + { + "condition": "aws:RequestTag/${TagKey}", + "description": "Filters access by the allowed set of values for each of the tags", + "type": "String" + }, + { + "condition": "aws:ResourceTag/${TagKey}", + "description": "Filters access by tag-value associated with the resource", + "type": "String" + }, + { + "condition": "aws:TagKeys", + "description": "Filters access by the presence of mandatory tags in the request", + "type": "ArrayOfString" + } + ], + "prefix": "ts", + "privileges": [ + { + "access_level": "Read", + "description": "Grants permission to get details about specific execution within AWS Diagnostic tools", + "privilege": "GetExecution", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "execution*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about specific execution output within AWS Diagnostic tools", + "privilege": "GetExecutionOutput", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "execution*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to get details about specific tool within AWS Diagnostic tools", + "privilege": "GetTool", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "tool*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all available execution within AWS Diagnostic tools", + "privilege": "ListExecutions", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to list the tags for an AWS Diagnostic tools resource", + "privilege": "ListTagsForResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "execution*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list all available tools within AWS Diagnostic tools", + "privilege": "ListTools", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to start an execution workflow of specific tool within AWS Diagnostic tools", + "privilege": "StartExecution", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [ + "iam:PassRole" + ], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to tag an AWS Diagnostic tools resource", + "privilege": "TagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "execution*" + }, + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Tagging", + "description": "Grants permission to untag an AWS Diagnostic tools resource", + "privilege": "UntagResource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "execution*" + }, + { + "condition_keys": [ + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:ts::${Account}:execution/${UserId}/${ToolId}/${ExecutionId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "execution" + }, + { + "arn": "arn:${Partition}:ts::aws:tool/${ToolId}", + "condition_keys": [], + "resource": "tool" + } + ], + "service_name": "AWS Diagnostic tools" + }, { "conditions": [ { @@ -244714,6 +274566,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update an existing data source", + "privilege": "UpdateDataSource", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "DataSource*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the security profile", @@ -247322,11 +277193,6 @@ "description": "Grants permission to retrieve detailed information about a sample set of web requests", "privilege": "GetSampledRequests", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, { "condition_keys": [], "dependent_actions": [], @@ -248469,11 +278335,6 @@ "description": "Grants permission to retrieve detailed information for a sample set of web requests", "privilege": "GetSampledRequests", "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "rule" - }, { "condition_keys": [], "dependent_actions": [], @@ -249093,6 +278954,16 @@ "condition": "aws:TagKeys", "description": "Filters access by the presence of mandatory tags in the request", "type": "ArrayOfString" + }, + { + "condition": "wafv2:LogDestinationResource", + "description": "Filters access by log destination ARN for PutLoggingConfiguration API", + "type": "ARN" + }, + { + "condition": "wafv2:LogScope", + "description": "Filters access by log scope for Logging Configuration API", + "type": "String" } ], "prefix": "wafv2", @@ -249104,7 +278975,14 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "apigateway:SetWebACL", + "apprunner:AssociateWebAcl", + "appsync:SetWebACL", + "cognito-idp:AssociateWebACL", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "elasticloadbalancing:SetWebAcl" + ], "resource_type": "webacl*" }, { @@ -249273,6 +279151,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an API key", + "privilege": "DeleteAPIKey", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete FirewallManagedRulesGroups from a WebACL if not managed by Firewall Manager anymore", @@ -249306,6 +279196,13 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "webacl*" + }, + { + "condition_keys": [ + "wafv2:LogScope" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -249412,7 +279309,14 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "apigateway:SetWebACL", + "apprunner:DisassociateWebAcl", + "appsync:SetWebACL", + "cognito-idp:DisassociateWebACL", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "elasticloadbalancing:SetWebAcl" + ], "resource_type": "apigateway" }, { @@ -249497,7 +279401,8 @@ }, { "condition_keys": [ - "aws:ResourceTag/${TagKey}" + "aws:ResourceTag/${TagKey}", + "wafv2:LogScope" ], "dependent_actions": [], "resource_type": "" @@ -249633,6 +279538,16 @@ "description": "Grants permission to retrieve the WebACL that's associated with a resource", "privilege": "GetWebACLForResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "apprunner:DescribeWebAclForService", + "cognito-idp:GetWebACLForResource", + "ec2:GetVerifiedAccessInstanceWebAcl", + "wafv2:GetWebACL" + ], + "resource_type": "webacl*" + }, { "condition_keys": [], "dependent_actions": [], @@ -249719,7 +279634,9 @@ "privilege": "ListLoggingConfigurations", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "wafv2:LogScope" + ], "dependent_actions": [], "resource_type": "" } @@ -249768,8 +279685,27 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "apprunner:ListAssociatedServicesForWebAcl", + "cognito-idp:ListResourcesForWebACL", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations" + ], "resource_type": "webacl*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "apprunner" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "userpool" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "verified-access-instance" } ] }, @@ -249854,6 +279790,14 @@ "iam:CreateServiceLinkedRole" ], "resource_type": "webacl*" + }, + { + "condition_keys": [ + "wafv2:LogScope", + "wafv2:LogDestinationResource" + ], + "dependent_actions": [], + "resource_type": "" } ] }, @@ -250178,6 +280122,11 @@ "condition": "aws:TagKeys", "description": "Filters access by tag keys in the request", "type": "ArrayOfString" + }, + { + "condition": "wellarchitected:JiraProjectKey", + "description": "Filters access by project key", + "type": "String" } ], "prefix": "wellarchitected", @@ -250208,7 +280157,19 @@ }, { "access_level": "Write", - "description": "Grants permission to an owner of a lens to share with other AWS accounts and IAM Users", + "description": "Grants permission to configure the integration", + "privilege": "ConfigureIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to an owner of a lens to share with other AWS accounts and IAM users", "privilege": "CreateLensShare", "resource_types": [ { @@ -250259,7 +280220,7 @@ }, { "access_level": "Write", - "description": "Grants permission to an owner of a profile to share with other AWS accounts and IAM Users", + "description": "Grants permission to an owner of a profile to share with other AWS accounts and IAM users", "privilege": "CreateProfileShare", "resource_types": [ { @@ -250269,6 +280230,33 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create a new review template", + "privilege": "CreateReviewTemplate", + "resource_types": [ + { + "condition_keys": [ + "aws:RequestTag/${TagKey}", + "aws:TagKeys" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to an owner of a review template to share with other AWS accounts and IAM users", + "privilege": "CreateTemplateShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a new workload", @@ -250277,7 +280265,8 @@ { "condition_keys": [ "aws:RequestTag/${TagKey}", - "aws:TagKeys" + "aws:TagKeys", + "wellarchitected:JiraProjectKey" ], "dependent_actions": [], "resource_type": "" @@ -250344,6 +280333,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing review template", + "privilege": "DeleteReviewTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to delete an existing review template share", + "privilege": "DeleteTemplateShare", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete an existing workload", @@ -250428,6 +280441,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to get all settings for the account", + "privilege": "GetGlobalSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to get an existing lens", @@ -250526,6 +280551,49 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the specified review template", + "privilege": "GetReviewTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the specified answer from the specified review template lens review", + "privilege": "GetReviewTemplateAnswer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve the specified lens review of the specified review template", + "privilege": "GetReviewTemplateLensReview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve the specified workload", @@ -250704,6 +280772,30 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the answers from the specified review template lens review", + "privilege": "ListReviewTemplateAnswers", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to list the review templates available to this account", + "privilege": "ListReviewTemplates", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the workload share invitations of the specified account or user", @@ -250731,6 +280823,11 @@ "dependent_actions": [], "resource_type": "profile" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template" + }, { "condition_keys": [], "dependent_actions": [], @@ -250745,6 +280842,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list all shares created for a review template", + "privilege": "ListTemplateShares", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the workload shares of the specified workload", @@ -250784,6 +280893,11 @@ "dependent_actions": [], "resource_type": "profile" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template" + }, { "condition_keys": [], "dependent_actions": [], @@ -250814,6 +280928,11 @@ "dependent_actions": [], "resource_type": "profile" }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template" + }, { "condition_keys": [], "dependent_actions": [], @@ -250842,16 +280961,30 @@ }, { "access_level": "Write", - "description": "Grants permission to update settings to enable aws-organization support", + "description": "Grants permission to manage all settings for the account", "privilege": "UpdateGlobalSettings", "resource_types": [ { - "condition_keys": [], + "condition_keys": [ + "wellarchitected:JiraProjectKey" + ], "dependent_actions": [], "resource_type": "" } ] }, + { + "access_level": "Write", + "description": "Grants permission to update properties of the integration", + "privilege": "UpdateIntegration", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workload*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update properties of the specified lens review", @@ -250876,6 +281009,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update properties of the specified review template", + "privilege": "UpdateReviewTemplate", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update properties of the specified review template answer", + "privilege": "UpdateReviewTemplateAnswer", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update properties of the specified review template lens review", + "privilege": "UpdateReviewTemplateLensReview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update status of the specified workload share invitation", @@ -250897,12 +281066,19 @@ "condition_keys": [], "dependent_actions": [], "resource_type": "workload*" + }, + { + "condition_keys": [ + "wellarchitected:JiraProjectKey" + ], + "dependent_actions": [], + "resource_type": "" } ] }, { "access_level": "Write", - "description": "Grants permission to update properties of the specified workload", + "description": "Grants permission to update properties of the specified workload share", "privilege": "UpdateWorkloadShare", "resource_types": [ { @@ -250940,6 +281116,18 @@ "resource_type": "workload*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to upgrade the specified lens review of the specified review template", + "privilege": "UpgradeReviewTemplateLensReview", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "review-template*" + } + ] } ], "resources": [ @@ -250963,6 +281151,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "profile" + }, + { + "arn": "arn:${Partition}:wellarchitected:${Region}:${Account}:review-template/${ResourceId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "review-template" } ], "service_name": "AWS Well-Architected Tool" @@ -251103,18 +281298,23 @@ "conditions": [ { "condition": "aws:RequestTag/${TagKey}", - "description": "Filters actions based on the tags that are passed in the request", + "description": "Filters access by the tags that are passed in the request", "type": "String" }, { "condition": "aws:ResourceTag/${TagKey}", - "description": "Filters actions based on the tags associated with the resource", + "description": "Filters access by the tags associated with the resource", "type": "String" }, { "condition": "aws:TagKeys", - "description": "Filters actions based on the tag keys that are passed in the request", - "type": "String" + "description": "Filters access by the tag keys that are passed in the request", + "type": "ArrayOfString" + }, + { + "condition": "wisdom:SearchFilter/RoutingProfileArn", + "description": "Filters access by the connect routing profile arn that is passed in the request", + "type": "ARN" } ], "prefix": "wisdom", @@ -251189,6 +281389,26 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create quick response", + "privilege": "CreateQuickResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create a session", @@ -251255,6 +281475,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete a import job of a knowledge base", + "privilege": "DeleteImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete a knowledge base", @@ -251267,6 +281499,23 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete quick response", + "privilege": "DeleteQuickResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "QuickResponse*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about an assistant", @@ -251330,6 +281579,18 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve information about the import job", + "privilege": "GetImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about the knowledge base", @@ -251342,6 +281603,23 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to retrieve content", + "privilege": "GetQuickResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "QuickResponse*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve recommendations for the specified session", @@ -251407,6 +281685,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list information about knowledge bases", + "privilege": "ListImportJobs", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list information about knowledge bases", @@ -251419,6 +281709,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the quick response with a knowledge base", + "privilege": "ListQuickResponses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to list the tags for the specified resource", @@ -251443,6 +281745,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to submit feedback", + "privilege": "PutFeedback", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + } + ] + }, { "access_level": "Read", "description": "Grants permission to perform a manual search against the specified assistant", @@ -251479,6 +281793,27 @@ } ] }, + { + "access_level": "Read", + "description": "Grants permission to search for quick response referencing a specified knowledge base", + "privilege": "SearchQuickResponses", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [ + "wisdom:GetQuickResponse" + ], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [ + "wisdom:SearchFilter/RoutingProfileArn" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to search for sessions referencing a specified assistant. Can be used to et a specific session resource by its name", @@ -251503,15 +281838,66 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to create multiple quick responses", + "privilege": "StartImportJob", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [ + "aws:TagKeys", + "aws:RequestTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Tagging", "description": "Grants permission to add the specified tags to the specified resource", "privilege": "TagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AssistantAssociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Content" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "QuickResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Session" + }, { "condition_keys": [ "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:RequestTag/${TagKey}", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -251523,9 +281909,40 @@ "description": "Grants permission to remove the specified tags from the specified resource", "privilege": "UntagResource", "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "AssistantAssociation" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Content" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "QuickResponse" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Session" + }, { "condition_keys": [ - "aws:TagKeys" + "aws:TagKeys", + "aws:ResourceTag/${TagKey}" ], "dependent_actions": [], "resource_type": "" @@ -251560,6 +281977,40 @@ "resource_type": "KnowledgeBase*" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update information or content of the quick response", + "privilege": "UpdateQuickResponse", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "KnowledgeBase*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "QuickResponse*" + } + ] + }, + { + "access_level": "Write", + "description": "Grants permission to update a session", + "privilege": "UpdateSession", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Assistant*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "Session*" + } + ] } ], "resources": [ @@ -251597,9 +282048,16 @@ "aws:ResourceTag/${TagKey}" ], "resource": "Session" + }, + { + "arn": "arn:${Partition}:wisdom:${Region}:${Account}:quick-response/${KnowledgeBaseId}/${QuickResponseId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "QuickResponse" } ], - "service_name": "Amazon Connect Wisdom" + "service_name": "Amazon Q in Connect" }, { "conditions": [], @@ -251989,6 +282447,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to describe the export history for an instance", + "privilege": "DescribeInstanceExports", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to describe instances", @@ -252241,6 +282711,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to start an export for an instance", + "privilege": "StartInstanceExport", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update the specified attributes of the specified document", @@ -252300,9 +282782,27 @@ "resource_type": "" } ] + }, + { + "access_level": "Write", + "description": "Grants permission to update the administrative settings for a user", + "privilege": "UpdateUserAdministrativeSettings", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + } + ], + "resources": [ + { + "arn": "arn:${Partition}:workdocs:${Region}:${Account}:organization/${ResourceId}", + "condition_keys": [], + "resource": "organization" } ], - "resources": [], "service_name": "Amazon WorkDocs" }, { @@ -252801,8 +283301,8 @@ "privileges": [ { "access_level": "Write", - "description": "Grants permission to add a list of members (users or groups) to a group", - "privilege": "AddMembersToGroup", + "description": "Grants permission to configure vended log delivery for WorkMail audit logs", + "privilege": "AllowVendedLogDeliveryForResource", "resource_types": [ { "condition_keys": [], @@ -252931,18 +283431,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to create a user in the directory", - "privilege": "CreateMailUser", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to create a new mobile device access rule", @@ -253256,21 +283744,21 @@ ] }, { - "access_level": "List", - "description": "Grants permission to show a list of directories available for use in creating an organization", - "privilege": "DescribeDirectories", + "access_level": "Read", + "description": "Grants permission to retrieve the email monitoring configuration for an organization", + "privilege": "DescribeEmailMonitoringConfiguration", "resource_types": [ { "condition_keys": [], "dependent_actions": [], - "resource_type": "" + "resource_type": "organization*" } ] }, { "access_level": "Read", - "description": "Grants permission to retrieve the email monitoring configuration for an organization", - "privilege": "DescribeEmailMonitoringConfiguration", + "description": "Grants permission to read details of an entity", + "privilege": "DescribeEntity", "resource_types": [ { "condition_keys": [], @@ -253315,18 +283803,6 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to show a list of KMS Keys available for use in creating an organization", - "privilege": "DescribeKmsKeys", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "List", "description": "Grants permission to show the details of all mail domains associated with the organization", @@ -253339,30 +283815,6 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to show the details of all groups associated with the organization", - "privilege": "DescribeMailGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, - { - "access_level": "List", - "description": "Grants permission to show the details of all users associated with the organization", - "privilege": "DescribeMailUsers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to retrieve details of a mailbox export job", @@ -253387,18 +283839,6 @@ } ] }, - { - "access_level": "List", - "description": "Grants permission to show a summary of all organizations associated with the account", - "privilege": "DescribeOrganizations", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "" - } - ] - }, { "access_level": "Read", "description": "Grants permission to read the details of an outbound mail flow rule configured for an organization", @@ -253447,30 +283887,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to disable a mail group when it is not being used, in order to allow it to be deleted", - "privilege": "DisableMailGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to disable a user mailbox when it is no longer being used, in order to allow it to be deleted", - "privilege": "DisableMailUsers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to remove a member from the resource's set of delegates", @@ -253507,30 +283923,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to enable a mail group after it has been created to allow it to receive mail", - "privilege": "EnableMailGroups", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to enable a user's mailbox after it has been created to allow it to receive mail", - "privilege": "EnableMailUsers", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to get the effects of access control rules as they apply to a specified IPv4 address, access protocol action, or user ID", @@ -253615,30 +284007,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to get the details of the mail group", - "privilege": "GetMailGroupDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, - { - "access_level": "Read", - "description": "Grants permission to get the details of the user's mailbox and account", - "privilege": "GetMailUserDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to read the details of the user's mailbox", @@ -253771,6 +284139,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to list the groups to which an entity belongs", + "privilege": "ListGroupsForEntity", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the impersonation roles for the given Amazon WorkMail organization", @@ -253831,18 +284211,6 @@ } ] }, - { - "access_level": "Read", - "description": "Grants permission to get a list of all the members in a mail group", - "privilege": "ListMembersInMailGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to list the mobile device access overrides", @@ -254055,18 +284423,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to remove members from a mail group", - "privilege": "RemoveMembersFromGroup", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to allow the administrator to reset the password for a user", @@ -254079,18 +284435,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to reset the password for a user's account", - "privilege": "ResetUserPassword", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Read", "description": "Grants permission to perform a prefix search to find a specific user in a mail group", @@ -254103,18 +284447,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to mark a user as being an administrator", - "privilege": "SetAdmin", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to set the default mail domain for the organization", @@ -254139,30 +284471,6 @@ } ] }, - { - "access_level": "Write", - "description": "Grants permission to set the details of the mail group which has just been created", - "privilege": "SetMailGroupDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, - { - "access_level": "Write", - "description": "Grants permission to set the details for the user account which has just been created", - "privilege": "SetMailUserDetails", - "resource_types": [ - { - "condition_keys": [], - "dependent_actions": [], - "resource_type": "organization*" - } - ] - }, { "access_level": "Write", "description": "Grants permission to set the details of a mobile policy associated with the organization", @@ -254255,8 +284563,7 @@ }, { "condition_keys": [ - "aws:TagKeys", - "aws:RequestTag/${TagKey}" + "aws:TagKeys" ], "dependent_actions": [], "resource_type": "" @@ -254287,6 +284594,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update details of a group", + "privilege": "UpdateGroup", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to update an existing impersonation role for the given Amazon WorkMail organization", @@ -254383,6 +284702,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to update details of a user", + "privilege": "UpdateUser", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "organization*" + } + ] + }, { "access_level": "Write", "description": "Grants permission to remotely wipe the mobile device associated with a user's account", @@ -254470,6 +284801,18 @@ ], "prefix": "workspaces", "privileges": [ + { + "access_level": "Write", + "description": "Grants permission to accept invitations from other AWS accounts to share the same configuration for WorkSpaces BYOL", + "privilege": "AcceptAccountLinkInvitation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to associate connection aliases with directories", @@ -254504,6 +284847,30 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to associate a workspace application with a WorkSpace", + "privilege": "AssociateWorkspaceApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceapplication*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceid*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to add rules to IP access control groups", @@ -254511,7 +284878,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "workspaces:UpdateRulesOfIpGroup" + ], "resource_type": "workspaceipgroup*" } ] @@ -254538,6 +284907,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to invite other AWS accounts to share the same configuration for WorkSpaces BYOL", + "privilege": "CreateAccountLinkInvitation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to create an Amazon Connect client add-in within a directory", @@ -254717,6 +285098,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to delete invitations to other AWS accounts to share the same configuration for WorkSpaces BYOL", + "privilege": "DeleteAccountLinkInvitation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to delete AWS WorkSpaces Client branding data within a directory", @@ -254804,6 +285197,25 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to deploy all pending workspace applications on a WorkSpace", + "privilege": "DeployWorkspaceApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceid*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to deregister directories from use with Amazon WorkSpaces", @@ -254840,6 +285252,56 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about resources associated with a WorkSpace application", + "privilege": "DescribeApplicationAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceapplication*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to obtain information about WorkSpace applications", + "privilege": "DescribeApplications", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about resources associated with a WorkSpace bundle", + "privilege": "DescribeBundleAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspacebundle*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve AWS WorkSpaces Client branding data within a directory", @@ -254900,6 +285362,25 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about resources associated with a WorkSpace image", + "privilege": "DescribeImageAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceimage*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Read", "description": "Grants permission to retrieve information about IP access control groups", @@ -254924,6 +285405,25 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve information about resources associated with a WorkSpace", + "privilege": "DescribeWorkspaceAssociations", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceid*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to obtain information about WorkSpace bundles", @@ -255037,6 +285537,42 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to disassociate a workspace application from a WorkSpace", + "privilege": "DisassociateWorkspaceApplication", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceapplication*" + }, + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "workspaceid*" + }, + { + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "dependent_actions": [], + "resource_type": "" + } + ] + }, + { + "access_level": "Read", + "description": "Grants permission to retrieve a link with another AWS Account for sharing configuration for WorkSpaces BYOL", + "privilege": "GetAccountLink", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to import AWS WorkSpaces Client branding data within a directory", @@ -255064,6 +285600,18 @@ } ] }, + { + "access_level": "List", + "description": "Grants permission to retrieve links with the AWS Account(s) that share your configuration for WorkSpaces BYOL", + "privilege": "ListAccountLinks", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "List", "description": "Grants permission to list the available CIDR ranges for enabling Bring Your Own License (BYOL) for WorkSpaces accounts", @@ -255245,6 +285793,18 @@ } ] }, + { + "access_level": "Write", + "description": "Grants permission to reject invitations from other AWS accounts to share the same configuration for WorkSpaces BYOL", + "privilege": "RejectAccountLinkInvitation", + "resource_types": [ + { + "condition_keys": [], + "dependent_actions": [], + "resource_type": "" + } + ] + }, { "access_level": "Write", "description": "Grants permission to restore WorkSpaces", @@ -255264,7 +285824,9 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "workspaces:UpdateRulesOfIpGroup" + ], "resource_type": "workspaceipgroup*" } ] @@ -255355,7 +285917,10 @@ "resource_types": [ { "condition_keys": [], - "dependent_actions": [], + "dependent_actions": [ + "workspaces:AuthorizeIpRules", + "workspaces:RevokeIpRules" + ], "resource_type": "workspaceipgroup*" } ] @@ -255432,6 +285997,13 @@ "aws:ResourceTag/${TagKey}" ], "resource": "connectionalias" + }, + { + "arn": "arn:${Partition}:workspaces:${Region}:${Account}:workspaceapplication/${WorkSpaceApplicationId}", + "condition_keys": [ + "aws:ResourceTag/${TagKey}" + ], + "resource": "workspaceapplication" } ], "service_name": "Amazon WorkSpaces" diff --git a/parliament/misc.py b/parliamentarian/misc.py similarity index 100% rename from parliament/misc.py rename to parliamentarian/misc.py diff --git a/parliament/policy.py b/parliamentarian/policy.py similarity index 99% rename from parliament/policy.py rename to parliamentarian/policy.py index 49973af..dd63298 100644 --- a/parliament/policy.py +++ b/parliamentarian/policy.py @@ -341,7 +341,7 @@ def analyze( for importer, name, _ in pkgutil.iter_modules( [community_auditors_directory_path] ): - full_package_name = "parliament.%s.%s" % ( + full_package_name = "parliamentarian.%s.%s" % ( community_auditors_directory, name, ) diff --git a/parliament/statement.py b/parliamentarian/statement.py similarity index 100% rename from parliament/statement.py rename to parliamentarian/statement.py diff --git a/requirements.txt b/requirements.txt index 07bc0eb..f97958f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ attrs==22.1.0 beautifulsoup4==4.11.1 boto3==1.24.66 botocore==1.27.66 -certifi==2022.6.15 +certifi==2023.7.22 chardet==5.0.0 charset-normalizer==2.1.1 coverage==6.4.4 @@ -14,15 +14,14 @@ json-cfg==0.4.2 kwonly-args==1.0.10 packaging==21.3 pluggy==1.0.0 -py==1.11.0 pyparsing==3.0.9 pytest==7.1.3 pytest-cov==3.0.0 python-dateutil==2.8.2 -PyYAML==6.0 -requests==2.28.1 +PyYAML==6.0.1 +requests==2.31.0 s3transfer==0.6.0 six==1.16.0 soupsieve==2.3.2.post1 tomli==2.0.1 -urllib3==1.26.12 +urllib3==1.26.18 diff --git a/setup.py b/setup.py index 3405060..a481bdf 100644 --- a/setup.py +++ b/setup.py @@ -11,7 +11,7 @@ def get_version(): - init = open(os.path.join(HERE, "parliament", "__init__.py")).read() + init = open(os.path.join(HERE, "parliamentarian", "__init__.py")).read() return VERSION_RE.search(init).group(1) @@ -22,15 +22,15 @@ def get_description(): setup( - name="parliament", + name="parliamentarian", version=get_version(), - author="Duo Security", - author_email="scott@summitroute.com", - description=("parliament audits your AWS IAM policies"), + author="Climate LLC", + author_email="cloudeng@climate.com", + description=("parliamentarian audits your AWS IAM policies"), long_description=get_description(), long_description_content_type="text/markdown", - url="https://github.com/duo-labs/parliament", - entry_points={"console_scripts": "parliament=parliament.cli:main"}, + url="https://github.com/TheClimateCorporation/parliamentarian", + entry_points={"console_scripts": "parliamentarian=parliamentarian.cli:main"}, test_suite="tests/unit", tests_require=TESTS_REQUIRE, extras_require={"dev": TESTS_REQUIRE + ["autoflake", "autopep8", "pylint"]}, @@ -38,12 +38,12 @@ def get_description(): setup_requires=["nose"], packages=find_packages(exclude=["tests*"]), package_data={ - "parliament": ["iam_definition.json", "config.yaml"], - "parliament.community_auditors": ["config_override.yaml"], + "parliamentarian": ["iam_definition.json", "config.yaml"], + "parliamentarian.community_auditors": ["config_override.yaml"], }, zip_safe=True, license="BSD 3", - keywords="aws parliament iam lint audit", + keywords="aws parliamentarian iam lint audit", python_requires=">=3.6", classifiers=[ "License :: OSI Approved :: BSD License", @@ -51,6 +51,9 @@ def get_description(): "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3 :: Only", "Development Status :: 5 - Production/Stable", ], diff --git a/tests/scripts/unit_tests.sh b/tests/scripts/unit_tests.sh index 75eea5c..5a987f4 100755 --- a/tests/scripts/unit_tests.sh +++ b/tests/scripts/unit_tests.sh @@ -4,13 +4,13 @@ if [ -f .coverage ]; then fi export PRIVATE_TESTS="" -if [ -d parliament/private_auditors/tests/ ]; then - export PRIVATE_TESTS="parliament/private_auditors/tests/" +if [ -d parliamentarian/private_auditors/tests/ ]; then + export PRIVATE_TESTS="parliamentarian/private_auditors/tests/" fi export COMMUNITY_TESTS -if [ -d parliament/community_auditors/tests/ ]; then - export COMMUNITY_TESTS="parliament/community_auditors/tests/" +if [ -d parliamentarian/community_auditors/tests/ ]; then + export COMMUNITY_TESTS="parliamentarian/community_auditors/tests/" fi pytest tests/unit --cov-report html --cov --cov-config=.coveragerc diff --git a/tests/unit/test_action_expansion.py b/tests/unit/test_action_expansion.py index 8ee13c4..3ff9dca 100644 --- a/tests/unit/test_action_expansion.py +++ b/tests/unit/test_action_expansion.py @@ -1,7 +1,7 @@ -import parliament +import parliamentarian -from parliament import UnknownPrefixException, UnknownActionException -from parliament.statement import expand_action +from parliamentarian import UnknownPrefixException, UnknownActionException +from parliamentarian.statement import expand_action class TestActionExpansion: diff --git a/tests/unit/test_authorization_file.py b/tests/unit/test_authorization_file.py index 149fb38..d841883 100644 --- a/tests/unit/test_authorization_file.py +++ b/tests/unit/test_authorization_file.py @@ -1,6 +1,6 @@ import jsoncfg import json -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestAuthDetailsFile: diff --git a/tests/unit/test_community_auditors.py b/tests/unit/test_community_auditors.py index 3f081ea..aa91a3d 100644 --- a/tests/unit/test_community_auditors.py +++ b/tests/unit/test_community_auditors.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestCommunityAuditors: diff --git a/tests/unit/test_formatting.py b/tests/unit/test_formatting.py index 7f508ba..684801b 100644 --- a/tests/unit/test_formatting.py +++ b/tests/unit/test_formatting.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestFormatting: diff --git a/tests/unit/test_get_resources_for_privilege.py b/tests/unit/test_get_resources_for_privilege.py index 543b118..c63f843 100644 --- a/tests/unit/test_get_resources_for_privilege.py +++ b/tests/unit/test_get_resources_for_privilege.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestGetResourcesForPrivilege: @@ -18,17 +18,11 @@ def test_policy_simple(self): }""" ) - assert ( - set(policy.statements[0].get_resources_for_privilege("s3", "GetObject")) - == set(["arn:aws:s3:::examplebucket/*"]), - "s3:GetObject matches the object resource", - ) + assert set(policy.statements[0].get_resources_for_privilege("s3", "GetObject")) == { + "arn:aws:s3:::examplebucket/*"}, "s3:GetObject matches the object resource" - assert ( - set(policy.statements[0].get_resources_for_privilege("s3", "PutObject")) - == set([]), - "s3:PutObject not in policy", - ) + assert set(policy.statements[0].get_resources_for_privilege("s3", "PutObject")) == set( + []), "s3:PutObject not in policy" def test_policy_multiple_resources(self): policy = analyze_policy_string( @@ -44,22 +38,14 @@ def test_policy_multiple_resources(self): }""" ) - assert ( - set(policy.statements[0].get_resources_for_privilege("s3", "GetObject")) - == set(["arn:aws:s3:::examplebucket/*"]), - "s3:GetObject matches the object resource", - ) + assert set(policy.statements[0].get_resources_for_privilege("s3", "GetObject")) == {"arn:aws:s3:::examplebucket/*"}, "s3:GetObject matches the object resource" - # s3:PutBucketPolicy will match on both because a bucket resource type is defined as: - # "arn:*:s3:::*" so it doesn't care whether or not there is a slash - # assert_equal(set(policy.statements[0].get_resources_for_privilege("s3", "PutBucketPolicy")), set(["arn:aws:s3:::examplebucket"]), "s3:PutBucketPolicy matches the bucket resource") - - assert ( - set( + # s3:PutBucketPolicy will match on both because a bucket resource type is defined as: "arn:*:s3:::*" so it + # doesn't care whether there is a slash assert_equal(set(policy.statements[ + # 0].get_resources_for_privilege("s3", "PutBucketPolicy")), set(["arn:aws:s3:::examplebucket"]), + # "s3:PutBucketPolicy matches the bucket resource") + assert set( policy.statements[0].get_resources_for_privilege( "s3", "ListAllMyBuckets" ) - ) - == set([]), - "s3:ListAllMyBuckets matches none of the resources", - ) + ) == set([]), "s3:ListAllMyBuckets matches none of the resources" diff --git a/tests/unit/test_patterns.py b/tests/unit/test_patterns.py index 83f65da..ec65498 100644 --- a/tests/unit/test_patterns.py +++ b/tests/unit/test_patterns.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestPatterns: diff --git a/tests/unit/test_principals.py b/tests/unit/test_principals.py index c897f67..79b16a2 100644 --- a/tests/unit/test_principals.py +++ b/tests/unit/test_principals.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestPrincipals: diff --git a/tests/unit/test_privilege_data.py b/tests/unit/test_privilege_data.py index d1cfaab..68a6509 100644 --- a/tests/unit/test_privilege_data.py +++ b/tests/unit/test_privilege_data.py @@ -1,4 +1,4 @@ -import parliament +import parliamentarian class TestPrivilegData: @@ -6,13 +6,13 @@ class TestPrivilegData: def test_minimum_number_of_services(self): assert ( - len(parliament.iam_definition) > 220 + len(parliamentarian.iam_definition) > 220 ), "There should be over 220 services in the definition file" def test_contains_all_elements(self): # Find the ec2 service ec2_service = None - for service in parliament.iam_definition: + for service in parliamentarian.iam_definition: if service["prefix"] == "ec2": ec2_service = service break diff --git a/tests/unit/test_resource_formatting.py b/tests/unit/test_resource_formatting.py index 8a4a6f0..b728b7f 100644 --- a/tests/unit/test_resource_formatting.py +++ b/tests/unit/test_resource_formatting.py @@ -1,10 +1,10 @@ -from parliament import ( +from parliamentarian import ( analyze_policy_string, is_arn_match, is_arn_strictly_valid, is_glob_match, ) -from parliament.statement import is_valid_region, is_valid_account_id +from parliamentarian.statement import is_valid_region, is_valid_account_id class TestResourceFormatting: diff --git a/tests/unit/test_resources.py b/tests/unit/test_resources.py index 09d1334..c224435 100644 --- a/tests/unit/test_resources.py +++ b/tests/unit/test_resources.py @@ -1,4 +1,4 @@ -from parliament import analyze_policy_string +from parliamentarian import analyze_policy_string class TestResources: diff --git a/utils/update_iam_data.py b/utils/update_iam_data.py old mode 100644 new mode 100755